Over 1 million tech questions and answers.

Seekservice Redirect, Startup Issues, Browser issues

Q: Seekservice Redirect, Startup Issues, Browser issues

Alright I had some nasty infestations that I partially removed with a combo of Adaware, AVG, Spybot, MBAM and CCleaner. Now I"m suffering from

1) Seekservice.net browser and google redirect

2) Browser crashes and windows freezes

3) On startup it is trying to configure "Update 1/3" each time with no change or results

4) Intermittent inability to open taskmanager to close processes

Below is my log. I tried running the root program scan but it gives a message stating it doesn't support 64 bit OS's
DDS (Ver_09-12-01.01) - NTFSX64
Run by Shawn at 22:25:55.43 on Tue 12/15/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_15
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2938.1587 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Shawn\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files (x86)\aol\aol toolbar 5.0\aoltb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} -
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [Apoint] c:\program files\apoint\Apoint.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\shawn\appdata\roaming\mozilla\firefox\profiles\s15zypop.default\
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\shawn\appdata\roaming\mozilla\firefox\profiles\s15zypop.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\users\shawn\appdata\roaming\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\users\shawn\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2008-9-1 55024]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2009-11-29 422920]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2009-11-29 34248]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-11-29 470024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2009-11-29 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2009-11-29 285392]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-8-12 139808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-9-7 1153368]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\arcsoft\magic-i visual effects\uCamMonitor.exe [2008-9-1 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-8-12 407392]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-9-1 19456]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2008-8-12 300032]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-12 126976]
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\drivers\NETw5v64.sys [2008-4-28 4730368]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-8-12 11392]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2008-8-12 391680]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-8-12 36392]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2009-9-6 167424]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\sony\vaio media plus\SOHCImp.exe [2008-9-1 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\sony\vaio media plus\SOHDms.exe [2008-9-1 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\sony\vaio media plus\SOHDs.exe [2008-9-1 62752]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-9-1 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper64.exe [2008-9-1 107808]
S4 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files (x86)\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]
S4 RelevantKnowledge;RelevantKnowledge;c:\program files (x86)\relevantknowledge\rlservice.exe /service --> c:\program files (x86)\relevantknowledge\rlservice.exe [?]
S4 SeekService Service;SeekService Service;c:\programdata\seekservice\seekservice145.exe [2009-11-28 58880]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-12-15 04:23:58 0 d-----w- c:\program files\HijackThis
2009-12-14 01:06:45 0 d-----w- c:\program files (x86)\Trend Micro
2009-12-14 00:46:59 0 d-----w- c:\users\shawn\appdata\roaming\AVG8
2009-12-05 04:18:31 0 d-----w- c:\program files (x86)\Kudosoft
2009-11-30 08:21:07 0 d-----w- c:\windows\syswow64\spool
2009-11-30 08:21:06 0 d-----w- c:\program files (x86)\Windows Portable Devices
2009-11-30 08:21:05 0 d-----w- c:\program files\Windows Portable Devices
2009-11-30 08:20:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-30 08:20:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-30 08:03:35 37888 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-11-30 08:02:23 736256 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-30 08:02:23 555520 ----a-w- c:\windows\syswow64\UIAutomationCore.dll
2009-11-30 08:02:23 4096 ----a-w- c:\windows\syswow64\oleaccrc.dll
2009-11-30 08:02:23 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-30 08:02:23 315904 ----a-w- c:\windows\system32\oleacc.dll
2009-11-30 08:02:23 234496 ----a-w- c:\windows\syswow64\oleacc.dll
2009-11-30 08:00:46 92672 ----a-w- c:\windows\syswow64\UIAnimation.dll
2009-11-30 08:00:46 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-30 08:00:45 1164800 ----a-w- c:\windows\syswow64\UIRibbonRes.dll
2009-11-30 08:00:45 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-30 08:00:44 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-30 08:00:43 3023360 ----a-w- c:\windows\syswow64\UIRibbon.dll
2009-11-29 20:59:35 0 d--h--w- C:\$AVG
2009-11-29 20:59:27 12464 ----a-w- c:\windows\system32\avgrssta.dll
2009-11-29 20:59:26 470024 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2009-11-29 20:59:14 422920 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2009-11-29 20:59:12 34248 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2009-11-29 20:58:50 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-29 20:57:26 0 d-----w- c:\program files (x86)\AVG
2009-11-29 20:57:21 0 d-----w- c:\programdata\avg9
2009-11-29 20:38:52 0 d-----w- c:\windows\syswow64\vi-VN
2009-11-29 20:38:52 0 d-----w- c:\windows\syswow64\eu-ES
2009-11-29 20:38:52 0 d-----w- c:\windows\syswow64\ca-ES
2009-11-29 20:38:52 0 d-----w- c:\windows\system32\eu-ES
2009-11-29 20:38:52 0 d-----w- c:\windows\system32\ca-ES
2009-11-29 20:38:48 0 d-----w- c:\windows\system32\vi-VN
2009-11-29 19:24:39 0 d-----w- c:\users\shawn\appdata\roaming\IObit
2009-11-29 19:24:38 0 d-----w- c:\program files (x86)\IObit
2009-11-29 19:22:09 0 d-----w- c:\windows\pss
2009-11-29 19:18:49 0 d-----w- c:\program files (x86)\CCleaner
2009-11-25 08:01:33 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-11-25 08:01:33 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 03:27:25 1869824 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 03:27:24 1797120 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 03:27:23 1401856 ----a-w- c:\windows\syswow64\msxml6.dll
2009-11-25 03:27:22 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2009-11-25 03:27:11 880640 ----a-w- c:\windows\system32\timedate.cpl
2009-11-25 03:27:11 714240 ----a-w- c:\windows\syswow64\timedate.cpl
2009-11-17 16:47:41 0 d-----w- c:\program files\iPod
2009-11-17 16:47:29 0 d-----w- c:\program files\iTunes
2009-11-17 16:47:29 0 d-----w- c:\program files (x86)\iTunes
2009-11-17 16:24:06 0 d-----w- c:\users\shawn\appdata\roaming\Malwarebytes
2009-11-17 16:23:50 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-17 16:23:50 0 d-----w- c:\programdata\Malwarebytes
2009-11-17 16:23:50 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2009-11-17 16:07:17 112 ----a-w- c:\windows\wininit.ini
2009-11-17 15:47:28 441856 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-17 15:47:28 355328 ----a-w- c:\windows\syswow64\WSDApi.dll
2009-11-17 15:47:07 2751488 ----a-w- c:\windows\system32\win32k.sys

