Over 1 million tech questions and answers.

Redirect issues, Shuts down Virus Protection, other issues.

Q: Redirect issues, Shuts down Virus Protection, other issues.

I am going insane with the issues on my computer right now. If I use a search engine, any links I click on redirect me to random virus scans and other pages that have nothing to do with the original link. Whatever has taken hold of my computer also makes my Norton 360 freeze, shutdown, and not work correctly. Scanning with anti-malware is nearly impossible. I've changed the file name to get them to run, and then only in safe mode will they somewhat work. Whenever I try to download new programs to help, it leads me to a blank page. I can't even get to windows update because it is blocked and just leads me to a search engine. I would appreciate any help that you can give me. Attached is the logs requested in the before you post message and the hijackthis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:32:52 PM, on 5/31/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\bgsvcgen.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Webshots\webshots.scrC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Malwarebytes' Anti-Malware\retry.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Trend Micro\HijackThis\Administrator.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exeO2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dllO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLLO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofileO4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exeO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dllO9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dllO9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dllO9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dllO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cabO16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CABO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1224363413031O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dllO16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{7511F6C9-A324-467D-BE01-A3AF200C57D4}: NameServer = 85.255.112.70,85.255.112.127O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.70,85.255.112.127O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.70,85.255.112.127O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.70,85.255.112.127O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dllO23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exeO23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeO23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe--End of file - 10700 bytes

RELEVANCY SCORE 200
Preferred Solution: Redirect issues, Shuts down Virus Protection, other issues.

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Redirect issues, Shuts down Virus Protection, other issues.

Hi spagtscully,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."Removal InstructionsYou computer is infected with at least a trojan DNS-Changer.Empty all p2p download folders. They might contain infected files. Please avoid using these p2p applications until the system is clean. Using these applications at this stage might lead to reinfection or infecting other users.
Download ComboFix from one of these locations:Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Read other 12 answers
RELEVANCY SCORE 80.8

Everytime I do a search, I click on the links and am redirected to different nonsense websites. Most of these websites are about making money from home, entering a contest or telling me I am a winner of something. I also cannot download any new games from a gaming website. My computer is running very slow and it seems to be getting worse by the day. I have ran several programs to fix this and nothing is found. Can these logs tell anyone anything? Everytime I run the GMER program I get the blue screen so I do not have those logs, sorry.DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 17:54:49.51 on Sun 07/11/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.307 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Sys... Read more

A:Search Engine redirect issues issues! Virus? Malware?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 78.4

Hi, I managed to catch some type of redirect/false security alert malware today. It started with a different package and I found a removal instructions post for it, followed it and used MalwareBytes to clean it up. Apparently, that didn't clean it all up, because a little while later, Privacy Protection was telling me about all the viruses I have and I couldn't open up any programs etc. I found the removal post for Privacy Protection, booting in Safe Mode with Networking, ran TDSSKiller, but it did not find any root kits. I ran MalwareBytes again and it found 4 things and it deleted those. So that is where I am at... I attached the aswMBR log since this issue seems very similar to another post being worked today.
Thanks in advance!!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by asp at 22:31:20 on 2011-12-07
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2611 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32&#... Read more

A:Redirect issues, Privacy Protection infection

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly ... Read more

Read other 45 answers
RELEVANCY SCORE 72.4

Good evening all,
 
I have been battling my only computer and trying to save it. This is our only desktop. My son who has Autism has been using it for disney games, abcmouse.com, and a roadblocs game, google earth,etc.
 
Started slowing down, had new HDD put in and Win 7 installed by a repair guy. All was well until he started on the web games. I ran Spybot, Malwarebytes,bought Avast Pro, windows defender, etc. I thought I was aggressive in protection. Then the screen freezes, errors,etc. Had some things come up for quarantine and clicked fix selected. Did a restore point for a week earlier, worked for a little while.
 
So I have been reading about virus/malware/.dll hijacks,etc. I found your forum, and wow lots of good reads. I did the check up, Farbar, security check. Posted below are my logs.
 
Thanks in advance for any help with this. My son is really upset and I am trying to help the full melt down.
 
