Over 1 million tech questions and answers.

MSIE Browser creates another unwanted browser

Q: MSIE Browser creates another unwanted browser

Problem: the browser creates unwanted new browsers to unwanted topics.
I believe I followed the directions for the tutorial correctly but may not have done them perfectly, please advise if I need to rerun any parts of it.
Please rename this topic title as it is probably too vague.
I appreciate your help in advance and will be paying attention to replies so I can answer any questions and expedite fixing the issues. You have my gratitude. Gardener1111

DDS.txt
DDS (Ver_09-11-29.01) - NTFSx86
Run by User at 17:31:56.75 on Sat 11/28/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.97 [GMT -6:00]

AV: AntiMalware *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! antivirus 4.8.1356 [VPS 091128-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [AntiVirus Plus] "c:\windows\system32\rundll32.exe" "c:\documents and settings\user\application data\antivirus plus\AntiVirus Plus.70367.dll", start 70367
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\micros~2\office\1033\phdintl.dll/phdContext.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: aaqycfec - aaqycfec.dll
AppInit_DLLs: yozipuru.dll c:\windows\system32\zugezevu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: ritufanob - {a08c9441-a0fe-47b3-9e53-1f362035e1b1} - No File
STS: {a08c9441-a0fe-47b3-9e53-1f362035e1b1} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli kupinije.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-28 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-17 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-11 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-11 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-17 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-17 138680]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-13 54752]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-6-26 204800]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-6-12 1251720]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-17 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-17 352920]
R3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [2009-5-17 114944]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-11 7408]
R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2009-5-17 11520]
S2 gupdate1c9a56c459c3b4c;Google Update Service (gupdate1c9a56c459c3b4c);c:\program files\google\update\GoogleUpdate.exe [2009-3-15 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2009-11-28 18:38:53 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-28 14:32:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-28 14:31:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-28 14:29:17 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-28 14:25:43 0 d-----w- c:\program files\CCleaner
2009-11-20 01:12:02 0 d-----w- c:\program files\Trend Micro
2009-11-17 01:26:04 434 ----a-w- C:\2.js
2009-11-16 23:34:41 0 ----a-w- c:\program files\settings.dat
2009-11-16 14:56:06 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-11-16 13:08:16 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2009-11-16 12:29:08 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-16 12:28:50 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-16 12:28:50 0 d-----w- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-11-16 12:28:14 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-16 12:24:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-16 12:24:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-16 12:23:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-16 12:23:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-11 12:38:31 0 d-----w- c:\program files\Symantec
2009-11-11 12:04:34 0 d-----w- c:\program files\AntiMalware
2009-11-11 12:02:45 2198 ----a-w- C:\XSdvYLH.bat
2009-11-11 12:02:35 0 d-----w- C:\SafetyCenter
2009-11-11 12:00:25 2719 ----a-w- C:\xcrashdump.dat
2009-11-11 11:51:43 826 ----a-w- c:\windows\system32\wininit.dll
2009-11-11 11:48:19 0 --sha-w- C:\208871543

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-07-30 21:45:38 470528 ----a-w- c:\program files\RootRepeal.exe
2008-12-23 03:00:00 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122220081223\index.dat

============= FINISH: 17:34:27.00 ===============

RELEVANCY SCORE 200
Preferred Solution: MSIE Browser creates another unwanted browser

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: MSIE Browser creates another unwanted browser

Hi,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedThen please post back here with the following logs: OTListIt.txt Extra.txtThanks

Read other 2 answers
RELEVANCY SCORE 76.8

EVERY TIME my browser [MSIE] is opened, I have to double click the title bar to make it go full screen. No, it is in full screen already due to the settings, just OFF CENTER.
By that I mean, has dropped down from the top approx. 1/4 inch.
Does anybody have a clue as to the cause?
 

A:Browser [MSIE] off center

Read other 6 answers
RELEVANCY SCORE 76

Hi,

I've picked up a browser hijacker that affects MSIE. I'm running Vista Home Premium 64-bit with IE 7 (7.0.6001). Whenever I attempt to go to a search site (google, yahoo, etc.) or use one of the search toolbars, my browser displays a redirect through "http://www.gsgfdh.com" or "http://www.gsgfdh.net" in the status bar, and I end up on another site completely. One of the sites (http://hanawascanner010.com) fed me bogus antivirus info (said my computer was infected with three viruses) and provided a "Fix these problems" button. Bottom line is that I've got an infection (or more).

I've downloaded the DDS (hijackthis -like) tool and have attached the dds.txt and attach.txt logs. I was not able to run the RootRepeal program, as it does not work on Vista 64. I Hope these help!

Any help you can provide is greatly appreciated.

