Over 1 million tech questions and answers.

Can't get rid of Tuvaro - Redirects in Google Chrome

Q: Can't get rid of Tuvaro - Redirects in Google Chrome

I have a Windows 7 computer that has picked up avirus or malware of some sort.  Internet Explorer seems to work fine, but when I try to set a homepage in Chrome, I get an error message when I open Chromethat says "Your preferences can not be read"  It also redirects tohttp://www-search.net/search/search.html?ctid=CT3309521&searchsource=69&UM=2&lay=1.  I have tried the removal tutorials like this one(http://malwaretips.com/blogs/www-search-net-removal/) but nothing seems to work. 
 
I have also tried Trojan Killer. 
 
It seems that this was bundled with YTDownloader.  I have looked through the applications and I don't see anything suspicious left to uninstall either.
 
Thanks for any help you can provide. 
 
Here is the DDS Log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by DeVries at 8:10:14 on 2014-04-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2012.685 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\AppLifeUpdateService2\kjsausvc.exe
C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hudl Mercury\HudlMercury.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\20.4.0.40\ips\ipsbho.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.4.0.40\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Hudl Mercury] "c:\program files\hudl mercury\HudlMercury.exe" -startup
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5DC111B9-B6F8-4D3E-9216-49F1C683C953} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Authentication Packages =  msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1404000.028\symds.sys [2013-6-14 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1404000.028\symefa.sys [2013-6-14 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.2.1.22\definitions\bashdefs\20140319.001\BHDrvx86.sys [2014-3-18 1098968]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1404000.028\ccsetx86.sys [2013-6-14 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.2.1.22\definitions\ipsdefs\20140404.001\IDSvix86.sys [2014-4-4 395992]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1404000.028\ironx86.sys [2013-6-14 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1404000.028\symnets.sys [2013-6-14 339544]
R2 KjsUpdateService2;AppLife Update Service 2.0;c:\program files\common files\applifeupdateservice2\kjsausvc.exe [2011-8-2 12800]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\20.4.0.40\ccsvchst.exe [2013-6-14 144368]
R2 SMUpd;Search Module Update;c:\program files\common files\goobzo\gbupdate\smu.exe [2013-12-26 1741160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-12-10 108120]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2011-1-12 273448]
R3 SMUpdd;Search Module UpdateD;c:\program files\common files\goobzo\gbupdate\smw.sys [2013-12-26 31592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-9-4 219632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-12 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-3-2 14848]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2014-2-11 16128]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-2 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-26 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-04-04 23:35:17 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-04 23:35:12 -------- d-----w- c:\users\devries\appdata\local\temp
2014-04-04 23:19:10 98816 ----a-w- c:\windows\sed.exe
2014-04-04 23:19:10 256000 ----a-w- c:\windows\PEV.exe
2014-04-04 23:19:10 208896 ----a-w- c:\windows\MBR.exe
2014-04-04 22:19:31 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2014-04-04 02:23:22 -------- d-----w- c:\users\devries\appdata\local\Mozilla
2014-04-03 20:42:36 -------- d-----w- c:\program files\Anvisoft
2014-04-03 19:09:49 -------- d-----w- c:\programdata\GridinSoft
2014-04-03 16:54:32 290304 ----a-w- c:\windows\system32\subinacl.exe
2014-04-03 16:54:29 -------- d-----w- c:\program files\common files\Microsoft
2014-04-03 16:54:29 -------- d-----w- c:\program files\Adware-Removal-Tool
2014-04-03 03:01:46 -------- d-----w- c:\programdata\HitmanPro
2014-04-03 02:56:35 -------- d-----w- c:\windows\ERUNT
2014-04-03 02:52:12 -------- d-----w- C:\AdwCleaner
2014-04-02 02:14:32 -------- d-----w- c:\users\devries\appdata\roaming\Malwarebytes
2014-04-02 02:14:26 -------- d-----w- c:\programdata\Malwarebytes
2014-03-24 00:27:45 -------- d-----w- c:\programdata\pastaleads
2014-03-24 00:25:38 -------- d-----w- c:\program files\VideoLAN
2014-03-12 23:42:28 -------- d-----w- C:\history
2014-03-12 23:07:19 -------- d-----w- c:\program files\iPod
2014-03-12 23:07:06 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-12 23:07:06 -------- d-----w- c:\program files\iTunes
2014-03-12 22:52:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-03-12 22:52:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-03-12 22:52:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-03-12 22:52:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-03-12 22:52:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
2014-04-04 02:26:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-04 02:26:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-01 04:11:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-11 11:59:04 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-17 21:24:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 21:24:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-01-09 02:22:42 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-01-06 19:23:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH:  8:12:51.30 ===============
 

RELEVANCY SCORE 200
Preferred Solution: Can't get rid of Tuvaro - Redirects in Google Chrome

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Can't get rid of Tuvaro - Redirects in Google Chrome

sorry - double post

Read other 16 answers
RELEVANCY SCORE 72

I've tried multiple anti-everything programs from Super Anti-Spyware, Malwarebytes, ComboFix, Spybot S&D, and various online scans that have found nothing, or found something but never fully cleaned my system. For a week or two, Google was being redirected to various ad sites, but after my system was "cleaned" everything was fine. Now today, anything remotely related to Google won't load at all. I've tried to manually remove the TDSS google-redirecting virus, but I have none of the files that supposedly come along with the virus.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Des at 14:42:16 on 2012-02-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.1903 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\nvsvc32.... Read more

A:Infected with a virus that redirects Google, shows Google "not found nginx" also, no Youtube, Google Chrome or Google E...