 
Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
avast! Antivirus                
 Antivirus up to date!   
`````````Anti-malware/Other Utilitie... Read more

A:dll issues/reboots/freezing/virus protection changed/etc/thank you

Hello. Did Malwarebytes find anything?please run thesePlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7... Read more

Read other 16 answers
RELEVANCY SCORE 68.8

I am being redirected from Bing/Google searches to random sites.
Thank you so much for your time and efforts!!!! Bill.

______________________________________________________
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Bill Cott at 18:34:21 on 2012-10-04
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3057.1781 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\n... Read more

A:ReDirect Virus Issues

Hello Bill & welcome to TSF.

I'll need a couple more diagnostic scans before we begin cleaning.

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator) At this time, select Yes when prompted to download the Avast database.
Click ScanUpon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

===============

Download TDSSKiller.exe and save it to your desktopExecute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply

Read other 7 answers
RELEVANCY SCORE 68.8

I am having issues with my computer. A few weeks ago I noticed my computer was acting strange. I then was on firefox and one of those damn pop ups popped up and of course I hit the X probably infecting my computer instantly. In firefox when i search on google it takes me to sites like forless.com and 7.7.7.0 and sites like that. Also I noticed that my battery life was reduced from three to one hour and my fan was constantly running hot. I used Mslwarebytes and removed three trojans. That fixed the battery life and fan issues. Google still redirects me. Today when I went to start my computer It said my desktop could not be found and gave some system 32 errors. It was using windows classic theme and I could not start programs. I restarted my computer and it was fine. Mcafee does not come up with anything. TDSS killer does show any problems either.....
NOTE: For GMER I was only able to select Services Registry and FILES. System, Sections, Devices, Modules, Processes, Threads and libraries are grayed out and unelectable. I am using Windows 7 64bit. Also my hotmail email got hacked the other day. someone sent out an email with a link...

Thanks a lot for the Help!

DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Andrew at 15:02:56.94 on Wed 10/20/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6132.4230 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

==============... Read more

A:Redirect Virus and other issues.

Hi modernmidnight, to Bleeping Computer.My name is SpySentinel and I will be helping you with your malware problem.Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference.Step #1Backup Your Registry with ERUNTPlease use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.phpFor version with the Installer:
Use the setup program to install ERUNT on your computerFor the zipped version:
Unzip all the files into a folder of your choice.Click Erunt.exe to backup your registry to the folder of your choice.Note: to restore your registry, go to the folder and start ERDNT.exeStep #2Please download OTM Save it to your desktop. Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]

Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting... Read more

Read other 29 answers
RELEVANCY SCORE 68.8

Hi , I got a virus a few weeks ago it hid my icons so I used unhide and got them back but I am still infected with the redirect virus. before knowing better I tried to run combofix but it never ran all the way through. I tried to do the pre steps on the prep page but when I get 3/4 through the dds log it stops running .I also have malwarebytes and adaware installed. thanks in advance

A:Redirect virus issues

Lets see if you really need combofixDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Please download GMER from here(doesnot work on 64 bit OS)http://www2.gmer.net/download.phpTemporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply. DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here

Read other 12 answers
RELEVANCY SCORE 68.8

Hello! I seem to have been afflicted by the same redirect virus that a lot of people have. I also have a different problem: every time I start my computer, I get a message saying "Host Process for windows services stopped working and was closed." Also! when I try to open some programs (like Malwarebytes Anti-Malware), I get a message saying "the system cannot find the path specified." ALSO! (man, this is awful!), I get two messages saying "Error loading C:\Users\Haaris\mload22.dll The specific module could not be found" and another saying "Error loading C:\Users\Haaris\AppData\Local\Temp\crtqueue.dll The specific module could not be found." Thanks for your time! DDS (Ver_10-12-12.02) - NTFSx86 Run by Haaris at 1:38:59.43 on Thu 12/30/2010Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.959 [GMT -5:00]AV: McAfee VirusScan Enterprise *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.N... Read more

A:Redirect virus and other issues

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

Read other 3 answers
RELEVANCY SCORE 68

Alright I had some nasty infestations that I partially removed with a combo of Adaware, AVG, Spybot, MBAM and CCleaner. Now I"m suffering from

1) Seekservice.net browser and google redirect

2) Browser crashes and windows freezes

3) On startup it is trying to configure "Update 1/3" each time with no change or results

4) Intermittent inability to open taskmanager to close processes

Below is my log. I tried running the root program scan but it gives a message stating it doesn't support 64 bit OS's
DDS (Ver_09-12-01.01) - NTFSX64
Run by Shawn at 22:25:55.43 on Tue 12/15/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_15
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2938.1587 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svcho... Read more

A:Seekservice Redirect, Startup Issues, Browser issues

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 68

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz, x86 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 2039 Mb
Graphics Card: Intel(R) Q965/Q963 Express Chipset Family, 256 Mb
Hard Drives: C: Total - 66056 MB, Free - 11930 MB; D: Total - 10244 MB, Free - 8529 MB;
Motherboard: Hewlett-Packard, 0A60h, , MXM73402BS
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled

I'm experiencing IE redirecting in both Yahoo search and Google as my computer was infected with this Windows XP Recovery virus a few weeks ago which essentially hijacked my computer. It was difficult to eradicate. Besides this redirecting, I can't complete Windows Update downloads upon Shutdown, my computer periodically crashes (my taskbar will disappear and then the system freezes causing me to restart. Below please find my log file for HijackThis. Any help you could provide would be incredible. Thanks!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:34:07 AM, on 5/31/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\Sys... Read more

A:Redirect virus and other issues as a result of Windows XP Recovery virus

closing duplicate. Please do not create duplicate threads for the same issue. As malware is the busiest forum on the site, it's quite possible for some threads to get overlooked; if this occurs, please type 'bump' in the quick reply box after 24 hours have passed.

The thread I am keeping open is located at http://forums.techguy.org/virus-oth...13-ran-all-scans-requested-administrator.html .

thanks,

v
 

Read other 1 answers
RELEVANCY SCORE 68

Hello,
 