--Joe

A:MSIE Browser Hijack GSGFDH.COM

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 5 answers
RELEVANCY SCORE 67.6

Hello and good evening!
Ok well the other day I was on a site and was directed to download a "DivX webplayer" which I have had before so I dl'ed it and this started happening.
At first it was redirecting me to ads, changing pages I was already on to an ad screen. I started noticing that it was highlighting plain words which redirected to a website "seekarium.com" on Firefox browser. I uninstalled firefox b/c I started running chrome and noticed on chrome that the words highlighting to that link was not happening however the redirects still came and I also started noticing that google search links were redirecting me to ads as well. At one point I got hit with the "Internet Security 2010" bogus spyware remover/system crippler virus. I killed this one once I discovered the "r.kill" program b/f doing a malware bytes sweep in safe mode. However the redirects and google search links were still there. I have ran many different spyware programs such as , malware bytes, ad-aware, SUPERAntispyware, AVG antivirus and Spybot S&d. Trojans kept getting dropped and deleted on the system. I downloaded Hijack this ( how I find out about ur very nice site btw) and went to work and actually deleted a few things from the hijack this log b/f I realized I should have started here first. I tested the google links and even though it takes longer it still redirects me, however I havn't gotten a random redirect in some time. I am currently in safe... Read more

A:Browser Redirects on google searches, creates links in common words, Trojan dropper.

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 5 answers
RELEVANCY SCORE 65.2

HELP I am desperate, every time I click on Google I/e or Firefox I get the msn page up I think it as something to do with Bling. and I cant 'get rid of it. I have Revo and C Cleaner on and I have checked these there is know sign of msn or bling. I have also checked programmes & features in control panel nothing for msn or bling how do I get shut of it.

A:unwanted browser

I think that you are talking about Microsoft's BING - not BLING.

Reset IE: Internet Explorer - Reset

Reset Chrome: Chrome Browser - Reset to Default

Reset Firefox: Firefox - Reset to Default

Are you sensing a pattern here :-)

Read other 9 answers
RELEVANCY SCORE 64.8

I noticed in the past few weeks that my browser gets redirected a few times a day when I enter a url or click on a link. It's usually some bogus "anti-spyware" site. I was recently infected by some virus that looked on the surface to be an anti-spyware program. I think I got rid of it all, but I am still having problems with IE getting redirected. I just ran Malwarebytes anti-malware and all showed up clean. I also use AVG and that didnt show anything. Here is my HJ this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:18 PM, on 8/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C... Read more

A:Browser HiJacker, redirecting my browser, in some cases closing shutting down browser

I ran Spybot S&D, it found 122 items, but my browser still seems slow. Here is a new HJ This log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:47 PM, on 8/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program ... Read more

Read other 3 answers
RELEVANCY SCORE 64.4

I am getting popups after I close my browser, IE. I ran SpyBot S&D and fixed a few things. Then I downloaded and ran Hijack This. Is there anything in the output below that's causing my problem? Thanks in advance!

Logfile of HijackThis v1.97.7
Scan saved at 2:23:18 PM, on 3/14/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\CYB2K.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SAIMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\ERASER\ERASER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MM32V.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDO... Read more

A:Unwanted pop-ups after browser close

Read other 6 answers
RELEVANCY SCORE 64.4

This is something new for me. New Interner Explorer windows open up to some website or other. It is much like popup windows except these are full browser windows. I google for *realtors* and I get the hits in that window but a new window opens to *a certain realty*. I click on name search at a law site and that works correctly but another new window opens to a different law site. And sometimes the additional windows open up with unrelated websites. After surfing a while I have so many windows open. It is annoying.

What's going on? I've done Spybot S&D, Adaware, Spyblaster.

Help!!!!!!!

sybil

A:Unwanted browser windows

Hi sybil

Please Download hijackthis from

http://tomcoyote.org/hjt

Unzip, doubleclick HijackThis.exe, and hit "Scan".

After the scan has finished the "scan" button will turn into a "save log" button

save the log file and paste it here

Do not delete anything yet, as most things hijackthis finds are harmless and needed.

steam

Read other 7 answers
RELEVANCY SCORE 64.4

I have a menu that keeps appearing in my IE browser and I can't get rid of it. I have tried Spybot Search & Destroy and Ad-aware. The unwanted menu will also change my homepage to some search page.

There is a file called sex_collection.exe that I cannot delete even if I start-up in safemode. I'm not sure if it is related to all the browser trouble.

The following is my log form hijackthis. Please help.

Logfile of HijackThis v1.98.2
Scan saved at 8:36:01 AM, on 9/14/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\PSSVC.EXE
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\DIRECT~1\DUService.exe
C:\DMI\bin\dmisrv.exe
C:\DMI\bin\delldmi.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\PGPsdkServ.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\DMI\bin\win32sl.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe
C:\DMI\bin\nic.exe
C:\DMI\bin\coo.exe
C:\DMI\bin\dnar.exe
C:\DMI\bin\nodemngr.exe
C:\WINNT\Explorer.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\System32\NILaunch.exe
C:\WINNT\load... Read more

A:Unwanted menu in browser

Read other 7 answers
RELEVANCY SCORE 64.4

When I go to rushlimbaugh.com using IE, sometimes one of the stories redirects me to a site I know is unsafe, asking me to update my flash player.
I have not tried this using Firefox and my flash player is up to date.

A:Unwanted Browser Redirection

Hello and welcome to Bleeping Computer.Please run the following:Please download the appropriate version of Farbar Recovery Scan Tool (FRST.exe) from here:http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)save it to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Read other 7 answers
RELEVANCY SCORE 64.4

When I am in my browser I get a pop up window in the lower left window with an add flashing and a button that says hide. If i click on it the window will move to the left and barely stick out. Then occasionlly I get a video window in the lower right corner that will automatically start playing no matter what I am doing. I can deletet it but when I go to a new web page it will pop back up. Occasionlly, I get full page advertisements in a new tab that run automatically.
 