==================== Find3M ====================

2009-11-30 08:20:59 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-30 08:20:59 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-30 08:20:58 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-30 08:20:58 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-29 19:57:50 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-21 06:52:02 1147904 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:46:36 77312 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:46:36 132096 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:40:20 916480 ----a-w- c:\windows\syswow64\wininet.dll
2009-11-21 06:40:03 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2009-11-21 06:38:17 206848 ----a-w- c:\windows\syswow64\occache.dll
2009-11-21 06:35:43 5940736 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-21 06:35:38 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-11-21 06:35:38 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-11-21 06:34:58 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2009-11-21 06:34:39 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2009-11-21 06:34:39 164352 ----a-w- c:\windows\syswow64\ieui.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2009-11-21 06:34:38 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2009-11-21 06:34:38 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2009-11-21 06:34:38 11069952 ----a-w- c:\windows\syswow64\ieframe.dll
2009-11-21 06:34:33 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-11-21 05:07:24 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 04:59:58 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-11-21 04:59:52 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2009-11-21 04:59:14 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-11-03 22:03:09 32768 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-03 22:01:08 33792 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 21:43:29 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2009-11-03 21:42:10 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2009-11-03 20:07:16 620032 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-03 01:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-07 12:20:17 280576 ----a-w- c:\windows\system32\rastls.dll
2009-10-07 11:36:36 243712 ----a-w- c:\windows\syswow64\rastls.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\syswow64\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\syswow64\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\syswow64\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\syswow64\WPDShServiceObj.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\syswow64\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\syswow64\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\syswow64\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\syswow64\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\syswow64\PortableDeviceClassExtension.dll
2009-10-01 00:52:29 2727936 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 00:52:10 453120 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 00:52:02 34816 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 00:51:59 110080 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 00:51:54 573440 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 00:51:50 433152 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 00:51:46 218624 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 00:51:45 77824 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 00:51:45 113152 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 00:51:40 295936 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 00:51:40 107008 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 00:51:34 214528 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 00:51:33 75264 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 00:51:32 37376 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:27:43 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\syswow64\WindowsCodecs.dll
2009-09-25 02:10:01 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:09:10 411648 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\syswow64\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\syswow64\PhotoMetadataHandler.dll
2009-09-25 02:00:39 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:56:42 643072 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\syswow64\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\syswow64\XpsPrint.dll
2009-09-25 01:40:43 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:40:07 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:39:09 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\syswow64\OpcServices.dll
2009-09-25 01:36:16 262656 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\syswow64\XpsGdiConverter.dll
2009-09-25 01:36:08 1548800 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:35:49 328192 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:35:48 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\syswow64\XpsRasterService.dll
2009-09-25 01:34:58 1269248 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:33:48 792576 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\syswow64\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\syswow64\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\syswow64\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\syswow64\dxdiag.exe
2009-09-25 01:32:22 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:53 519680 ----a-w- c:\windows\syswow64\d3d11.dll
2009-09-25 01:31:53 196608 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:51 326656 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:47 625664 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:31:41 287744 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:31:36 981504 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\syswow64\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\syswow64\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\syswow64\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\syswow64\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\syswow64\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\syswow64\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\syswow64\d3d10core.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\syswow64\DWrite.dll
2009-09-25 01:26:38 47616 ----a-w- c:\windows\system32\cdd.dll
2009-09-16 01:15:48 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2009-09-16 01:15:48 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2009-09-16 01:15:48 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2009-09-08 02:49:33 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 22:27:27.44 ===============