I have come to respect this site due to unfortunate circumstances over the last several hours.  
 
Long story short I tried to recreate your troubleshooting steps by following along the thread.  (I now realize why this was a poor idea).  The good news is that I dont appear to have any major damage.  
 
 
Here are the results from Eset on line scanner.  
 
 
C:\Users\Owner\Downloads\cbsidlm-tr1_11-Virtual_CloneDrive-SEO-173879 (1).exe Win32/DownloadAdmin.G application
C:\Users\Owner\Downloads\cbsidlm-tr1_11-Virtual_CloneDrive-SEO-173879.exe Win32/DownloadAdmin.G application
C:\Users\Owner\Downloads\cutepdfwriter-setup (1).exe Win32/DownloadAdmin.G application
C:\Users\Owner\Downloads\cutepdfwriter-setup.exe Win32/DownloadAdmin.G application
C:\Users\Owner\Downloads\FoxitReader545.0124_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application
 
Here is the link below to the thread I have been following.  
 
http://www.bleepingcomputer.com/forums/t/486939/having-trouble-with-google-redirect-virus-and-other-assorted-virus-issues/
 
Please help.  Thanks,
 
-Brian

A:Having trouble with google redirect virus and other assorted virus issues (2)

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now Click Start Scan and allow the scan process to run If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR-------------------- Download aswMBR and save it to your desktop.Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.Please post the contents of the log in your next reply.NOTE:  aswMBR will crea... Read more

Read other 16 answers
RELEVANCY SCORE 68

Hello--New to the site and am impressed with the level of kindness people have on here to help people out
 
I am having trouble with getting rid of the Google redirect virus, and I probably have some other virus issues (I have run malwarebites and it picked up and removed several). In years past this baby has picked up all kinds of nasties. I have had some very mean viruses that could only be removed by a bootable Kapersky disk and my limited computer troubleshooting after hours of struggle.
 
I should also point out that last week my yahoo email was hacked by some jerk in chile and most people I ever sent emails to were spammed (I changed yahoo password and shut yahoo mobile off which I how the account was accessed but I dont know if that will be enough (maybe I should just shut yahoo off....)
 
The interesting thing with the google redirect virus is in Firefox If I google search through Firefox default page no problem. When I used the google toolbar it was infected so I reset that to defalt now no problem but when I type www.google.com and then search I still get redirected. This computer is an old fart so any help I can get would be appreciated for this and other unforseen problems this machine may have.
 
Here are the logs:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_16
Run by blownupcomputer at 21:34:22 on 2013-02-27
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1534.7... Read more

A:Having trouble with google redirect virus and other assorted virus issues

Hello blownupcomputer Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking ba... Read more

Read other 17 answers
RELEVANCY SCORE 68

My computer has two problems I'm looking for help fixing; one seems simple enough but the other one I have no idea what to do about. The first problem is a simple virus, and by the looks of other posts on this and other forums, seems solvable.

Recently I found that every once in a while one of my google searches would redirect to an ad page. At first, I thought it was just a new thing google was doing to make more money, but when I looked it up, I discovered that it was a virus. I scanned my computer with Avast Antivirus and the Window's Malware Removal Tool, and neither one found it.

My second problem is less simple. Basically, whenever I boot my computer, it has about a 40% chance to freeze up entirely between five and ten minutes after booting. No input works, and only restarting my computer will free it up. Though the computer rarely freezes again after restarting, it does occasionally freeze a few times in succession. To be honest, I don't really expect to see a resolution for this problem, as I'm pretty sure it's not caused by malware, but I thought I'd mention it in case something comes up in the logs.

I took all the logs requested in the Sticky, and all of the programs, including GMER, ran properly. Unfortunately, I wasn't reading as carefully as I should have and didn't uncheck all the things I was supposed to in running GMER, and instead let it scan everything. If this is a problem, I can retake the log, but I'll post ... Read more

A:Two Issues, One is the Google Redirect Virus

Bump
 

Read other 2 answers
RELEVANCY SCORE 68

It seems that quite a few other people have been having this problem, and I seem to have come down with it too. It started with a sound-only advertisement that played in the background. The only way to find and quiet (temporarily) the ad is to go into task manager, go to processes and end process on iexplore.exe. Obviously I use Internet Explorer. Before coming here, I thought it was an issue with IE and upgraded from IE8 to 9, but the issue persists. I also have, occassionally, times when IE will suddenly not work, and will restart on me, or just close.

And what seems to be the primary issue is the redirecting. When I use a search function, primarily Google, the engine will give me my choice of links to click on to follow, but if I click on any of them, instead of bringing me to the proper site, it redirects me to a random website, then 'get-answers-fast.com' then to another seemingly random site. Previously it brought me to a website starting with 63.209.69.107. Now it just brings me to other randomly selected sites, most having nothing to do with the search being performed.

I am currently using Windows 7 OS and have downloaded Malwarebytes to try to find the problem after Norton failed to find anything other than some tracking cookies. MBAM located four problems, but apparently none of them were this issue, since it obviously persists.

I appreciate any help anyone can provide and thank you in advance.

A:Redirect Virus, Backround Ads and IE issues

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart th... Read more

Read other 5 answers
RELEVANCY SCORE 68

Hi I just removed two virus's from my computer. I have listed them below:
 
Files Detected: 4
C:\Users\thegirlees\AppData\Local\Temp\626A.tmp (Trojan.Agent.WNIH) -> Quarantined and deleted successfully.
C:\Users\thegirlees\Documents\Ticket.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\thegirlees\Local Settings\Application Data\04956102555153.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\thegirlees\Local Settings\Application Data\054575510256101.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
 
 
I was having issues with re-direct in ie 8. Now I am getting stack overflow messages from the webpage and memory issues on line x from the webpage.
The browser is terribly slow and sometimes (most of the time) won't display the page.
 
I have reset the browser to factory defaults and looke to disable all add ons. When you click on a page sometimes at the bottem of the screen you can see that it's heading to un undesireable site. In most cases the site won't display it just fails to display anything. I am using the pc now so as you can see it does get to some sites some of the time.
 
i have posted dds....would appreciate any help that you can provide.fyi I used ccleaner and malwarebytes so far.
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by thegirlees at 22:02:18 on 2013-06-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1... Read more

A:just removed two virus's and still have redirect issues