Here is my dds log.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.25.2
Run by David Johnson at 8:09:46 on 2013-09-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.5187 [GMT -4:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C... Read more

A:Unwanted Video Pop Ups on my browser

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/23/2011 2:30:58 AM
System Uptime: 9/24/2013 10:33:14 AM (118 hours ago)
.
Motherboard: MSI |  | Aspen
Processor: AMD Phenom™ 9850 Quad-Core Processor | Socket AM2  | 1300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 250 GiB total, 101.971 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 108 GiB total, 10.886 GiB free.
F: is FIXED (NTFS) - 107 GiB total, 34.367 GiB free.
G: is FIXED (NTFS) - 0 GiB total, 0.048 GiB free.
H: is FIXED (NTFS) - 233 GiB total, 142.856 GiB free.
I: is Removable
K: is FIXED (NTFS) - 466 GiB total, 33.82 GiB free.
L: is Removable
M: is Removable
N: is Removable
O: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 12/3/2011 1:01:49 PM - Windows Update
RP2: 12/3/2011 1:24:33 PM - Windows Update
RP3: 12/6/2011 8:54:45 AM - Windows Update
RP4: 12/6/2011 8:58:53 AM - Windows Update
RP5: 12/22/2011 10:15:10 AM - Windows Update
RP6: 12/22/2011 10:21:10 AM - Windows Update
RP7: 7/30/2013 12:26:55 PM - Windows Update
RP8: 8/11/2013 10:07:40 AM - Windows Update
RP9: 9/3/2013 9:27:27 AM - Windows Update
RP414: 9/8/2013 7:00:32 PM - Windows Backup
RP415: 9/10/2013 5:43:40 PM - Quitado VAFPlayer
RP416: 9/15/2013 7:00:29 PM - Windows Backup
RP417: 9/22/2013 7:00:32 PM - Windows Backup
RP418: 9/23/2013 7:18:08 AM - Removed Bonjour
RP419: 9/23/2013 7:32:54 AM - Remove... Read more

Read other 13 answers
RELEVANCY SCORE 64.4

After running Adwcleaner and Malwarebyte I'm still getting popups that tell me I have an infected computer and need to call 855-781-4769.  Also I'm running Symantec Endpoint Protection which warns me that I SupOptStats.dll.vir is infecting my system. The most recent time my browser was hijacked it went to danjur.com and soon I lost my internet connection.  After resetting my winsock I got the internet back, but I still get the popup warnings.  I just ran FRST and the files are attached.  Any help or suggestions would be appreciated.
Thank you in advance,
Tom

A:Unwanted Pop Ups and Browser Redirected

Hi Tom,Welcome to the BleepingComputer Support Forums! I am BlackBird and I'll be helping you during the malware removal process.An important WARNING to all individuals reading this topic:All advice in this topic was given specifically for this user and this computer!! Performing instructions given by me in this topic on other computers may harm your computer's infrastructure and can cause serious damage to them!!Please don't perform the steps given by me or other Helpers in this topic when you are not the original Topic Starter, but start your own topic with a question for help. You will get help from a trained and qualified Helper to clean up your computer from any present malware when you do so.Registry Cleaner and Boost Programs Warning !!Your logfiles show me that you're using Registry Cleaners and/or system 'boost' utilities. In your case: Advanced WindowsCare Personal, the registry-cleaner within CCleaner and Free Window Registry Repair. At BleepingComputer and several other computer related forums we advise to NOT use those kind of utilities. Please read this post: Why you should not use Registry Cleaners and Optimization Tools.1. Please go to Start > Control Panel.Click "Uninstall a Program".In the Program List that opens, please delete the following items:Google Toolbar for Internet ExplorerIsoBuster ToolbarJava 8 Update 25When done, please close all windows.2. Please download to your Desktop.Please make sure to put fixlist.txt in the same location as where FRST... Read more

Read other 18 answers
RELEVANCY SCORE 64.4

Hello Bleeping Computer-ers, Recently google chrome began redirecting links and typed websites to ad websites (videocop, other search engines, something suspicious called stopzilla) I have done everything I can to get rid of it. I have scanned with Malwarebytes, SuperAntiSpyware, AVG and Avast! in safe mode to no avail. What should I do? Here are my computer specifications:Windows Vista Home PremiumManufacturer: Velocity MicroModel: 64-bit custom PCProcessor: Intel? Core ?2 Quad CUP Q8200 @2.33GHzMemory: 4.00 GBSystem Type: 64-bit Operating systemHere is the hijack this log: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:19:38 PM, on 8/21/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v7.00 (7.00.6002.18005)Boot mode: NormalRunning processes:C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exeC:\Program Files (x86)\AVG\AVG9\avgtray.exeC:\Program Files (x86)\Winamp\winampa.exeC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Ex... Read more

A:Unwanted browser redirects

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 21 answers
RELEVANCY SCORE 64.4

I keep getting advertisements even after running programs: rkill, malwarebytes, adwcleaner, malware junk removal tool, hitmanpro. Here is the FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2016
Ran by lukew (administrator) on DESKTOP-BFMU3EB (29-08-2016 00:00:58)
Running from C:\Users\lukew\Downloads
Loaded Profiles: lukew (Available Profiles: lukew)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft C... Read more

Read other answers
RELEVANCY SCORE 64.4

How do I stop a program -- in this case Cooliris -- from opening every time I launch Mozilla Firefox browser?