RELEVANCY SCORE 200
Preferred Solution: Seekservice Redirect, Startup Issues, Browser issues

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Seekservice Redirect, Startup Issues, Browser issues

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------Please be patient and I'd be grateful if you would note the followingThe cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new DDS log (don't forget attach.txt)GMER logPlease do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box.Thanks and again sorry for the delay.

Read other 2 answers
RELEVANCY SCORE 73.6

I'm getting alot of redirects when searching the web, antivirus is finding nothing. If anyone could take a look at my HJT & DDS log and let me know if they see anything, I would greatly appreciate it.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:42:44 PM, on 10/4/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\NA\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896... Read more

A:Browser redirect issues

Read other 7 answers
RELEVANCY SCORE 73.6

Started out with obvious browser redirect issues, not just the usual search engine related page redirects, but also getting new window pop-ups to random pages while using form submit buttons on other pages (specifically, submitting posts on forums and clicking in browser games). The redirects aren't attempting to send me to one specific page, as much as the targets seem to be randomly selected.

Whatever it is, AVG can't find it. Tried Malware Bytes, both in and out of safe mode, had no luck. Tried a number of solutions listed online (including ones that found overlay.xul files and deleting related files out of the registry) that worked for other people, had no luck. Even did a reset to factory settings that didn't seem to catch whatever the problem was. Quite frankly, I've most or less exhausted every possibility I can think of, so I figured I should take it to people who actually know what they're doing.

Biggest problem at this point is that a number of suspicious issues have popped up since then (including trouble getting into safe mode at least once) that have me worried that other stuff has gotten in since, but the redirect is still the most blatant and obvious one I'm aware of, as well as the first one in (I think), so it's the one I'm most concerned about right now.

---

DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 17:49:05.12 on Fri 12/04/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959... Read more

A:Browser Redirect Issues

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 73.6

Whenever I run Chrome or IE, I am unable to reach a high percentage of the pages that I am trying to get to. It doesn't happen with all destinations, but most of the time it does. I am subsequently redirected to porn, bogus anti-malware pages, or erectile dysfunction pages. I've run Spybot as well as malware adbytes. Adbytes did find and clear several issues that I was unaware of, but not this one.