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).Please go here to see a list of programs that need to be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.****Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**Please include the C:\ComboFix.txt in your next reply for further review.

Read other 1 answers
RELEVANCY SCORE 68

My laptop has been infected with malware in some form I guess, windows live mail pops up every now and then with a link to an external site, and the internet explorer web browser continuously appears showing a random web page which is annoying because I use firefox. The most plainly obvious issue I have however is the google redirect problem which takes me to different random websites upon clicking on any link. Anyways I have tried AVG and malwarebytes full scans but neither pick up on anything wrong. I have been told to post a hijackthis log on a forum like this to prevent running the risk of changing anything important? Any help would be much appreciated, cheers.
Anyways, here's my hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:58:39, on 04/08/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\ig... Read more

A:Google redirect virus, and other issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 15 answers
RELEVANCY SCORE 68

Good Afternoon,
 
 
Recently I made the mistake of hitting a bad download link and now I have some issues with my PC.
 
A few fuax programs like PC cleaning software and crossbrowse was installed. Macafee seemed like it took care of all problems in the PC itself, but as soon as I log into the internet, I get redirected to various websites that are definitely not legitimate.
 
I used your services years ago, and I'm hoping you can help me out once again. Thanks in advance.

A:Having some issues with a redirect virus/malware on my PC.

 Hello Bluefin13 and welcome back,
 
Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 
§  Double-click on the Rkill desktop icon to run the tool.
§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.
§  A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
§  If not, delete the file, then download and use the one provided in Link 2.
§  Do not reboot until instructed.
§  If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from Safe Mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
------------
 
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.
 
§  Double-click m... Read more

Read other 0 answers
RELEVANCY SCORE 68

Greetings. I'm hoping to find some help here and will be grateful for any you can give me. Problems started several months ago. I was using Avast and Maleware bytes at the time of compromise and just recently switched to AVG in an attempt to fix the problem. I still am being redirected to ads and bogus sites, getting fake anti-spyware messages, and blue screens. My husband and I both use this laptop so I'm not sure where exactly the problem originated. I have read the instructions for starting the help process and hope I did everything correctly. Thank you in advance for any help.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Julie at 14:26:42.85 on Wed 02/02/2011
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_22
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3062.1238 [GMT -8:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
... Read more

A:redirect virus I think, many issues,ongoing

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".Gringo

Read other 19 answers
RELEVANCY SCORE 68

so it appears i am having multiple issues on my computer

1. every time i start my computer i get an annoying Trend Micro pop up to purchase the product. that is accompanied with a pop up to install ie 8.

2. redirect virus- i am getting a google redirect. it either takes me to a random webpage of it starts to "scan for viruses."
any help as to how to eliminate these would be appreciated. i ran both ccleaner and malwarebytes. neither helped or showed a problem

A:Multiple virus issues (redirect, pop ups, etc)

anyone? please?

Read other 24 answers
RELEVANCY SCORE 67.2

OS: Windows xp
CPU: Dell inspiron E1505 labtop

Ok here is the deal. My cpu got infested gave me a blue screen and would not even load windows. I sent it to the shop and it got cleaned and i get it back today and now i still have the redirect issues. The only other thing on the network is my ps3 and that has seemed to be infected as well (even though no one believes it is possible; like im too stupid to realize what it is i clicked) i have tried to use malwearbytes but it refuses to update i get the error MBAM_ERROR_UPDATING (12007 , 0, winhttpsendrequest). I have run scans with super anti spyware (free), eset online antivirus symantac antivirus full version 10.1.7.7000 spybot search an destroy; i have high jack this downloaded but i wont dare use it without guidance and finally ccleaner. A couple programs picked up small things but nothing that fixes any of my main problems with redirect virus or malwarebytes not being able to update. im beat any help would be highly appreciated because i know this is a subject being beaten to death at this time

A:Redirect virus and malware update issues

Hi -Try this with your Malwarebytes program first -To Fully Remove and Reinstall a Fresh New Copy of Malwarebytes - Read CarefullyWindows XP:Click on Start and select Control PanelOpen Add/Remove ProgramsUninstall Malwarebytes' Anti-MalwareRestart your computer very important !Download and run mbam-clean.exe from hereIt will ask to restart your computer, please allow it to do so, very importantAfter the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from hereNote: You will need to reactivate the program using the license you were sent via email if using the Pro version only -Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it.

Read other 2 answers
RELEVANCY SCORE 67.2

Hi
Thanks in advance for your help
Have followed advice and run defogger, DDS and GMER
Logs below/attached
Firefox started playing up with pages not loading or constantly being refreshed. Then google started sending me to all sorts of pages. Now browser struggles to load and crashes.
Not sure if it helps but pc crashed several times running GMER but finally got a complete scan.
Many thanks

A:Google redirect virus and browser issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 29 answers
RELEVANCY SCORE 67.2

Hi All,

I have noticed a few strange things with my Firefox and Internet Explorer recently.

It started off about a couple of weeks back, but only with one or two sites. for some reason I couldn't get access to parked.com from Firefox, but I could with internet explorer. Likewise with Yola.com.

About a week ago or so I noticed a problem in Google searches. I'd click a link and instead of going to the site I'd get redirected to iSearchpile or Asklots or a similar sort of site. i also noticed that every now and again when I'd click a link in a forum or similar a new window would open at Google.

I activated noscript on Firefox and this seemed to identify the problem. When I'd click on a search, I'd go to a blank page first with a redirect message that noscript had blocked. after a while the search would open normally. Still copudln't get to some sites though and figured there must be a virus at work.

Ran symantec and it quarantined a couple of files which I thought would fix the probelm but it didn't. Ran Adaware and that also picked a few things up but again didn't fix the problem.

I've started to notice problem connecting and downloading from the internet now as well. I've tried to install Spybot Search and Destroy but it won't install properly, likewise Adaware says there's a connection error when I try to run the update feature. Symantec updated fine this morning but it seems that some software can't ... Read more

A:Browser Redirect / Connection issues - Virus?