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 38 answers
RELEVANCY SCORE 65.6

Hi, tried to solve this on my own for several days with not much success.

Running Windows XP SP3.

The problem started with Google Chrome, it stopped working one evening. The browser is stuck on an infinite loading loop but works when the "--no-sandbox" argument is added to the command line. Internet explorer worked fine. I did some googling on the problem and apparently it's either some anti-virus or a virus.

Switched to Opera browser. Got infected with ave.exe "xp total security". Ran Super Anti-Spyware/Malware Bytes/AVG 9 to remove. Seemed to be removed but I'm still getting google search redirects in Opera.

Downloaded and ran TDSSKiller. In safe mode, it detects nothing. In standard mode it detects a problem with Atapi.sys. The message is something like.

"Problems in memory 1/0/0
"Problems in files 1/0/1"

However, after every reboot, it's the same message.

Downloaded Gmer today and tried to run, in standard mode Gmer would crash with a BSOD, the BSOD flashed quickly so I'm unable to see what the exception was. Currently I'm running Gmer in safe mode.

Could use some help.

Thanks.

Read other answers
RELEVANCY SCORE 65.2

My wife unfortunately hit the wrong button and downloaded Tuvaro, malware that redirects your home screen in IE and Chrome to a Tuvaro Bing search. I've googled it, saw several fixes, and I think I've fixed most of the problem, but whenever I open IE or Chrome, it redirects to this Tuvaro screen.

The program no longer shows up as a current program, I think I've deleted it with Malware Bytes and SpyBot, but it continues to do it. I've search the registry for "tuvaro" and can't find it.

Is there anything that I can do to get it to stop?

A:Downloaded Tuvaro, malware, cannot delete, redirects.

Try using AdwCleaner from the Bleeping Computer site.

AdwCleaner Download

Read other 9 answers
RELEVANCY SCORE 64.8

I'm having an issue similar to this thread:
http://www.bleepingcomputer.com/forums/t/528423/tuvaro-www-searchnet-redirect-in-chrome-ff-ie/
 
Some free software I downloaded sneaked in some adware/malware/junkware/whatever-the-right term-is that causes all my browsers to go to "www-search.net/search/..." upon open of a new tab or launch of the browser. After my uninstallation efforts the program no longer appears to exist (isn't in the add/remove programs list anymore), but its most annoying feature remains.
 
Things I have tried:
(1) Removing the program causing the redirect via "Control Panel\Programs\Programs and Features"
(2) Downloading Revo Uninstaller pro and removing the program
(3) Shutting down all browsers, detecting via Malware Bytes anti-Malware, quarantining all infected items, restarting CPU.
(4) Downloading Revo Uninstaller pro and removing the program
(5) Uninstalling Google Chrome
(6) Downloading "sc-cleaner.exe" from this website and removing infected shortcuts.
(7) Various combinations of 1-7.
 
I have gotten to the point where running "sc-cleaner.exe" turns up 0 results and running Malware Bytes turns up 0 infected items. Then upon opening Internet Explorer my browser goes to my desired home page (Google.com). However, when I right-click on IE in the task bar to open a new Window, the new window redirects to the aforementioned "www-search.net/search/...", at which point all the infected items seem to come back (i.e., shortcut cleaner st... Read more

A:Tuvaro/ www-search.net redirect in Chrome

Hi biffgunderson and
May be Malwarebytes is not enough.Paste the log here where detection was.
How to open the log:
Open MalwareBytes Anti-Malware and then click on History
On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.
Go to the bottom left corner to Export and select Text File (*.txt)
Save it to the desktop
 
The log of sc-cleaner is on the desktop.
 
Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so
Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)
 
Please download Farbar Service Scanner (FSS) HERE and run it on the computer with the issue.
    Make sure the followi... Read more

Read other 12 answers
RELEVANCY SCORE 64.8

Hi,
 
I'm working on a very infected client's pc and was able to remove 2700+ infections/ malware via malwarebytes, combofix & tdsskiller.
 
So far, it looks pretty good but the tuvaro/ www-search.net redirect is persistant.  I changed my home page on FF to Google.com.  It will work fine for a bit...even after a restart but this morning I opened up FF again and it went back to the Tuvaro home page.  Chrome, I was able to get working....but soon after it changes back to www-search.net and crashes Chrome (Chrome encountered an error & needs to close), so I'm unable to get back into it even after a uninstall/ reinstall.  I've left Chrome uninstalled for now.  I'm hoping to get rid of this infection once and for all!
 
Below are the DDS logs and attached is the Attach.txt from DDS.  Thanks for the help!
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16540
Run by Luis at 10:11:13 on 2014-03-23
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3837.1362 [GMT -4:00]
.
AV: Norton 360 Premier Edition *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\... Read more

A:Tuvaro/ www-search.net redirect in Chrome, FF & IE

Hello drumr1829,Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.If you do not understand any step(s) provided, please do not hesitate to ask before continuing.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.  I will be analyzing your log. I will get back to you with instructions.Please download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Right click to ru... Read more

Read other 10 answers
RELEVANCY SCORE 64.4

Hello,

Whenever I search for things using Google, I sometimes end up getting redirected to random websites which have nothing to do with what I have searched. Update: It just happened with IE, so it's not just Chrome as it first appeared.