A:Unwanted program in browser

Check the Manage Add-ons window. Tools > Options > General Tab, then it's in the lower right-hand corner. Could be under Extensions or Plug-ins.

Read other 3 answers
RELEVANCY SCORE 64.4

I posted this on Sept. 24 and haven't had any replys.
 
http://www.bleepingcomputer.com/forums/t/508834/unwanted-video-and-add-pop-ups-on-internet-browsers/
 
eagle777

A:Unwanted Video Pop Ups on my browser

Replied.

Read other 1 answers
RELEVANCY SCORE 64.4

I downloaded a new version of Super (open source video encoder), hadn't used it in a while, but needed it for a specific task. Well, not sure if I didn't get the official installer (I thought I did), but it had a number of add-on installs it wanted to do, which I thought I declined all the way through. Well, fast forward, now I have new browser windows and tabs opening up in both FF and IE. Not sure if it was actually tied to the install of Super, but the timing suggests yes. Ran McFee scan and Spybot scans, stil have the issue. Otherwise, computer seems to be working OK, so it doesn't seem like a wicked malware problem (I've had those, this feels more minor, but who knows). I'm fully backed up, data is offsite, so ready to try to remove this crap with your help! Also figure it's been a while, who knows what else I've picked up in the past few years.

Here's my log files... Note that GMER quickscan reported no rootkit, so if I understood the directions correctly, I didn't have to run a scan of C and post a log file for that -- if I do need to do that, just say the word. THANKS in advance for your help!
------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:03:13 PM, on 11/27/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Stora... Read more

A:Unwanted Browser Pop-Up and Windows

Read other 3 answers
RELEVANCY SCORE 64.4

Can I get a little help with this problem as well, it's driving me nuts!
Here's my HijackThis -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:09, on 14/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Highresolution Enterprises\X-Mouse... Read more

A:Unwanted browser windows

The Security Forum no longer uses HijackThis as their initial analysis tool.

The security team can help you with this.
Please follow their pre-posting process outlined here:

Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic in the Virus/Trojan/Spyware Help , as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your thread.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Goodluck!

Read other 1 answers
RELEVANCY SCORE 64.4

i've got a similar problem, i followed the directions above but don't seem to have the same lines to be able to check and remove using hjt. here's my log file from hjt:

Logfile of HijackThis v1.97.7
Scan saved at 11:41:41 PM, on 14/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
G:\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPR... Read more

A:Unwanted Search Bar in Browser

mose
Hi, and welcome to the TSG forum

you need to start your own thread - otherwise it gets very confusing - whos fixing waht

so start a new thread in secruity
make sure you post as much info as possible about your problems and the PC

You also have an obsolete version of hjt download version 1.98.2 from one of these sites

http://www.tomcoyote.org/hjt/
http://209.133.47.200/~merijn/downloads.html
http://www.thespykiller.co.uk/
http://aumha.org/downloads/hijackthis.exe
http://www.majorgeeks.com/download3155.html
http://www.thewhities.com/
 

Read other 2 answers
RELEVANCY SCORE 64.4

I am using Google via Firefox on XP home. I have three symptoms:
1. The browser is redirected to unwanted sites whenever I use the search engine.
2. Periodic two to three minute sounds from music to American TV programmes at random intervals even when I come offline, the sound continues.
3. Sites in by bookmark toolbar seem to be unaffected.

I ran A squared and it found twelve(!) trojans. Later ran Kaspersky and that reported another Trojan followed all instructions from both and rescanned. But the browser is still redirected. When searching bleeping computer, I clicked the forum link in the Google list and was not redirected (this could be luck!!).

A:unwanted browser redirection

Hello id1brok and to BleepingComputer!ATF-CLEANER------------------Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.SUPERANTISPYWARE-----------------------------Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer an... Read more

Read other 1 answers
RELEVANCY SCORE 64.4

computer was recently infected with virusremover2008, cogad.exe and w32.spybot.worm. i have removed everything i could find associated with them. now while browsing, either with firefox or IE. periodically a totally separate browser window (full size) opens to random sites, sometimes just a blank site with no content. where do i start?

just found Hacktool.rootkit in C:\WINDOWS\system32\drivers\phqghume.sys

A:Unwanted Browser Windows

Hi, let's get anoyjer look. Run ATF then MBAMPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program wi... Read more

Read other 9 answers
RELEVANCY SCORE 64.4

Hello,
Seems I have the same problem rusty has.
I have followed the same steps that was posted in this topic. I did the ATF Cleaner and then Malwarebytes.exe. I plan to move to the next step in this post if you think it will be ok.