removed by BC Moderator

Read other 2 answers
RELEVANCY SCORE 67.2

Good Evening,

My PC (running Windows Vista) has been slow for some time but nothing to worry about but it has become much slower since the Google Redirect problem appeared yesterday. I can enter a search in Google but when I click on the link it goes to another search site or web site. I can get around it by copying and pasting the URL from Google but not really a long term solution.

In addition, I am having problems as below:

1. Seem to be stuck in Windows Classic mode
2. The Internet Explorer back button is not working (can use the drop down box to go back, but not the arrow)
3. Unable to load Windows Updates
4. Takes 3 to 4 tries before I can get IE to open correctly without seizing up - and if it does seize up I am unable to close.

I have scanned with Microsoft Security Essentials more than once and have located and deleted Trojans, however it has not remedied the problems as above.

I would really appreciate any assistance or advice you can provide after reading my logs as below and attached. Please also feel free to tell me if any of the programs I might have installed deliberately are causing me problems/are dodgy.

I have pasted the DDS.txt below and attached the Attached and Ark documents. Totally unsure of whether my Windows is 32 or 64 bits but managed to get a ark.txt file to attach just in case.
Thanks very much for your assistance.

Susan

DDS (Ver_10-12-12.02) - NTFSx86
Run by Susan Myers at 17:41:02.84 on Sun 23/01/2011
Internet Explorer: 8.0.... Read more

A:Google Redirect malware/virus - and other issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 21 answers
RELEVANCY SCORE 67.2

Hello,

Over the past several days, I used Malwarebytes' uninstall guides to remove a couple viruses; however my computer is still having some lingering issues:

1) When I click on search results from Google and Yahoo, I get redirected to other sites. The most common sites are scour.com, overdubs.us, gimmeanswers.org, and happili.com.

2) There is no sound when I try to listen to live streaming (NPR) or watch videos over the internet. The system sounds are still working.

3) I cannot enable the MBAM Protection Module. I get error message, "[Start Service] Failed to perform desired action. Error Code: 1068"

I don't know if my Windows system is 32-bit or 64-bit so I did not create the GMER log. (I tried to run that scan a few days ago and it stopped before it completed. Sorry I didn't note the message it gave me when it stopped.)

Thank you for your help in solving these issues.

Jaci

 attach.txt   4.42KB
  1 downloads
Here is my DDS log.

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jaci Stanton at 11:22:17 on 2011-06-13
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm080YYUS&fl=0&ptb=szWiKRJIROdCDjKfvg983A&ind=2007021415&url=http:/... Read more

A:Search redirect and other issues after virus removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 29 answers
RELEVANCY SCORE 67.2

This virus may be another version of another redirect virus I had. Not sure if it is the Google Redirect virus but I know Chrome was sending me to all these phishing sites to change my password and now it crashes GMER when I open GMER and start the SCAN and when I open GMER and it freezes then it freezes the computer both in normal startup and safe mode startup. Then to get past the freeze It requires me to take out battery and power and gives me blue screens, the virus gets even more virulent at that stage. Microsoft Firewall is turned on spontaneously and it is attempting to trick me to turn off my Trend Micro firewall which is set at Maximum. It tricks me because I keep seeing that computers and devices are connected to my network as well and so I try and block those but then it tricks me to my internet not working so I have to mess with the firewall because that's the reason that comes up. I can not after 10 attempts in both normal and safe startup mode can not get GMER to run a full scan to get a log. Please help. DDS.txt (For some reason 2 popped up and they were identical I think so I deleted one and kept the other) DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 2:05:33.22 on Thu 04/22/2010Internet Explorer: 8.0.6001.18904Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1917.1052 [GMT -5:00]SP: Windows Defender *enabled* (Updated) BOTTOM BUTTONS 1============== Running Processes ===============C:\Windows\system32\winini... Read more

A:Possible Google Redirect Virus w/ Chrome Issues

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 42 answers
RELEVANCY SCORE 67.2

I've been having really annoying issues when i use any of my browsers (IE, Mozilla, Chrome) on a search engine (google, yahoo, etc) every time i do a search i click on a link and it immediately takes me to some random website, often an advertisement. However for the time being to get around this i've been opening up the link in a new tab and it goes to the correct site. i don't want to do this forever as it's annoying and i have obviously have some sort of a virus / maleware.

I've done a bunch of scans with my anti virus (anitvir) and it has picked up a few trojan warnings, i've quarantined them and deleted them off the computer. As well my malwarebytes has found a bunch of malware files and also deleted them. I've done scans in both regular and safe mode but i still keep having this issue. I went to msconfig to make sure no weird programs were starting during my start up phase, sure enough there were all kinds of weird programs listed there that i did not recognize. I have disabled them, however i still have this search engine re direct issue.

Other then this issue my computer is working fine.

Below are is my dds log file the ark.txt and attach are both zipped and attached to this thread.


DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 16:59:19.27 on 11/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.618 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-4... Read more

A:Search Engine Redirect Virus / Issues

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 10 answers
RELEVANCY SCORE 67.2

Hi, and thanks for helping.

I believe that I have one or more trojans/viruses, and don't know what to do about it.

Symptoms:

1. Browser redirection

When I do a google search, once I click on a link on the search results page, I am redirected to another website. This is true of FireFox, Internet Explorer, and Chrome. If I look at my browser history, I see, in chronological order:
- My google search
- Various "intermediate" sites that never show up on my screen. These are named things like "c.php" "r.php" "kkk.php" "findwhat.dll" "click.aspx" and, for the most part, have locations with IP addresses rather than names, such as hxxp://64.111.196.117. Some do have names, such as hxxp://meta.7search.com/...
- The site to which I am redirected. These have included hxxp://www.consumersdiscountrx.com and hxxp://vitanetonline.com

Occasionally, but not always, clicking on a link in the search results will lead to the browser closing down (no error message). Occasionally, this will lead to a McAfee pop-up with an On-Access Scan Message. This message has given me the following information:

a) Name: A0038971.exe. In Folder: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP381. Detected As: Generic.dx. Dete...: Trojan. Status: Deleted. Date and Time: 3/28/2009 4:31:10 PM. Application: C:\WINDOWS\System32\svchost.exe
b) Name: setup_u.exe. In Folder: C:\WINDOWS\system32\setu... Read more

A:Browser redirect and other issues: trojan/virus?

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

Read other 13 answers
RELEVANCY SCORE 66.8