For example, I searched for some help about a problem I was having with Ableton Live (turned out to be PEBKAC, so it's unrelated) and I ended up getting "madwebplus(dot)com/search(dot)php" and "insideps2games(dot)com/search(dot)php" and when I tried to get here I got "badcredit-creditcards(dot)net/result(dot)php?Keywords=tech+support+guy&r=db8752b12af8e4f24b3549ad566de91dc8f1b5f7e6e246a4632487d1571c7e4cd5fdd271755d148d1ba39491f099a988&Submit=Go"

It's only started happening today, and as far as I can remember I didn't download anything before it started happening. All I have downloaded is Zonealarm, Spybot S&D and HijackThis and they were downloaded after to try to fix the problem.

Spybot Search and Destroy found nothing, and AVG Free found 2 things and fixed them, but the redirects are still happening.

Here's what AVG found, just in case it's relevant.
"C:\WINDOWS\system32\svchost.exe (2460)";"Trojan horse Generic16.AGNN";"Reboot is required to finish the action" (I did reboot)
"C:\WINDOWS\system32\jyku.fjo";"Trojan horse Generic16.AGNN";"Moved to Virus Vault"

Other threads with similar problems have told ... Read more

A:Google Chrome Google Search Redirects

Hey. The stickes say it's okay to bump if you've waited at least 24 hours and to be patient, so I have been. I'm being as patient as an avid internet user with dodgy internet can be
 

Read other 3 answers
RELEVANCY SCORE 64

Hi, i've been experiancing search engine redirects to a website called "searchignited.com". I've tried running malware bytes and spybot, but both came back empty. I'm running windows 7 32 bit, and the browser I am experiencing these problems on is google chrome. Any help or advice would be greatly appreciated, thanks.

A:Google chrome redirects

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 1 answers
RELEVANCY SCORE 64

Every web page has the same pop up add for VIdeo Jug (inluding this site). I am also being re-directed to seemingly random advertising/gambling pages.

I have Kaspersky Pue 3.0 which finds nothing nor has Adware Cleaner - any advice?

A:Pop Ups and redirects in Google Chrome

Could VideoJug be an extension you've added to the browser?  If so, you should be able to disable or delete from the browser settings.

Read other 6 answers
RELEVANCY SCORE 63.2

Hello i am having a problem with google chrome, when i enter a safe site it says "this web page contains malware...cdn.tongjii.us...", i cant get rid of it, and now the printer doesnt work on the network, i have a tp link router, i dont know what is happening.
The computer was scanned with ProcessExplorer(all clear), adware(all clear), malwarebytes(all clear) , hitman Pro (all clear), this only happens when enter to labrujula24.com and other sites alike.
it might be the router that does that crazy redirects???? i have read about router dns resolvers changed to custom dnss. by the way i have a static IP and port forwarded some ports.
Salutations and thanks.
PS: if i run IE it doesnt happen, it just happens in google chrome.
i attach a screenshot
Thanks in advance for any help. Really appreciated.

A:Problems with redirects in Google Chrome

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

Read other 2 answers
RELEVANCY SCORE 63.2

i posted here last week. did not get help for 3 days, posted in the "3 days" forum and was advised to start a new topic. 
 
here it is
 
have done multiple scans with malwarebytes anti malware(free)
 
and adwcleaner. 
 
it appears to happen randomly, and does not appear to be tied to any google extension.  Please help me with diagnosis and removal. 
 
 
w8.1 x64 
 
google chrome
 
8G ram
 
 
edit it has now affected my search engine preference. instead of going to google, (which is my preference in chrome) it goes to bing.  also..going to this site seems to trigger the redirect(ie if i type bleeping computer in the omni bar and hit enter, i get the redirect to canadaaltax)
 

A:google chrome redirects(canadaal tax and others). what is going on?

Hi -
Sorry that you were missed last time, as we are still adapting many programs to Win 8.1 -
Try these ideas for now -
 
Open your browser and disable (uncheck) all extensions. Make a list, then one by one, re-enable each extension to see if the pop-ups start appearing again with that particular extension. Once you identify the responsible extension...permanently remove it but let me know which one it was so I can update our lists.

* How to Disable Extensions in Google Chrome - How to Uninstall Extensions in Google Chrome
* How To Disable Individual Plug-ins in Google Chrome <- try only if the above does not work
* How to Disable Extensions and Plugins in Firefox - How to Remove Extensions/Uninstall Plugins in Firefox
* How to Disable Extensions in Internet Explorer
* How to Disable Add-ons/Extensions in Internet Explorer, Firefox and Google Chrome
* How to Disable all add-ons in Firefox, Internet Explorer
If the above did not resolve the problem, then create a new browser user profile.
* How to Create a new browser user profile in Google Chrome
* How to Create a new browser user profile in Firefox
* How to Create a new browser user profile in Opera, Internet Explorer, Firefox, Chrome

Read other 2 answers
RELEVANCY SCORE 63.2

Hi,

I have managed to get myself into a little bit of a pickle with some malware/trojan type thingy, and i can't seem to get rid of it. i have tried Spyware Doctor, McAfee, Malwarebytes, HitMan Pro etc and nothing is picking it up.

Chrome is not loading, i have switched to firefox, and theres all sorts of redirects and pop ups going on, it's impossible to work with. I can't seem to do a backup of my computer, but instead i have copied all my files to my work network.

PLease can you help? This is the logs


DDS (Ver_10-03-17.01) - NTFSx86
Run by rboyle at 11:05:48.94 on 25/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.1912.1095 [GMT 1:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k L... Read more

A:Google Redirects, chrome not working... Help please!