DDS (Ver_10-12-05.01) - NTFSx86
Run by Carrie's at 22:56:59.53 on Mon 12/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.1048 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.e... Read more

A:Browser Redirect Issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 25 answers
RELEVANCY SCORE 73.6

I hope someone can help me with a problem. I'm running Windows XP Pro on a Dell GX 270 desktop with a 3 gig P4 and a half gig of ram. Yes, I know I should have more memory. I recently was able to get out from under an "XP Defender Pro" problem I was having by following the steps on the "How to remove XP Security Tool..." page. Since then, I seem to have browser redirect issues. I mostly use Mozilla Firefox but the problem happens with IE and Google Chrome as well. Google searches are the worst. 50% of the time, I'm redirected to some sort of commercial enterprise page. If I backspace, I can sometimes navigate to the page I was after but sometimes I'm unable to do that. I ran rkill, which showed nothing but itself. I then ran mbam, which also showed no problems. I've also run AdAware, Spybod S&D and CCleaner. They show no problems. I run these cleaning programs at least once a week and I do download the latest updates. I have Spybot's and AdAware's real time protection activated. I have Avira Antivir for an antivirus program. All of this and the nasty stuff still gets through! I really hope someone can help with this, as my limited knowledge has been stretched to its limits.

A:Browser Redirect Issues

Hello and welcome. Let's run these next.Please read and follow all these instructions.Please download GooredFix and save it to your Desktop.Double-click GooredFix.exe to run it.A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to ... Read more

Read other 4 answers
RELEVANCY SCORE 73.6

I managed to get my laptop infected with something, and for the life of me, I can't figure out what it is. If I use the Google Toolbar to search, I get legitimate results, but when clicking on the result I'm redirected to random sites that are unrelated to the original result. I've tried running AVG, MalwareBytes, Super Spyware Blaster, in both normal and safe modes with minimal results...lots of tracking cookies, and that's about it. I've renamed MalwareBytes and Super Spyware Blaster and updated in hopes of catching the problem, but again, no results. I'm hoping you folks can help me out. Here are the logs you request. Thanks in advance for any help you can give!ETA: I am running Vista SP2.DDS (Ver_10-03-17.01) - NTFSx86 Run by Holly A. Reynolds at 20:57:02.84 on Mon 05/24/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.1169 [GMT -5:00]SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\Sys... Read more

A:Browser Redirect Issues

Hello Please do The following.It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the following Log From Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

Read other 16 answers
RELEVANCY SCORE 73.6

We've been having this problem a lot lately. The default homepage is being set to findwide.com which produces a lot of annoying pop-up ads, redirects and other unwanted activity. The kids have been playing a lot of games and whatnot recently so I'm concerned this might be generated from some sites they've been visiting.
This is a Gateway pc with Windows 7 home premium SP 1.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.17.2
Run by owner at 9:36:08 on 2013-12-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.5761 [GMT -8:00]
.
AV: Kaspersky Internet Security *Enabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost... Read more

A:Browser redirect/pop up issues

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, Kaspersky and Security Essentials.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

------------------------------------------------------

I need to see the log from gmer.

Download GMER Rootkit Scanner from here and Save it to your Desktop. Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
First, gmer will run a short, initial scan.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the... Read more

Read other 5 answers
RELEVANCY SCORE 73.6

I'm new to the forum and just installed and ran Hijack This. I am having issues with browser redirects when I do a search and click on a link (i.e. Click on a link for www.nada.com and it sends me to http://www.manufacturersdirectory.com/search-results.aspx?keywords=Nada). I am also getting a lot of popups that aren't being stopped by my popup blocker and my Spybot scans are showing no errors finally!

Any assistance will be greatly appreciated! I ran HijackThis and here is the Log File:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:49:59 AM, on 6/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\System Volume Information\Microsoft\services.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\System Volume Information\Microsoft\smss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\PD6000SM.EXE
C:\Program Files\BroadJump\Cl... Read more

A:Issues with browser redirect and pop-ups

Read other 7 answers
RELEVANCY SCORE 73.6

Hello everyone I am new to this site but was advised by a friend to check it out. I have a major problem I think. My browser keeps redirecting me when I search yahoo google and bing. I have read some of the articles here on it and downloaded ComboFix. I read the instructions that said I should ask for help before I use Combofix on my Laptop. So that is what I am doing asking for help. So if someone can please assist me it would be much appreciated. I am running windows 7 32bit on a toshiba Laptop L505D Satellite. I don't know much about computers but I do have AVG and Malwarebyte as well as System Mechanic from Iolos. none of these worked. Thanks to anyone for helping and have a great day.

A:Browser Redirect issues

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 73.6

Hello!

I'm running on Windows 7 and my default browser is Firefox. It would appear that I have been hit with these dreaded browser redirect problems that a lot of other people have been having.