started a weel or 2 ago.. strange things like random sounds comeing through speakers and web pages opening automatically... then the redirect started happening.. stareted in chrome , then internet explorer and so on.. tried many things mbam.superantispyware... ect. superantispyware always seemed to do the trick but i also noticed lately that it will update and then if i reboot the updates will be gone.. thats when i noticed mbam wasnt updateing ass well getting a MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest). So i reformated, and i still have the bug... please help when possible thanks.. below is the information requested.DDS (Ver_10-03-17.01) - NTFSx86 Run by shawn at 23:59:00.81 on Sun 07/11/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2303.1576 [GMT -7:00]AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-... Read more

A:redirect issues, reformated and still haveing issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 7 answers
RELEVANCY SCORE 66.4

Hello, I am new to Bleeping Computer. Thanks for taking time to help. I am using Windows XP Home Edition 2002 (SP2) on a Compaq Presario V2000 Laptop, circa 2007. A couple of weeks ago, it was infected by a virus or malware that causes redirect from the IE and Mozilla Search Bar (the one up by the Browser Bar). Searches are OK straight from Google and other search pages.Also, I was getting frequent svchost.exe errors, and an Error Box about Gen Windows Services 32 has encountered an error and must shut down. When that shut down, I lost USB Port functionality and sound. PLUS, I got a popup for a Fake Spyware removal program.Scanned with Malaware Bytes and Ad-Aware, found and cleaned a few things, then nothing. Problem persisted. As last resort, did the Destructive Recovery from the Compaq D Drive. And, I still have issues. Still have the redirect. So far, have not has a svchost.exe error.Cannot get to Windows Update web page to load. Downloaded and ran ComboFix. Log says it found Rootkit activity. Log posted below. Still have the issues after running ComboFix.Any thoughts?Thanks,ChrisComboFix 10-09-25.07 - Family 09/26/2010 11:17:12.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1406.1037 [GMT -4:00]Running from: c:\documents and settings\Family\Desktop\ComboFix.exeAV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}.((((((((((((((((((((((((((((((((((((((( Other Deleti... Read more

A:Rootkit Virus/IE Redirect Issues AFTER Destructive Recovery

Did Total wipe, reformat, reinstall. No help needed. THanks

Read other 2 answers
RELEVANCY SCORE 66.4

I used this forum before and it was a big help.

I had a virus and was able to remove it via Malware Bytes in safe mode. It was a fake scanning virus..scanned my PC found 20 'FAKE' viruses...and wanted me to purchase something.

But after this virus is gone, there is a redirect on my YAHOO and GOOGLE and after the redirect does its nasty business...the sound doesn't work.

If I avoid having the redirect engage..the sound stays around awhile.

It was a rootkit last time...with the help of Bleeping Computer it was found. I think FSECURE found it. (Which I tried this time and it didn't work.)

We removed the rootkit...the redirect went away and the sound came back.

Thanks for any help.

A:Cant remove virus causing redirect and sound issues

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 14 answers
RELEVANCY SCORE 66.4

My older Mother has issues with browser redirect, very slow computer system, possible virus/malware?. She keeps rebooting but her computer freezes up and won't shut down. Below are the various logs:

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) 64 Processor 3800+, x86 Family 15 Model 95 Stepping 2
Processor Count: 1
RAM: 446 Mb
Graphics Card: NVIDIA GeForce 6150 LE , 256 Mb
Hard Drives: C: Total - 143846 MB, Free - 125707 MB; D: Total - 8762 MB, Free - 568 MB;
Motherboard: ASUSTek Computer INC., NAOS, 1.05, MS1C6AS00302402
Antivirus: AVG Anti-Virus Free, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:04:40 PM, on 12/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C... Read more

A:Browser redirect/virus/malware issues that I can't solve on my own

Read other 16 answers
RELEVANCY SCORE 66.4

Hello,

For anyone who can help me out: I have a Vaio laptop with Windows XP. I have a virus or other infection causing four main issues (that I'm aware of):
1. All my desktop icons, programs, and documents have disappeared (!!)
2. Streaming audio plays even when the internet and all other programs are closed
3. We're getting pop-up errors titled "Internet Explorer Script Error" and ask if we want to continue running scripts on this page (even when nothing is open).
4. The browsing history is filling up with random search sites.

I'm pretty technologically incompetent but have tried everything as best I can. I've used Malware bytes to run a full scan on the computer and removed 12 items. I have tried running TDSSkiller and nothing happens when I try to open it. I have changed the file name/type to .com with no result. The icons changed when I changed the name so am not sure if they are even viable in that format.

I ran the logs requested in the "Preparation" section but may need to do it again since I've run other scans since then (?).

Thanks in advance to anyone who can help. It's pretty amazing that this support is out there.[/b]

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Beth at 22:22:42.26 on Fri 04/29/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.218 [GMT -7:00]
.
AV: CyberDefender Internet Security *Enabled/Updated* {B97FCDF0-CAB1-42A1-8682-02F93E2633D6}... Read more

A:TDSS or other virus ausing redirect and other issues - need help to remove

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 46 answers
RELEVANCY SCORE 66.4

I've got a nasty bug that redirects whenever i click on any of the given links on a google result query. downloaded and ran hijackthis and have included the log. NEED HELP BADLY!!!Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 4:16:58 PM, on 4/6/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.e... Read more

A:Google Redirect Virus Issues (hijackthis log included)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

Read other 2 answers
RELEVANCY SCORE 66.4

Hi there, I have a redirect virus issue plus other malware problems and hoping someone can help? It's defeating me! My boyfriend first noticed when clicking on a search result in google, instead of the search result displaying, a new window opens which redirects to 'results5.google.com' - usually showing the google homepage (or another search engine) instead of the correct search result. Closing this new window and repeating the process 3 or 4 times tends to eventually get to the correct search result. Really annoying! Also clicking on a link (eg. in the bleepingcomputer forums) will eventually take me to the link but also opens a new window 'http://search.google-analytics.com'.Then the pc dumped its graphics drivers, so he turned it off and plugged in our other pc - which behaved in the same way as the 1st pc, except it didn't dump its graphics drivers. Same redirect issue.So we turned back on the 1st pc, reinstalled graphics drivers and have run Malwarebytes several times - it finds and removes more bugs each time we run it! (Please see below) Run tdsskiller and it finds nothing.Followed instructions online to reset the router and flush the dns cache. Still got this redirecting issue.I've run out of things to try and hoping someone can help? As we have the same issues on 2 computers which are never on at the same time, is this a router virus? I'm not a total novice computer user, but I'm in way over my head with this... Read more

A:Redirect virus - results5.google.com - plus other malware issues

Here's the GMER log, hope this helps.Lucie

Read other 8 answers
RELEVANCY SCORE 65.6