Hi,

Please do the following:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2



**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

Read other 4 answers
RELEVANCY SCORE 63.2

Hello, 
 
I've been asked by my neighbour to help him with his computer as it redirect to uk.search.yahoo.com/?type=937811&fr=spigot-yhp-ch instead of google. He has also been getting a lot of pop up adverts. Please can you help me help him!
 
Thanks!

A:Chrome redirects from google to yahoo

Hello witchetty, Lets do these and see how it is..First look in your Extensions for Google or Yahoo and any others you do not know and Disable or remove them.How to Disable Extensions in Google Chrome - How to Uninstall Extensions in Google ChromeClose and reopen the browser.If still redirecting....Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usual... Read more

Read other 9 answers
RELEVANCY SCORE 63.2

when i try to open google chrome, the page doesn't load. also when im on firefox, some of my google searches are redirected. my computer also makes a beep sound when im on firefox. spybot, symantec, and malwarebytes find nothing.

A:unresponsive chrome and google redirects

Hi,Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.-- If you encounter any problems, try running GMER in safe mode.-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side ... Read more

Read other 3 answers
RELEVANCY SCORE 63.2

When I try opening Google Chrome the page doesn't load. So sometimes there are Google redirects. So my computer makes the beep sound once or so often i have firefox open. i don't know what it is. what should i do?

A:Chrome unresponsive and Google redirects

spybot and malwarebytes dont pick up anything
help please

Read other 2 answers
RELEVANCY SCORE 63.2

Hi,
I've been trying for days to fix this.  I've tried many sets of instructions and still have most of the software installed (as you'll see).  When I run Avast Browser Cleanup, it tells me I have istartsurf and offers to remove it.  I agree but each time I run the cleanup app, it tells me I still have it.  And I know I have it as about every 3rd click seems to take me off to some random website.
 
I did clear a lot of the infection and re-set my home page but this remains. 
 
Thanks.
 
Peter.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2015
Ran by Peter (administrator) on LENOVO-PC (16-08-2015 20:32:04)
Running from C:\Users\Peter\Downloads
Loaded Profiles: Peter (Available Profiles: lenovo & Peter)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corpor... Read more

A:istartsurf won't go away. Getting redirects in Google Chrome or IE

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
<snip>

Reset Chrome...
Open Google Chrome, click on menu icon which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookieshttps://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"
Restart Chrome.
====
How is the computer running now?
 
Hi,
 
Thanks for the reply.  I was a bit naughty and just tried your last instruction as I'd not done anything like that before and it was pretty easy.  That seems to have stopped re-directs.
 
Thanks.
 
Peter.

Read other 4 answers
RELEVANCY SCORE 63.2

Hi,

I'm having redirect issues with google search in chrmoe and firefox. IE looks good so far. I didn't find any suspicious services in taskmanager to kill. I also looked at host file which is good.

Redirects are only around 2 in 5 clicks on search items in chrome and almost 4 in 5 clicks redirect in firefox.

Thanks,
RK

A:Google Redirects in chrome and firefox.

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 17 answers
RELEVANCY SCORE 63.2

Hi, I downloaded this VPN program that never worked and now every search I make from the chrome search bar redirects to this pagehttp://searchab.com/?aff=7&uid=00e18c73-5262-11e2-b378-f0bf975c6c16&q=[search entry]I've tried following the instructions from similar topics on this websites but it didn't work..Here are the logs : Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` AVG Internet Security 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java™ 7 Update 5 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 10.1.3 Adobe Reader out of Date! Mozilla Firefox 12.0 Firefox out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: = ````````````````````End of Log`````````````````````` DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.... Read more

A:google chrome bar redirects to searchab

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 18 answers
RELEVANCY SCORE 63.2

Ok I know that other people have posted the same problem, but as each computer is different I will post my issue and specs. I use google chrome and whenever I search items on google and try to click on the link it will redirect me to random sites until I click on the same link a couple more times until the actual website pops up. Now I read on another website that they just changed the "Manage Search Engines" in the Settings to "http://www.google.com" instead of just "google.com" to fix the problem. Initially it seemed to work, but then I tried clicking on a second link and the random website or "click.livesearchnow.com" would appear instead. So the problem was not fixed.

Forgive me I have run both hijackthis (at the advice of my friend)and combofix beforehand. Below you will find the logs for each program.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:18 AM, on 1/4/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EX... Read more

A:Google Chrome Redirects Links

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 25 answers
RELEVANCY SCORE 63.2

Hi,

The kids were playing on the pc and I'm experiencing the following:
1) Google results in Firefox are sometimes redirected to sites such as okab.com and regexp.com.
2) An additional tab will open in Firefox displaying a miscellaneous webpage.
3) Chrome will open but only display a white page.

In addition I also was infected with Sysinteral Anti-Virus but was able to eliminate that with Malwarebytes' Anti-Malware. However when I try to perform an update on Malwarebyte, the update will not work.

Below I've posted the DDS and attached the other files.

Thanks in advance for help/advice that can be provided.

Curt


DDS (Ver_10-03-17.01) - NTFSx86
Run by Curt at 20:27:59.71 on Mon 06/07/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.271 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Com... Read more

A:Google Redirects, Chrome Not Working

Bump please.

Curt

Read other 12 answers
RELEVANCY SCORE 63.2

Hi,

The kids were playing on the pc and I'm experiencing the following:
1) Google results in Firefox are sometimes redirected to sites such as okab.com and regexp.com.
2) An additional tab will open in Firefox displaying a miscellaneous webpage.
3) Chrome will open but only display a white page.