Thanks
Rob

Here is a log:

Malwarebytes' Anti-Malware 1.33
Database version: 1707
Windows 5.1.2600 Service Pack 3

1/29/2009 9:23:43 PM
mbam-log-2009-01-29 (21-23-43).txt

Scan type: Quick Scan
Objects scanned: 55441
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 16
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\efcAPFvU.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kbocndsm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\likdqk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uetnrdyx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\peyuyw.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e6f65e5-07f2-4621-b091-8e750fb563df} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1e6f65e5-07f2-4621-b091-8e750fb563d... Read more

A:Unwanted Browser Windows

Hi. I am splitting this to it 's own topic. Titled Unwanted Browser Windows in this forum. It's always better and the first poster doen't keep getting emails from our posts,First did you rebbot back to normal mode after that MBam scan? If no do that, Now we'll run the SAS:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet... Read more

Read other 11 answers
RELEVANCY SCORE 64.4

Hi,

I have a Win 7 machine that has recently contracted some virus/malware. Microsoft security essentials found several items but even after the removal of those items iexplore.exe starts on it's own and appears in the running process list. Occasionally you will see the IE window appear and be at some random page. Additionally when doing a google search and clicking on the search results you are re-directed elsewhere.

Here is the DDS log :

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by vasm at 16:19:59 on 2011-11-18
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.61.1033.18.3037.1681 [GMT 11:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing&#... Read more

A:Unwanted IE browser re-directs

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

Read other 12 answers
RELEVANCY SCORE 64.4

Firefox and Internet Explorer redirect the browser to a new website when i select a search result. I've tried PCTOOLS, Malwarebytes, and a couple of other solutions but nothing works. any help is appreciated. thanks.

A:Unwanted Browser Redirects

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 63.6

I have been using a High Speed DSL service for the past several years now, but lately for some reason, I keep receiving popups on my desktop even when my browser is closed. I have run Spybot and Adaware already. Would you check this Log for me and see what might be the problem?Thank you so much!StaciLogfile of HijackThis v1.99.1Scan saved at 10:07:39 AM, on 10/27/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Keyboard\Ikeymain.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\Program Files\BellSouth Internet Tools\blsloader.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\Program Files\2Wire HomePortal Monitor\2portalmon.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\Program Files\dvd43\dvd43_tray.exeC:�... Read more

A:Unwanted Popups When Browser Closed

Hello Iam4gsus and welcome to BleepingComputer.There is active Anti-Virus running on this system. It appears that McAfee has been installed, but it is not currently running. An active anti-virus pogram is extremely important in helping to keep your system clean.I need a copy of one of your files. Please go to http://www.bleepingcomputer.com/submit-malware.php and submit the following:C:\windows\mrjj.exeStart HJT and click on the SCAN button. Put a check mark in front of the following lines if they still show:O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exeWith ALL OTHER WINDOWS CLOSED, click on Fix Checked.Open Windows Explorer (Windows key+e), navigate to and delete the following files and folders (Don't be concerned if they can not be found):C:\windows\mrjj.exe <--FileReboot and post a fresh HJT log. How are things running?

Read other 2 answers
RELEVANCY SCORE 63.6

IE 7 browser will open and go to different, random web sites. A file named log.txt is created in the root directory. The following is a sample of what it contains:----------:----------action:VIEWexepara:firstclickreferer:firstclickurl:http://www.spcgame.com/ad/vc.htmkeyword1:/click.here?keyword2:keyword3:taskid:6tasktype:CLICKtrackurl:http://useragent:----------:----------Contents of the DDS.txt log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Ted at 10:40:49.14 on Mon 03/01/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1777 [GMT -5:00]AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exec:\program files\idt\intelxpv_v103\wdm\STacSV.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS&... Read more

A:Unwanted random browser popups

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I would appreciate if you would let me no so I can close this topic.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) Download RootRepeal from the following location and save it to your desktop. Extract the contents of RootRepeal.zip, to your desktop. Double click on your desktop. Click on the report tab, then click scan Check all seven boxes: Click Ok Check the box for your main system drive (Usually C:), and press Ok. Allow RootRepeal to run a scan of your system. This may take some time. Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.Then please post back here with the following: log.txt info.txt RootRepeal.txtThanks

Read other 88 answers
RELEVANCY SCORE 63.6

Posts: 2Joined: Today, 01:07 AMMember No.: 386,610 real pain .. can't seem to locate cause.. I can disable Java scripts to do play and homework but as soon as I enable Java the crappy unauthorized new windo opens with a website.. usually the same one over and over ..Example of what happens- I do NOT need to be at the computer- the browser will open a window every few minutes regardless if I am doing anything or not. As far as I can tell its says for a instant Adserver or Adserving cpx just before clicking itself into the page it shows.a copy of my Hijack this may helpbtw I ran bitdefender/adaware/spybot and avira plus cleaned up the bits and restarted several times plus did a restore as far back as I could go. No help at all with the commercial product. I AM AT MY WITS END.............Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:18:25 AM, on 10/6/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18813)Boot mode: NormalRunning processes:C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exeC:\Program Files (x86)\ASUS\AASP\1.00.77\aaCenter.exeC:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exeD:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files (x86)\Bigfoot Networks\Xeno Suite\XenoTray.exeD:\Program Files (x86)\Piolet\Piolet.exeD:\Program Files (x86)\Piolet\BGChe... Read more

A:AdServer cpx IE8 unwanted browser startup

Please close this ..The offending Malware was adserving.cpxinteractive.com.To block I disabled the SpyBot teatimer and navigated thru notepad to the HOST file.I entered this line in the string ( 127.0.0.1 adserving.cpxinteractive.com ) and saved the entry.I then ran SpyBot again which showed me the nasty file as a windows security registry change. I then deleted it. ( the bleep was moving itself)Result- No browser popups/ad and since it's blocked, I will not get this exact one again ! Yippee.!!!!