Basically, whenever I Google something, the search results appear to be relevant and what I searched for, but when I clink on a link it will redirect to another page, sometimes totally unrelated to what the link should be taking me to and at other times just to other "search"-like pages for that topic.

To temporarily deal with it until I can fix the problem, I have the NoScript Add-On for Firefox enabled so that it doesn't do this. Also, occasionally a whole new window will pop up altogether with anywhere between 2 to 5 tabs of random pages, and these have been coming up even with the Add-On enabled, but not very often.

I admit that until this point, I haven't been great at keeping up with my computer's safety. I did install MBAM and ran both a quick scan and a full-scan. It did find a few infected files, but since those were taken care of, it's been running through clean. I also ran through TDSS on recommendation from another site, but that also found nothing.

I'm also experiencing problems making any changes to my Windows Firewall settings, it's coming up with an error message that says "Windows Firewall can't change some of your settings. Error code 0x8007042c"

Any help at all would be really appreciated in trying to fix ... Read more

A:Browser Redirect Issues

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administr... Read more

Read other 11 answers
RELEVANCY SCORE 73.6

Hello,

I am new to the forum and this is my first post. My computer was recently infected with Windows Diagnostic. I have removed this trojan with the instructions on bleeping computer. I am still getting some browser redirect issues. Seems to only happen with the first google search after opening a browser.

I have run hijackthis and would like to know if someone could analyze my results.

If anyone can help me out I will send the log. Thank you.

A:browser redirect, still having some issues.

For log analysis, pleae follow Steps 6-9 of Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html .

FWIW: Current backlog in the Malware Removal Logs forum is several days, with topics from 8-9 April currently at the top of the list.

Louis

Read other 2 answers
RELEVANCY SCORE 73.6

Running XP SP3. Had just come down with the "System Check" malware and did a system restore do the day prior to infection. Now, however, I have a browser redirect malware infecting my computer.

I tried running DDS and it runs for awhile, but eventually bogs down and my computer completely locks up, including a frozen mouse. The computer also takes about 10 minutes to boot, with "Services.exe" taking up quite a bit of memory and running for a long time.

Running GMer, I get a pop-up message: LoadDriver( "(C:\Temp\pftyypoc.sys") error 0xC000010E: Cannot create a stable subkey under a volatile parent key. Clicking OK to that message, it starts the pre-scan, but only gives me the following options to check, with the others being greyed out: Services, Registry, Files (C drive selected) and ADS. I am logged in with Administrator rights.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-04 15:16:00
Windows 5.1.2600 Service Pack 3
Running: vtim5xrm.exe; Driver: C:\Temp\pftyypoc.sys
---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\W... Read more

A:Browser Redirect and various other issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 3 answers
RELEVANCY SCORE 72.8

Hello,

Recently acquired two problems.

1. Getting browser redirects on all 3 browsers, Firefox, IE and Chrome. I ran Hijack this and found some files under "hosts" that I think might be the problem. I am posting the file log below for professional evaluation.

2. I keep losing my wireless connection at some point while using my pc. The error states that "generic host process for Win32 services has encountered a problem and needs to close" When I try to view wireless networks it says none are available. Yes my icon says the wireless connection is there. Guessing it isn't caught up to speed. Rebooting seems to be the only way to bring the connection back.....for a while.

Anyway, will post the hijack log in hopes someone can help me out of this crazy mess.

Kind Regards,

Patrick

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:54:48 PM, on 12/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\... Read more

A:Browser redirect & wireless issues

Hello and welcome to Bleeping ComputerI'm judicandus and I'll be helping you out.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and dou... Read more

Read other 2 answers
RELEVANCY SCORE 72.8

Hello and good-day/eve to all. I believe that my browsers have been infected. I usually use Mozilla aside from IE8. I've managed to clean out most of the attack, or so I believed with Malware bytes, SuperAnti-Spyware, and Spyware Doc. Just when I figure I have this thing beat, and can relax I randomly hear "Congratulations you've won!", or just a barrage of redirecting when I try to use IE or Mozilla. Here is the Hijackthis log, please let me know if you might need more information and thank you for your time.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:37:27 AM, on 7/1/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18928)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exeC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system... Read more

A:Browser redirect issues and possibly more

Hello orondeWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Download the following GMER Rootkit Scanner from HereDownload the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on RunIt may take a minute to load and become available.If it gives you a warnin... Read more

Read other 1 answers
RELEVANCY SCORE 72.8

Hi there.