In addition I also was infected with Sysinteral Anti-Virus but was able to eliminate that with Malwarebytes' Anti-Malware. However when I try to perform an update on Malwarebyte, the update will not work.

Thanks in advance for any help/advice that can be provided.

Curt

A:Google Redirects, Chrome Not Working and More

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 62.8

hello my name is scot and this is my first post
 
                 I would like some help i just recently found my computer to be acting up i am running on windows 8 and i open chrome and i am redirected to tuvaro i have tried to do some steps i have found on Google to remove it but when i do delete some files named tuvaro or trovi they come back and not every time i close the browser but sometimes when i do a black window will show up titled goobzo and it will only show for a few seconds and then go away, maybe it is reloading the files i deleted please help i use computers very often but never had a problem like this.
 
                         any help will be greatly appreciated!

A:open chrome or internet explorer redirected to tuvaro, www.-search.net

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/540056 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 62.4

Hello! First, I want to say thanks so much for offering your time and expertise in helping out the masses and avoiding the headache that goes into clean installs. I try hard not to get infected, but it finally seemed to happen so I need help! Over the last week, I noticed that Google results in Firefox and Chrome intermittently redirect to spam sites- it was so subtle that at first I didn't realize anything was wrong but then finally caught on as it got more and more annoying. It seems like I have no other symptoms. I ran MBAM which came out clean and at this point I'm reaching out for help. Thanks in advance!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Igor Feinstein at 13:53:35 on 2012-06-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2233 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Wi... Read more

A:Intermittent Google Redirects in Firefox and Chrome

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 16 answers
RELEVANCY SCORE 62.4

Hi Guys,

I have a serious issue with respect to some hidden Malware. I have noticed that all Google Chrome searches are either ending up at www.samsung.com.au or some other websites which I don't even recognize. I had seen wkb.exe and wkm.exe (or something like that if I don't remember correctly) on my laptop as it slowed down considerably. Not sure where these files came from, but since they arrived, my laptop hasn't behaved properly. However, I got rid of these 2 along with another one in C:\Windows directory something named wmxvsys.exe (if I'm not wrong). I might not remember the correct names. Even though I removed these programs, Google Chrome searches have continued to go in the same direction as they were when these files were there.

Can I get someone to help me please to remove the hidden Malware? I sincerely appreciate all the efforts in advance. Please note that Hijackthis log is attached here with. Please also find below the Hijackthis log:-

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:35:49 PM, on 6/27/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility&... Read more

A:Google Chrome Search redirects all the time!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 14 answers
RELEVANCY SCORE 62.4

Lately i've been getting weird redirects from google searches that i usually search all the time, such as Facebook or Gamespot or IGN, and when i would click on the link I would get redirected to a very poor,sometimes advertising, made website and each time i would hit the back button it would automatically redirect me to another site or the same site. The only way i could get back to my google searches was by going to my history and going to the searches and the only way to avoid the redirects again was to open the link in a different tab.
Also, my Google Chrome Browser stopped working, only the bookmarks bar URL bar and Tabs show anything else below is completely white and anytime i try going to a different site it stays white.
I already downloaded Malware Bytes and did a complete scan and nothing came up, same with AVG and Spybot Search and Destroy.
I'm not sure what i need to do and i need help
Also, each time i restart my computer i have to restart it 3 or 4 times because each time i log on to my account the monitor is black. My windows theme will change randomly without me doing it from Windows Vista to Windows Classic
P.S.
I have Windows Vista, on a Desktop.
I do not know the exact problem, if you need any more information just ask.
Bumped Version*
 

Read other answers
RELEVANCY SCORE 62.4

I have this nasty redirect issue and have no clue how to remove it. Below is a copy of my DDS log. Basically whenever I type in a google search and I click on the link I am redirected to a different search page or a different product. About a week ago I got a Window Defender virus or something and I used system restore to go back to an earlier date. Skype will not load nor will Chrome.

GMER crashes when I try to run it.

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Greg at 18:39:29 on 2011-05-31
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2011.855 [GMT -7:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:... Read more

A:Google redirects me in IE8 IE9 Firefox, Chrome will not load

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Please download Rootkit Unhooker and save it on your desktop.Disable your security programsDouble click RKUnhookerLE.exe to run itClick the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it. Click CloseCopy the entire contents of the report and paste it in your next reply.Note - You may get this warning it is ok, just ignore it:"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"Please include the following in your next post:Rootkit Unhooker logThe Attach.txt log from DDS

Read other 14 answers
RELEVANCY SCORE 62.4

Hello, I've been trying to fix my parent's computer with little luck so I figured it was time to turn to you! Their computer has recently started re-directing to bogus sites from Google searches. Also, in some of my attempts to figure out the problem, I've found that it makes the browser think that either the site is down, doesn't exist, or something is wrong with the Internet connection. For example, I tried to go to avg.com to download avg and it said it couldn't find the site. This has also happened with sites like trendmicro.com and even bleepingcomputer.com. Most of the things I've tried I've had to do in Safe Mode with networking, as that's the only way I can get to these sites to download tools. So a couple other notes:1) the only browsers they use are Firefox and Chrome2) the download/installation of AVG did not get completed. Every time I try to install it, it says there's no internet connection. When I try in Safe Mode with Networking, it gets to a certain point then quits because of some VB error or something. I haven't been able to download the fix they recommend for that either.3) I downloaded and ran both dds and gmer, neither will complete for me. dds just gives me the prompt, then disappears, no notebook pages ever show up. gmer never seems to get through a complete scan without restarting the computer and aborting the scan or simply freezing. I have attached HiJack This and Malwarebytes logs as a starting point for ... Read more

A:Infected - Firefox/Chrome google redirects.