Good afternoon.I am working on a problem on an older Dell. So it's a Dell, Dimension 8200 Windows XP Version 5.1 Service Pack 3, if that makes sense. We use it as a second computer, and used it infrequently. We had no virus software on it. Our primary computer died, so we began using the Dell (without an anti-virus), and then one day it was invaded and began to have multiple issues. 1. Runs insanely slow.2. Google searches are redirected if I use the toolbar or search automatically in the main web address box. 3. Spybot would not run, or would fail to update.4. Malware bytes would get stuck updating5. Bitdefender (not installed when problems began) will not install. It freezes about 3/4 of the way through. Or, twice in the past month, the stars aligned, and my fingers were crossed at the same time and it did install, but the firewall would not work. I did run a deep system scan on both those occasions. But shortly after the system scan would complete, I would have the system crash - blue screen. I would then have to uninstall Bitdefender in safe mode. Over the past month, I have been able to run spybot, Malwarebytes, and bitdefender at various times. But they will not work consistently. At present, malwarebytes and bitdefender are both uninstalled. In addition, after trying to run spybot, or malwarebytes, I could no longer access the internet through a web browser or email. To get around that, and regain internet access, I would create a new user acc... Read more

A:Seach engine redirect, spyware, virus software issues

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Let's try Gmer instead of RootRepealPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open t... Read more

Read other 6 answers
RELEVANCY SCORE 65.6

Hi, I'm hoping someone can help me with this virus problem.

It started with the ave.exe virus, which I've successfully removed with Malware-bytes and SUPERAntiSpyware Free Edition. I'm no longer getting the fake anti-virus popups, but I am still getting re-directed on all my Google searches and I get the occasional popup ad (using Firefox). My system now runs very slow and reboots on its own. It's a laptop so when I put it to sleep, the next time I bring it back it said it recovered from a serious Windows Failure.

Here is what I have done so far. I followed the Preparation instructions before posting this topic. DDS launched to the cmd window for about 3 seconds, then disappeared, but no log files ever appeared (I waited for over an hour). I then ran GMER, the 1st time I ran it I got a blue screen within the first 10 minutes (rebooted), the 2nd time I ran it my system came to a screeching halt. The Task Mgr showed CPU usage at 100%, my computer was unusable and I had to do a hard boot. So I threw in the towel and now I'm posting this.

Before I saw this forum and the associated instructions, I had tried some other solutions that I saw mentioned on other forums. I ran MalwareBytes, which found and removed the ave.virus. I ran SUPERAntiSpyware, which also found issues. I also ran SpyBot Search & Destroy, it didn't anything. But I am still having Google re-directs, random popup ads, blue screens, and automatic reboots.

I need help. Thank... Read more

A:Ave.exe virus, google redirect, now svchost failing and other system issues

Hello, first run TFC by OTPlease download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Run RKill....Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot your computer after running rkill as the malware programs will start again.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Next DrWeb.Before we sta... Read more

Read other 10 answers
RELEVANCY SCORE 65.2

My computer is running Windows XP. I previously had Symantec Antivirus and on Tuesday (July 20) when I went to use my computer I received the BLUE screen twice. I was just checking email and surfing the web. Later that night I was surfing the web again and all of the sudden my screen became bombarded with Symantec email proxy pop ups. They took over machine whenever I was connected to the Internet. I removed Symantec Antivirus and the pops up stopped. I installed the free version of AVG Anitvirus which completed a scan of my computer and found 6 infections. They are:

C:\WINDOWS\system32\mcvup.exe
C:\WINDOWS\p3dens.dll
C:\Documents and Settings\me\Local Settings\Temp\qodigx.exe
C:\Documents and Settings\me\Local Settings\Temp\bxwn.exe
C:\Documents and Settings\me\Local Settings\Temp\5F.tmp
C:\Documents and Settings\me\Local Settings\Temp\5D.tmp

They have all been moved the the "virus vault".

The next day AVG found c:\System Volume Information\_restore{F22ECDBF-07FD-48E2-8346-7D4E4D9E57A8}\RP29\A0006724.dll and moved it to the virus vault.

The day after that AVG found c:\System Volume Information\_restore{F22ECDBF-07FD-48E2-8346-7D4E4D9E57A8}\RP29\A0006725.exe and moved it to the virus vault.

Now when I do a google search and select a link I get redirected to somewhere else. I primarily use Chrome but I have Internet Explorer installed as well and have run into the same problem regardless of browser or search engine (I tried yahoo too and I get redirected.)

I d... Read more

Read other answers
RELEVANCY SCORE 64.4

A week ago, I got the Windows Recovery virus. After lots of work and many different scans, I think it's gone. But now I am having a google redirect issue on both IE and Firefox. It redirects to this site: http://www.bing.com/?pc=ZUGO&form=ZGAPHP

I am not all that computer literate, so your help is very appreciated!

My DDS log:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Joey at 22:54:44 on 2011-05-27
Microsoft? Windows Vista? Business 6.0.6002.2.1252.1.1033.18.3070.1728 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32�... Read more

A:Browser hijacked (Google redirect) and other post Windows Recovery virus issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 20 answers
RELEVANCY SCORE 64.4

I have been trying to post for several days but unable to. The issues i have been having includes: my driver for my NVIDIA GeForce 7400 is preventing standby, google is directing me to junk sites, and i am having issues with restarting with either it taking forever to shut down, or when it restarts, all i get is a background and pointer, but that's it.

whenever i try to copy and paste, i think that is what is preventing me from being able to post. so my dds log is attached but that's all i can do for now...

A:several issues... virus? junk sites, device driver, logging on issues

Hello Leah,

I appreciate your efforts, but I really need to see the dds.txt. That's the one with all the 'meat'

Can you please run dds.scr again and attach the dds.txt?

What about gmer? Were you able to run that?

Read other 13 answers
RELEVANCY SCORE 64

Upon restart the blue screen says wsock32 deleted or changed (can't remember which) and after login to windows IE asks if i want to restore previous session and if yes is clicked it opens some 24-28 windows. I've also got 8 different svchost.exe processes running in task manager which is a new thing. Avast has found and isolated (but not deleted) wsock32.sys & xwr15685.dll in its virus chest.EDIT... Unsure if it helps at all but i also have unsecapp.exe running in the task manager processes which is similar to processes run by 2 known viruses. I'm also unable to start the windows firewallDDS (Ver_10-03-17.01) - NTFSx86 Run by gregeahh at 23:31:31.29 on Wed 08/18/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.83 [GMT -6:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware\AAWSe... Read more

A:Possible multiple virus/malware issues (wsock32.sys & xwr15685.dll known issues)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 10 answers
RELEVANCY SCORE 63.6