Thank you, however looks at this problem.

My problem: Occasionally I am redirected to Scour.com after a Google search. I am fairly sure the link itself is pointing to Scour if I look at the tab and examine the link. My machine also runs slowly, but that may be because the install is over two years old.

I've noticed this only on my main PC, which is a Vista 64 SP2 PC. The other machines I use are two Windows 7 laptops and another Vista laptop, all 64 bit. I use them much less for browsing though, so my not noticing it may be simply due to that. I tend to use Firefox, and haven't noticed the issue on other browsers (I have IE, Chrome and Opera installed, all used occasionally).

All PCs have Windows update and are saying they're up to date. Three of the machines have Norton Internet Security installed on them, and one (one of the W7 laptops) has MacFeeOAS on it.

The main PC (where I've noticed the problems) has Spybot S&D installed on it, and I've just disabled TeaTimer and VirtualCloneDrive.

On the main PC I'd be prepared to install Windows 7 as a fresh install - I have been just about to get round to it for a year now. But, if possible I wouldn't do that just now as I use this PC for work, and it's not a great time.

I would also be worried about re-infection. As well as the PCs, I have a NAS on the network and frequently attach an MP3 player, a PMP player and two usb keys, plus four different CF cards that I use in my main camera and a SD card in my compac... Read more

A:Browser redirect (scour.com) issues.

BUMP, please

Read other 19 answers
RELEVANCY SCORE 72.4

Since I installed the newest software update on Monday, July 24th I have been having software issues with my inspiron 5559. I have Firefox, Chrome and (of course) Microsoft Edge and despite being connected to the intenet (wirelessly) Firefox and Edge will open but they will not fully start up. Chrome will start up, but when I type into the address bar, the letters will not appear nor will it load any pages. Additionally, some desktop apps will not open. Those that will open will not connect to the internet or they freeze. I cannot check or uninstall updates because the settings page freezes. I have, however scanned my computer and there are no viruses or security threats.

Read other answers
RELEVANCY SCORE 72

EDIT:MOVED to Virus,Trojan and Malware Removal Logs ~~boopmeLast night I started seeing the system check virus (multiple error screens, system check fake scanner, disappearing desktop icons and programs). I did a system restore and that seemed to remove these behaviors. Then I ran unhide.exe. Next I started seeing browser redirects when clicking on google search results. I ran Mbam and it found 3 files and removed them. A second scan did not find anything. Superantispyware found many tracking cookies and they were removed. I haven't rescanned with Superantispyware. I tried uninstalling chrome but when I went to download it again the url is being redirected to multiple urls and then landing on a fake download chrome page. I've exhausted all the methods I know of and now need some assistance tracking down whatever is still infecting this pc. Thanks!Another computer that shares my home network recently had the searchqu virus and browser redirects but that machine is now clean thanks to one of the experts here.Below is the DDS log..DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22Run by Sean K at 9:17:05 on 2012-03-21Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6055.3497 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3... Read more

A:system check and browser redirect issues

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Ba... Read more

Read other 22 answers
RELEVANCY SCORE 72

Hi All,

I have noticed a few strange things with my Firefox and Internet Explorer recently.

It started off about a couple of weeks back, but only with one or two sites. for some reason I couldn't get access to parked.com from Firefox, but I could with internet explorer. Likewise with Yola.com.

About a week ago or so I noticed a problem in Google searches. I'd click a link and instead of going to the site I'd get redirected to iSearchpile or Asklots or a similar sort of site. i also noticed that every now and again when I'd click a link in a forum or similar a new window would open at Google.

I activated noscript on Firefox and this seemed to identify the problem. When I'd click on a search, I'd go to a blank page first with a redirect message that noscript had blocked. after a while the search would open normally. Still copudln't get to some sites though and figured there must be a virus at work.

Ran symantec and it quarantined a couple of files which I thought would fix the probelm but it didn't. Ran Adaware and that also picked a few things up but again didn't fix the problem.