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please try running Gmer with only SECTIONS checked

Read other 13 answers
RELEVANCY SCORE 62.4

Hello. I am having problems with my browser getting redirected from Google searches to sites like "beesq.net" and others. It started with Chrome, which I stopped using after running Norton 360 scans and power cleaner, which did not fix the problem. Now I am getting the same redirects with IE and the browser is freezing up and running slowly. I went for help to the Norton forums and they suggested I try here. After reading some of the topics that seemed similar to my problem, I ran adware cleaner, which apparently found some issues but did not fix the problem. I realize I am in over my head and would appreciate any help! Thanks for considering.
 
k-lo
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by KEVIN at 10:20:53 on 2013-10-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.3015 [GMT -4:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k Local... Read more

A:browser redirects from Google searches on Chrome and IE

Hello k-lo195 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

Read other 48 answers
RELEVANCY SCORE 62.4

Yesterday I let a process through my McAfee advisor, it looked legit as I quickly read it. Antimalware Doctor came up, and stopped that knowing that things weren't good.

Since then my browsers have redirected. I had lost access to my registry editing. When clicking on links for searches for how to fix, I get redirected to other sites.

So things aren't too pretty.

I've since ran MalwareBytes Anti-Malware, Spybot S&D, and hijackthis. Still continues to exhibit the same issues. I have even tried GooredFix because I thought I may have the same issues as GooredFix.

I'm running Vista 32 home pro.

Thanks for your help.

Read other answers
RELEVANCY SCORE 62.4

HI all,
I am not sure what has infected my computer, but google chrome keeps on redirecting me and tons of pop-up ads are showing up on every page that I open! I ran Malwarebytes Anti-Malware, but it did not find anything.  I wish that I had more information, but I can't find out any more on my own.  Thank you in advance!
Vlad
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015 01
Ran by Vladmir (administrator) on KITCHEN (08-08-2015 20:14:11)
Running from C:\Users\Vladmir\Downloads
Loaded Profiles: Vladmir (Available Profiles: Vladmir)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(GeoComply) C:\Program Files (x86)\GeoComply\PlayerLocati... Read more

A:Uncontrollable ads and redirects in Google Chrome Windows 7

Hello dapko I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", t... Read more

Read other 9 answers
RELEVANCY SCORE 62.4

Hi,Any google links are redirected to various pages in both IE and Firefox. I usually use Chrome, but no pages are loading (no error messages either). Browsing is slow, and I'm getting a few popups. However, I seem to be able to run every program I've tried. MBAM finds nothing. Unfortunately, I can't seem to run the GMER scan - midway through the scan, I get a BSOD and computer automatically reboots. I can't run it in Safe Mode either - when I enter safe mode, as the drivers are being loaded, I get a BSOD and auto reboot. DDR scan is below, as well as HijackThis log. Thank you in advance for any help you can provide.DDS (Ver_09-12-01.01) - NTFSx86 Run by Ben at 21:08:50.98 on Sun 02/28/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1190 [GMT -6:00]AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpee... Read more

A:Google Redirects on IE & Firefox; Chrome never loads

I messed with the power settings on my laptop and got GMER to finish a scan. Log attached.

Read other 3 answers
RELEVANCY SCORE 62.4

Hello. Generally speaking, I handle my own problems. This one is out of my league apparently. I've been a guest-browser of this website for a long time. Thank you in advance for any help provided.  At some point, i failed to follow the cardinal rule when downloading and installing software: I clicked too fast. As a result I've obtained some form of adware that regularly redirects me to fake dialog boxes with phone numbers about virus removal and fake blue screen dialog boxes. The browser I use is google chrome. I have attached the documents requested as well as a combo-fix log. I read that I'm not supposed to run combo-fix without supervision after having already run it. Might as well include it since I have the log already. Again, thank you in advance for any consideration towards resolution.  EDIT1: I've also included a screenshot of one of the popups I get. This is probably the most common one. I hope this helps. EDIT2: I forgot that I ran AdwCleaner as well. I have included that log.Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-08-2015 02Ran by Beau (administrator) on CORTANA (12-08-2015 14:02:09)Running from C:\Users\Beau\DownloadsLoaded Profiles: Beau (Available Profiles: Beau)Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutori... Read more

A:Redirects and dialog box popups on google chrome

Greetings firefoot87 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pr... Read more

Read other 23 answers
RELEVANCY SCORE 62

Lately i've been getting weird redirects from google searches that i usually search all the time, such as Facebook or Gamespot or IGN, and when i would click on the link I would get redirected to a very poor,sometimes advertising, made website and each time i would hit the back button it would automatically redirect me to another site or the same site. The only way i could get back to my google searches was by going to my history and going to the searches and the only way to avoid the redirects again was to open the link in a different tab.
Also, my Google Chrome Browser stopped working, only the bookmarks bar URL bar and Tabs show anything else below is completely white and anytime i try going to a different site it stays white.
I already downloaded Malware Bytes and did a complete scan and nothing came up, same with AVG and Spybot Search and Destroy.
I'm not sure what i need to do and i need help
Also, each time i restart my computer i have to restart it 3 or 4 times because each time i log on to my user the monitor is black. My windows theme will change randomly without me doing it from Windows Vista to Windows Classic
P.S.
I have Windows Vista, on a Desktop.
 