Hello,I am quite the computer amateur, and have recently gone through an ordeal with some viruses. I was first infected with Coreguard Antivirus 2009 (which also seemed to be called Internet Security 2010 or something similar), which was acting as a fake antivirus program. I managed to get the worst of it off of my computer my running several antimalware/antispyware programs. For the most part, my computer has been behaving, but I know there are still some bad things left. For one, I kept getting the "302 Moved" error on Google searches - at first I thought it was a Firefox security measure, but research proved that it signifies a virus, similar to the ordeal I have already gone through.As I mentioned, I am an amateur, so it's very hard for me to know what I should and should not do.Here is my log from HijackThis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:53:33 PM, on 2/11/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireles... Read more

A:Recently fended off worst of Internet Security 2010 virus, now have Google redirect issues

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer sc... Read more

Read other 2 answers
RELEVANCY SCORE 63.6

(Sorry, I must've hit something that made the post go through while I was typing a title. It's supposed to read "Problems after 'removing' AntiMalware Doctor & Google redirect: still experiencing issues after removal of virus".)***NOTE: I have not been able to complete a GMER scan. My system keeps crashing and restarting at some point during the scan. According to Windows, it has to do with a driver error. It only happens during the scan. Here is the error signature I get when it reboots:BCCode : 1000000a BCP1 : BA918008 BCP2 : 00000005 BCP3 : 00000001BCP4 : 806D98FE OSVer : 5_1_2600 SP : 3_0 Product : 256_1 And here are the files included in the report:C:\DOCUME~1\DAM\LOCALS~1\Temp\WERa6d1.dir00\Mini043011-01.dmpC:\DOCUME~1\DAM\LOCALS~1\Temp\WERa6d1.dir00\sysdata.xml*** Hello guys, and thanks for your help. Here's my story. A short while ago, my system became infected with AntiMalware Doctor and Google redirect. After some searching, I found Microsoft Customer Support. After a dozen or so sessions with as many agents, the viruses APPEARED to be gone. The agents would take over control of my system and use programs including SuperAntiSpyware, Malwarebytes AntiMalware, and HiJackThis (although I don't think he used it well). They also installed Microsoft Security Essentials, since I didn't have an antivirus installed. Here is a list of issues that APPE... Read more

A:Problems after 'removing' AntiMalware Doctor & Google redirect: still experiencing issues after removal of virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 62 answers
RELEVANCY SCORE 63.2

Hello

I am running xp

Original problem involved internet being redirected when clicking on links but after reinstalling AVG and running Malwarebytes along with deleting a number of suspicious files that has now discontinued to happen

AVG is still showing multiple issues on daily scans as to is Malwarebytes

Keyboard is now not working correctly and sometimes certain keys will work then later they will

I have run both tests as requested as well as Hijack This

I really appreciate your help

Thank you

DDS text


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 18:28:42.09 on Wed 22/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.3549.2358 [GMT 10:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files... Read more

A:Keyboard Issues/Repeat Issues on Virus Scan

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see a gmer log in order to help you.

http://www.techsupportforum.com/f50/...lp-305963.html

Please attach the log to your next reply.

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 63.2

Hi, I am having some major problems with my laptop and I figure I'd give this a try before wiping the drive clean. I've never seen anything like this.Here are the problems:First, when using Google, everything works fine until... I try clicking through the search results screen and onto one of the results. Some of them work and some of them don't. If I Google search the word "malware" for example, the search results will work normally. However, when i try to click one of the links -- say from malwarebytes for example -- I am redirected into a variety of sites including:hxxp://76v84nks81.cc/JKA18q2P705y8ju6f6a27e01a816b90e7f4f47eb4fc3b2e907k (I broke up he link with dashes, I don't want anyone clicking it Deactivated link and dashes removed. ~ OB ) -- when trying to redirect me, SpySweeper said that it blocked a connection to www.malwaremovalbot. comtheclocktower. net is another site I am redirected to.there are a bunch of them.. I can experiment and list more if needed.Interestingly, if I right click on one of the search results and tell it to open in a new tab, it works successfully without redirect.Next problem -- Google Chrome does not work at all. Chrome was my primary web browser, and now it simply won't work. When I try to search using it, nothing would happen. It would just lock up endlessly. I ended up uninstalling it and have not reinstalled it since.Also, Firefox would not work either. I ended up uninstalling that too, and hav... Read more

A:Google redirect, fake virus warnings, Antivirus Plus popup, XP Security Center and other assorted issues

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 16 answers
RELEVANCY SCORE 62.4

i turn off the computer, only to turn it back on and find the little pop-up box in the lower right hand corner to say "Windows Security Alerts". so i go and turn the firewall and windows defender on, leaving only the virus protection to be turned on. but i cannot turn the virus protection on. i click 'on', 'apply', and 'ok' but it doesnt stay on. thats not all of it.
i will turn off my computer, only to turn it back on the find the exact same message in the corner. the firewall and defender have yet again been shut off. this happens everytime i restart. all of my internet protection turns off on restart and im not sure if there's a setting or something im missing.

i have run numerous virus scans with my Windows Live OneCare program, and also with Windows Defender but have found a clean computer.

i would think it would be some kind of virus, i have no friggin idea. hopefully its an easy fix.
 

A:Vunerable: Virus protection automatically shuts off

Read other 16 answers
RELEVANCY SCORE 62

Hello everyone.
I've done this before once last year and you guys saved my computer.. thanks for that.
I'm here once again with a different dilemma.

I've noticed today that I got a warning from my windows telling me I did not have my firewall "on". I don't know what happened as I never touch those settings.. but I went to turn it back on and it won't let me.. all I get is an error msg saying something like.." Windows cannot start the windows firewall/internet connection sharing service.. ERROR 2 ".

I've also noticed (today) that when I click on a Google result link, it does not take me to the link address.. instead, in redirects me to another place (directory?).... also, when I have my browser open while reading something, it automatically opens a new tab on my browser transferring me to who knows where out of the blue I use FireFox.

Another problem is that I almost always do a scan with Spybot (S&D) and it always finds the SAME problems and destroys them, but the problems keeps coming back over and over again
something called "Gamevance.Playsushi".. I have killed that thing like 100 times per day with spy bot and it still keeps coming back... I have tried to uninstall these gamevance but they are no where to be found in my system... I also downloaded today something called "housecall" to do a scan and found NOTHING... I've also scanned it with AVAST home edition and found NOTHING.

Only Spybo... Read more

Read other answers