Read other 2 answers
RELEVANCY SCORE 63.6

When I bring up my home page I see all this stuff I don't want porn
 

A:removing unwanted items from browser

If you don't have a firewall try this free one http://free.grisoft.com/doc/1
Download it and see what you come up with. If it finds a virus that it cannot repair you may have to post back to the Security Forum about this problem.
Also, check google for free pop up stoppers. They might help.
 

Read other 2 answers
RELEVANCY SCORE 63.6

I am running Firefox 37.0.1 under Windows 7 on a Lenovo E-545. I have run all the Malware removal scanning programs listed on the mozilla support page entitled "Troubleshoot Firefox issues caused by malware". Typically the ads move from left to right across the screen with 4 or 5 visible at a time. Each ad has a price at the top and a vendor logo at the bottom such as Target, Petco, Midway, Office Depot etc. Sometimes there is a little tab at the bottom right of the banner. Once I clicked on it and got a popup entitled "Offers4U - Legal, terms of service". I didn't see anything there about how to unsubscribe. When I ran a search on "Offers4U" I got a bunch of ads but no results.
 
I would be glad to supply screenshots of the banners if that would help.
 
Today when on ebay I noticed some smaller popups down below the banner interfering with looking at the ebay page.
 
This has been going on for about a month and a half.
 
LangS

A:Unwanted ads marching across top of browser window

If there popups/ads try add this to firefox.https://addons.mozilla.org/en-us/firefox/addon/adblock-plus/

Read other 2 answers
RELEVANCY SCORE 63.6

I've got a virus of some kind on my system which neither Norton Antivirus can find nor will Spybot Search and Destroy identify as a problem. It generates unwanted popups, often to adult sites and also changes my browser home page address to res://mshp.dll/index.html#22776

I am running Windows 2000 Professional
Norton Antivirus 7.6

need help how to find and fix.

Thanks
 

A:browser hijacked and unwanted popups

Read other 6 answers
RELEVANCY SCORE 63.6

Ok Folks, I've tried everything. I hope I can describe what's happening accurately enough. Here goes.
When I go to Internet Explorer and my home page (COX) comes up, other, unwanted, pages pop up too. I have set my phishing and popup blockers on max to no avail. I also noticed that when I start up my computer that the Privacy tab in Internet Options is being turned off. I ran virus scan (McAfee) and it doesn't help. I have Vista 32 an it has all available updates. It looks like something has tken over my browser. I called COX internet people but they can't help. So, any help here is much appreciated.TIA

A:Internet Browser, Unwanted Popups

Hello please scan with this tool and post back the log. Be sure to run as administrator.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with... Read more

Read other 4 answers
RELEVANCY SCORE 63.6

The problem:
Unwanted pop-ups that re-direct me to random selling sites from trusted sites that previously never allowed pop-ups.
This happens predominantly with Firefox as that is my main browser (with AdBlock Plus) usually after loading a regular site I use and clicking the first link.
I also use two other browsers Chrome (with AdBlock Plus) and less ocassionally Opera (with no add-ons).
Internet Explorer has remained largely unused though it is now also rendered unusable by some download pop-up that locks into a cyclical event until I kill it via task manager.
 
My System:
I run an Acer Aspire with Windows 7 64-bit OS set to auto-update with the following protection:
Windows Firewall
Microsoft Security Essentials
MalwareBytes Anti-Malware
Spybot Search & Destroy
CCleaner
 
Steps Taken so far:
I regularly run the above programs which recently identified and removed several High/Severe risks (such as Win32/InstallMonster and Win32/Holleycann.A) as well as the plethora of less severe trackers and PUPs that seem to populate Spybot and CCleaner scans daily.
 
Following the advice found on this site, I've also run a complete system backup after uninstalling unused programs and clearing caches/temp folders etc.
 
Even after running these scans and them showing "clear", this annoying and persistent pop-up/redirection occurs without fail after first start of the computer, loading Firefox, a trusted site and clicking the first link (unread forum posts). Despi... Read more

Read other answers
RELEVANCY SCORE 63.6

Both computers on my home network have problems browsing. Selecting a search engine link often opens other unknown search engines instead of the link. If I paste or type an URL to a malware removal or antivirus site (e.g. eset.com) the browser won't connect. DDS logDDS (Ver_10-03-17.01) - NTFSx86 Run by Duncan at 18:42:24.28 on 04/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.502.51 [GMT -6:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exesvchost.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\ltmoh\Ltmoh.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Launch Manager\LaunchAp.exeC:\Program Files\Launch Manager\HotkeyApp.exeC:\Program Files\Launch Manager\OSD.exeC:\Pro... Read more

A:browser opens unwanted pages

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Sa... Read more

Read other 23 answers
RELEVANCY SCORE 63.6

Hello,My Firefox browser became weird yesterday: sometimes, it opens new tabs with random sites without any action; or it directs me to a random page instead of the one I choose from a google search list. The latter tends to happen when I want to visit online virus removal pages. When I stopped Firefox, IE worked well for a couple of hours, but then it produced the same symptoms.I tried AVG, Housecall online scan and Malwerbytes Antimalware, but none of them found anything.I hope that someone knows how to get rid of the intruder. Your help is highly appreciated!I run DDR, the log is pasted below. I failed to use GMER in safe mode. After I had started the program, it was running for ~15 seconds, then a window appeared stating the standard Windows error message: something like "gmer.exe encountered an error, and stopped.... "I also failed to post this request from the infected computer. It said "no internet connection" however I was able to visit other sites,---------------------DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Rendszergazda at 22:19:00,68 on Cs 2010/06/10Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.1014.647 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\sys... Read more

A:unwanted sites pop up randomly in web browser

Please disregard this request, I am going to reinstall the OS!