A:Help! Weird Redirects and Google Chrome Browser Not Working!!

i waited for awihle to bump it
 

Read other 1 answers
RELEVANCY SCORE 62

I noticed some other people have posted the same problem and I can't figure out if it's been resolved so I decided to post for help directly. I read another post asking to follow steps 6-9 of the prep guide which I have done and included the results.

Basically, unless I type in a complete url or click on a bookmark, my Google search results are automatically redirected to either 404 Not Found nginx, or yahoo, or a number of other wacky sites. I am also unable to download any a/v security software (tried McAfee), or install any a/v secutiry software (tried ESET, AVG). The error says I do not have sufficient access to a particular file and must contact my system admin- which in my case is me. I can run the installer again to grab the file name if needed. I had ESET installed before this started happening and it was always coming up clean, and then I uninstalled it to re-install and it hasn't worked since, which would be within the last week.

Windows update is also dysfunctional; it gives me an error saying it cannot check for updates. I think that's the gist of it, happy to answer any questions and very, very grateful for any help.

BTW, I removed all the add-ons from Firefox and it was still happening. I finally ended up uninstalling it and using Chrome which is doing the same thing.

Thanks
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Advantage Media at 22:53:34 on 2011-08-07
Microsoft? Window... Read more

A:Firefox/Chrome Redirects Google Search Results

Also cannot turn on windows defender anymore. Firewall is functional.

Thank you

Read other 3 answers
RELEVANCY SCORE 62

have done multiple scans with malwarebytes anti malware(free)
 
and adwcleaner. 
 
it appears to happen randomly, and does not appear to be tied to any google extension.  Please help me with diagnosis and removal. 
 
 
w8.1 x64 
 
google chrome
 
8G ram
 
 
edit it has now affected my search engine preference. instead of going to google, (which is my preference in chrome) it goes to bing.  also..going to this site seems to trigger the redirect(ie if i type bleeping computer in the omni bar and hit enter, i get the redirect to canadaaltax)

A:Random "canadaaltax.com" redirects with usage of google chrome. Bug?

We are going to need to get a deeper look. Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.Let me know if all went well.

Read other 5 answers
RELEVANCY SCORE 62

Google Chrome has been consistently redirecting me at various links along with ads that appear near the bottom of my screen. Ads include yellowbook, searchfinder and many others.
thank you very much for taking a look at this problem
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by General at 22:23:06 on 2012-05-17
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.6049.3879 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\Sy... Read more

A:Infected with possible rootkey, google chrome redirects along with advertisements

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

Read other 25 answers
RELEVANCY SCORE 62

Hello All,

I am running Windows 7 64Bit and I was going along fine using Sophos Antivirus (full version on a corporate licence) and just the Windows firewall and Windows Defender. Some time ago Windows Defender stopped being usable, it would open for a second and then close; I updated it manually but it continued to do this (I tried to run it in safe mode but this seems not to be possible). Sophos was always up to date (daily checks) and never once picked up any problems and continued to appear to update and function normally.

In addition to Windows Defender not being usable I started to get redirects from Google Chrome searches. At first it was only results clicked on when I used the toolbar at the top to search Google that I was redirected. However now it is searches even from the Google website.

I have tried Malwarebytes, SpyBot Search and Destroy, Trend Micro online house call all to no avail. I also then ran a Microsoft Security scanner separate to their AV software with nothing found. I have most recently uninstalled Sophos and installed Microsoft Security Essentials in the hope it might find something. It disabled Windows Defender as expected in the "Services" but would not open. It does the same as Defender did, opens then closes a second later. So I manually updated MSE definitions from the download on Microsoft and ran MSE in safe mode; no problems found however.

So in complete frustration this now leads me here, having just gone out and purchased an e... Read more

A:Google Chrome Redirects and MSE opens then closes seconds later

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

Read other 12 answers
RELEVANCY SCORE 62

Win 7 pc where both google chrome and internet ezplorer have an ad at the bottom right corner. There are also link redirects that happen occasionally. I ran Norton anti-virus and nothing comes up.
Any help would be truly appreciated.

GMER "did not find any modifications" though most of the options were grayed out.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by MAIN at 12:18:49 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4863.2433 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows&... Read more

A:Internet explorer and google chrome redirects and bottom right ads

Hi junglernr,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

Read other 11 answers
RELEVANCY SCORE 62

Need help: Browser frequently redirects websites to "Oops! Google Chrome could not find ...."
 
Any help would be greatly appreciated.
 
 
This is the HiJack This log:
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:27:43 PM, on 6/13/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe
C:\ProgramData\GarenaCIG\3.0.919\GarenaCIG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files... Read more

A:Need help: Browser redirects to "Oops! Google Chrome could not find"

bump?

Read other 17 answers
RELEVANCY SCORE 61.2

Hiya! I hope you guys can help; my girlfriend is experiencing problems with her browsers redirecting to several malicious sites (such as get-answers-fast and infomash) when doing Google searches. Right now, only Chrome seems to have the issue, but Firefox and Internet Explorer both also had redirections.I asked her to run a Malwarebytes scan, and it found fsharproj (Trojan.BHO). However, the problem still persists. Any help would be greatly appreciated. She also has a Norton suite, and I asked her to scan with it, and it found ~20 things, all "fixed". The problem seems to be fixed in Firefox and Internet Explorer, but NOT in Google Chrome.As per instructions from the preparation guide, I have generated a DDS log. EDIT- I have generated a GMER log, and posted it after the DDS log and attached ark.txt.NOTE: When she ran GMER, she was not able to check anything else other than Services, Registry, Files, and ADS. (She was only able to select those options, and nothing else.)Here is my DDS log (and I have attached the Attach.txt):.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Stephanie at 13:16:01 on 2011-12-29Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.1707 [GMT -5:00].AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}... Read more

A:Google searches redirects to get-answers-fast, infomash in Chrome

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

Read other 20 answers
RELEVANCY SCORE 61.2

I have been having an issue on my new computer for a few weeks now. 
 