Read other 2 answers
RELEVANCY SCORE 63.6

Hi All,Recently I had a virus attack and came to this forum for help, which I got, thankfully. However since recovery of my computer a couple of strange things keep happening.I have three browsers on my computer, Firefox, Safari and Internet Explorer, all three of them are now running very slowly, especially at startup and page loading. However the worrying thing is that pages from various websites keep loading on their own, once this happens Firefox stops working completely and will not work again until re-boot, Safari and IE continue to work but very slowly.I ran CCleaner but no help. Incidentally when Firefox shuts itself down CCleaner shows a box saying that Firefox is still running in the background.Today I downloaded HijackThis and ran a scan, unfortunately the information it gave me is way out of my league which is why I'm asking for help here. I've attached the HijackThis log file for minds far wiser than mine. Any advice will be very much appreciated.RegardsPeter

A:Browser loading unwanted pages

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 2 answers
RELEVANCY SCORE 63.6

Hello,

I've inherited an anwanted search bar on my IE browser. Can you please tell me what to delete from my HJT log. Thanks.
 

A:[solved]Unwanted Search Bar in Browser

Read other 6 answers
RELEVANCY SCORE 63.6

Hi, I'm having a problem with constant IE browser popup windows all having in the address bar "http:///#x??=qK?}MJ??}V??ta????\[email protected]:?V??-i_I?h??eK?[??" and saying "Internet Explorer cannot display the webpage". The browser windows just pop up anytime I start browsing.

can you please help? thank you!

A:Unwanted browser windows popping up

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411141 and follow the instructions there. If you no longer need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have prev... Read more

Read other 2 answers
RELEVANCY SCORE 63.6

Hi,

I think my PC has been hit with a virus or malware or whatever and I could use some advice. When I leave it unattended for a few hours I come back and there's a new browser open to a web site, typically something like a site selling inkjet cartridges or looking for donations to fight global warming. I close it, no problem, but the fact that this is happening worries me. Also, when I click on a link in an email (like when I get a Facebook message or someone sends me a link) the browser tries to open, then shuts down.

I ran Spybot yesterday, but the problem persists.

Thanks, FH
 

Read other answers
RELEVANCY SCORE 63.6

I attach a copy of the Hijackthis log.

A:Browser Redirects To Unwanted Sites

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ba551 My name is Richie and i'll be helping you to fix your problems.Download and run Fixwareout from the link below: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exeAfter the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.----------------------------------------------------------------------------Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log.Post all your replies directly into this topic,not as attachments,thanks.

Read other 10 answers
RELEVANCY SCORE 63.6

HI, For the past couple months I have had occasions where my PC would just restart itself. It happened a few times in the beggining but now it happend a little more frequent than before...maybe 1-2 a month (which is too much for me since I do multimedia animation stuff and i can't afford to loose work.). I don't know if it is a hardware problem or a software problem.

Also as from seeing in the forum alot of people have the same problem with the web browser redirects where u search for somthing in Google and is send u to these nonsense websites. I know every system is different so i thought i might as well mention it for my system since that may be fixed with the logs posted below for both problems.

IF i need to post seperate for each problem then let me know.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:35:07, on 16/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee... Read more

Read other answers
RELEVANCY SCORE 63.6

Hello, any time I search on google or try to go to a certain website through my browser(IE) I would keep getting redirected to all these randomn websites like Hyundai cars, different search engines and things of that nature. It just started happening today.

Here are my DDS logs.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.1
Run by Colossus at 9:48:46 on 2012-07-19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2014.1168 [GMT -7:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Windows&#... Read more

A:Browser is being redirected to unwanted websites

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 26 answers
RELEVANCY SCORE 63.6

hey, i got the same exact problem as the first guy here. i just got hijackthis and now im going to post my results.

Logfile of HijackThis v1.97.6
Scan saved at 7:24:15 PM, on 1/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Danny Baker\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://tooncomics.com/main/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tooncomics.com/main/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://tooncomics.com/main/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Ma... Read more

A:browser hijacked and unwanted popups

Click on the link below to download CWShredder. Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do it's thing.

http://www.merijn.org/files/cwshredder.zip

When it is finished restart your computer.

To help prevent this from happening again, I strongly recommend you install the folowing patches for the vulnerabilities that this hijacker exploits:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-011.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-075.asp

*Note: The simplest way to make sure you have all the security patches is to go to Windows update and install all "Critical Updates"

Go here http://www.lavasoftusa.com/support/download/ and download
Adaware 6 Build 181

Install the program and launch it.

First in the main window look in the bottom right corner and click on "Check for updates now" and download the latest referencefiles.

Make sure the following settings are made and on -------"ON=GREEN"

From main window :Click "Start" then " Activate in-depth scan (recommended)"

Click "Use custom scanning options" then click "Customize" and have these options selected: Under "Drives and Folders" put a check by "Scan within archives" and below that under "Memory and Registry" put a check by all... Read more

Read other 3 answers
RELEVANCY SCORE 63.6

Greetings!I'm having the same issue recently described by user ebrian (http://www.bleepingcomputer.com/forums/index.php?showtopic=280611&hl=redirect+virus).I, too, normally research and dig to find solutions, but I can't seem to solve this without some help. Thanks in advance. ebrian described the problem(s) well: "a [browser] redirect to weird search sites when clicking on links in Google search. ...on Firefox that extra tabs would open up, and it always seemed to be the same ones...pretty random."Also, when clicking many Google search results (a good number but not all), I am "redirected to another site, often another search engine. Often times I instead get a bogus virus warning I cannot get out of without killing the internet connection via Task Manager."Some other info: I'm running Windows XP HomeI'm a Firefox user with pop-up blocking enabledI'm running MSFT Security Essentials & have real-time protection onI've run Malwarebytes' Anti-Malware, which found spyware & other threats that I removedI've run Spybot - Search & Destroy, which found spyware & other threats that I removedEven with the threat removal, I'm still experiencing this redirect & unwanted new tab issue.Kindly let me know how to proceed. Should I download HijackThis & list a log?Thanks in advance & happy holidays!Lauren

A:Unwanted browser redirects & new tabs

I've installed HijackThis but am not sure how to interpret the log. May I provide it to you for review?

Read other 2 answers
RELEVANCY SCORE 63.6

Hello Everyone,
I am having an issue with my web browsers. I will be surfing the web and click on a link and my web browser is sending me to another site not listed on the original link. I have a feeling its adware or spyware that was installed on my machine without my knowledge. I've run Mcafee Antivirus and removed several viruses and adware but i am sure its still lingering around somewhere. Can anyone offer any other advice? Thank you and I appreciate your help.
matt

A:Web Browser's Redirecting To Unwanted Sites

Welcome wndrbrd1Lets try a few scanning/cleaning tools to see if we can resolve your problem.Download and scan with Spybot S&D 1.4. Setup & Configure as shown here.[DO NOT choose the option to install TeaTimer]Note: If you encounter any error messages while downloading the updates, manually download them from here.Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.If your running Win XP/2000, download and scan with Ewido Anti-Malware v3.5Ewido Install and Scan InstructionsIf your still having problems after this, then perform these online Virus scans:[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]Trend Micro Housecall ScanPanda ActiveScan [ActiveScan Panda does not remove adware/spyware but will autoclean for viruses ... Read more

Read other 1 answers
RELEVANCY SCORE 63.6

Hi hoping for some advice about this

My PC is infected by the following:
Snap.do - Babylon Search Toolbar, Claro Search Toolbar. There are 14 total instances of this garbage and I have no idea how they came to be on the computer. I am very conscious of dangerous sites and "passengers" within downloads, I scrutinise everything for the usual check boxes and never check or uncheck anything that might piggy-back in. I have AVG 2012 I.S. and MSE, neither of which have managed to find any of this, never mind kill it.

I have searched the Registry with <Find> and killed these Toolbars in IE and my main browser, FF. However, they return to the Registry after closing it, Restarting and opening <Regedit> again. (Boy, these things are tough!) They do not appear in my browsers now, but Snap.do will show up and take over if I use the Google Search Bar. I have noticed a gradual slow down of my system: not too bad, but timing over a week has shown a slowdown of Boot, by 8 seconds over the 7 days.

As I was typing this, AVG Scheduled Scan pop-up reported no problems, giving 'Zero's' for all, including Spyware. I used Malware Bytes 2 days ago, but have just seen Brink's information about Updates to that, thanks Brink I will try that after logging out, although the sheer persistence of these nasties does not give me confidence.
Thanks to all who post.

A:Unwanted Viral Browser Toolbars

Hi.
Boot time most likely affected by badly uninstalled programs.
First, go through your computer's Control center and uninstall all the programs that were installed during last date. This is not only for the toolbars, but for various programs that "protect" browser settings. some of the toolbars use them.
Next, scan your PC with hitman pro ( HitmanPro 3 - SurfRight
Next, Scan with adwcleaner :
If something is still left, try scanning with Spybot (targets such programs better than mbam), or go through your search settings.

Read other 9 answers
RELEVANCY SCORE 63.6

I have a Toshiba satalite c675 windows 7 64 bit, with a fresh install of os/updated drivers and software. when I am on my browser I get a pop up bar at bottom of browser that says "what's at risk" when I click on it, it takes me to Microsoft.com/support/active x and says that my active x controllers are out of date. I ran the proper commands on my laptop to confirm that I have latest versions of all active x controllers installed. how do I get that pop up bar to stop appearing on my browser? please send answer or troubleshooting instructions to [email protected] a.s.a.p. please. thank you very much
mikiemo
 

A:unwanted pop up banner on ie11 browser

I advise you to delete your email address - you leave yourself open to all manner of messages.
This is a public site and anyone can browse the forums

Plus which all help must be on the forums
 

Read other 1 answers