Whenever I try to type google.com into the Omnibox of Chrome I am taken to a Wikimedia Foundation page that says Unconfigured Domain. It doesn't happen all the time, but has been increasing in frequency.
 
I can go to images.google.com, then click Search and that will take to to Google.com but I cannot get there manually.
 
The issue is not present with Internet Explorer.
 
Here is a posting of DDS.txt as requested:
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16519
Run by Slaaneshae at 22:25:24 on 2013-03-31
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.32720.30808 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -... Read more

A:Chrome/Windows8: Google.com redirects to Unconfigured Wikimedia Domain

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Third party programs if not up to date can be the cause of infiltration an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).Please paste the logs in your next reply DO NOT ATTACH THEM.Let me know what problem persists.

Read other 8 answers
RELEVANCY SCORE 61.2

Hi there.
 
I was trying to reach Visiontek's main website today, so I did a Google Search for it in Chrome.  The results were as follows:
 

 
 
Seeing as I wanted to get on their main website, I clicked the first link (for www.visiontek.com), but it brought me here after a brief delay:
 

 
If I go ahead and type in the link directly into my address bar (www.visiontek.com) I can make it to the website just fine using Chrome.  I can also repeat this same process (Google Search for Visiontek followed by clicking on the link for the main website) in IE and it goes normally to the Visiontek website.
 

I am running Window 7 64 bit and have Chrome Version 27.0.1453.110 m.  I ran Malwarebytes Anti-Malware and it picked up nothing.  I paid for the active scanning version of this software, on the advice of someone on this forum.
 
What is the problem and how do I fix it?
 
Thanks for any and all information.

A:Google Chrome Search for Visiontek redirects me to Euro-Med-Online?

Hello, first look in the Plug ins area and see if there is something similar to those to disable. Disabling Plugins in Google Chrome. Then do these..Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Do not change the default options on scan results.Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.Last run ESET.Hold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip th... Read more

Read other 5 answers
RELEVANCY SCORE 61.2

Recently I enter a search in Google and instead of going to the result it redirects me to micro-avto-computer-check.cn and tells me that I have a virus and need to download a program to fix it.

Thank you!

DDS (Ver_09-12-01.01) - NTFSx86
Run by Gary at 23:48:30.37 on Sun 12/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1274 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:&#... Read more

A:Google Chrome redirects to micro-avto-computer-check.cn

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 10 answers
RELEVANCY SCORE 61.2

Hello Everybody.Let me start off by wishing all the members (specially the kind people who run this show) a MERRY X'MAS AND A HAPPY NEW YEAR!Lately, I have been having problems of chrome redirecting a link that I click. It happens randomly and the frequency seems of this happening has been increasing. It doesn't happen all the time but quiet frequently. The link that opens up is more or less a website that shows that my PC is infected with Viruses/malware/spyware and does a "scan" of my system to confirm it (ofcourse, its all nothing but a lame animation made to look like a real windows application). Edit:This link shows the screen that I get when I get redirected:http://www.breakitdownblog.com/redirected-...om-with-chrome/System Specifications:Win XP ProfessionalSP 3Chrome 4.0Here is the HijackThis log output:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:40:19 PM, on 12/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\P... Read more

A:Chrome redirects google results (and other links too) to some dodgy website

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 13 answers
RELEVANCY SCORE 61.2

Occurs: Search Engine Redirects (Yahoo/Google/etc. on IE/Firefox/Chrome)
Whenever I click on a link after using a search engine it redirects to spam/useless pages. I've tried numerous spyware removal programs with no success (include malwarebytes, spybot....) Any assistance is greatly appreciated. Thanks for your time. The following is my DDS log followed by the 2 requested attachments.



DDS (Ver_10-03-17.01) - NTFSx86
Run by MERAJUL ALAM at 11:22:39.29 on Thu 07/29/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2039.1178 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\s... Read more

A:Search Engine Redirects (Yahoo/Google/etc. on IE/Firefox/Chrome)

Welcome to TSF :)

Scan with RKUnHookerPlease download Rootkit Unhooker Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth. Uncheck the rest, then Click Ok.
Wait till the scanner has finished then click File, Save Report.
Save the report to your Desktop. Click Close.

In your next reply, copy and paste the contents of the log.

Note*** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!!
It is recommended to remove parasite, okay?"

Read other 9 answers
RELEVANCY SCORE 61.2

Sometime in late September/early October, my Google Chrome was getting redirected to a fake Comcast survey site at a rate of about once a day and I think it even changed the layout of YouTube. I was able to reset my settings, but I'm not sure if the problem is fixed, seeing as I've limited my use of Chrome during this time. I've used MalwareBytes, HitmanPro, rKill, tdsskiller, AdWCleaner, ESET, Reason Core and while they did find and remove some bad stuff, I'm not sure if the problem is fixed.
 
Here is the redirect that was involved, along with FRST and addition logs:
 
 
 
 

Read other answers