I've started to notice problem connecting and downloading from the internet now as well. I've tried to install Spybot Search and Destroy but it won't install properly, likewise Adaware says there's a connection error when I try to run the update feature. Symantec updated fine this morning but it seems that some software can't ... Read more

A:Browser Redirect / Connection issues - Virus?

removed by BC Moderator

Read other 2 answers
RELEVANCY SCORE 72

A little background- I run avast and spybot, and Norton personal firewall. As of Dec 12 I can no longer click search results (I get random websites) and poups appear at random intervals. Blocking the sites did not help. Computer is painfully slow, and occasionally I saw the modem showing activity when the computer should have been idle. I now keep the modem unplugged unless I am doing something online. I scanned with avast, then spybot. Some malware was detected and removed, but my issues resumed. Scanned with MBAM. Nothing detected. Attempted system restore with no luck. Tried trend micro housecall, but nothing was detected. Had a friend look at it, he installed something else, scanned my computer with it, nothing detected. Read somewhere to try scanning in safe mode, but found I cannot start in safe mode. Read some threads on here for people with similar issues but couldn't find the exact thing I am dealing with. Any help would be much appreciated. DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Owner at 20:37:00.23 on Mon 12/28/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.204 [GMT -5:00]AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: Norton Personal Firewall *enabled* {825036E0-9F94-4752-8789-8B92454AF49B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\... Read more

A:browser redirect issues, popups. please assist

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zip Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer screen.
... Read more

Read other 7 answers
RELEVANCY SCORE 72

Hi,

(Informational / discussion post)

I am currently experiencing issues with FF, when browsing links on Google and clicking them it redirects to avabon links.

There is very little info about this on the net, apart from several users on this site reporting the same issue.

I have disabled FF addons (FavIcon Picker 2, Java Quick Starter, MS .NET Framework Assistant 1.1, Ovi Maps Browser Plugin, PC Sync 2 Synchronisation Extension, and XMarks) and the issue has been mostly resolved, although my homepage (Google Search - hxxp://www.google.com/webhp?complete=1&hl=en) does not display the search box. Google.co.uk and google.com display and follow links correctly.

I will try to investigate the issue further, but just wanted to register and post here as it seems to be the most frequent place people are posting about this issue. I am surprised not to find more info about this issue on the web.

I have ran Malwarebytes Anti-Malware and SUPERAntiSpyware after seeing them mentioned on this site, and removed a couple of trojans, and also resolved issue of Windows Security Centre warnings being disabled.

Not sure where I picked these trojans up as FF is never used for browsing nefarious sites. I recently was trying to watch streaming TV and had blue screen issues after opening a site which opened many popups and tried to save files etc, resulting in a repair of Windows, this is my likely suspect.

Should probably re-enable Sophos

Other observations include:
browsing to avab... Read more

A:avabon browser redirect issues - further info

Turns out it is back even with addons disabled. But only for my homepage google suggest - first browsing to google.co.uk / .com seems to work.

Cheers

Read other 10 answers
RELEVANCY SCORE 72

Suddenly as of yesterday, my browser is redirecting through "excellentsearchserver.com" & "coolsearchserver.com". In addition I'm getting firewall blocks for standard items that I know are ok. The browser redirect is happening with both Firefox (6.02) and IE.

I have attempted the following to fix / circumvent:

Added the following to my Hosts file:
127.0.0.1 excellentsearchserver.com
127.0.0.1 coolsearchserver.com

Attempted to run Malware Bytes, however program started / then simply closed and then was unable to run again:
Error message: Window cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

Ran TDSSKiller.exe which found two issues: Unable to correct reappeared after re-boot.
1 - Malicious objects
Rootkit.Win32.ZAccess.e
Service Name: cdudf_xp S
ervice type: File system driver(0x2)
Service start: System (0x1)
File: c:\Windows\system32\drivers\cdudf_xp.sys

2 - Suspicious objects
Hidden File
Service
Service Name: 6eb96afe
Service Type: Kernel Driver(0x1)
Service Start: Demand (0x3)
File: c:\windows\4268407150:2437321985.exe
Below is DDS info

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Run by clausd at 11:15:51 on 2011-09-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3711.3123 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\... Read more

A:Browser redirect "excellentsearchserver.com" Firewall issues

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418797 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 34 answers
RELEVANCY SCORE 72

Hi, and thanks for helping.

I believe that I have one or more trojans/viruses, and don't know what to do about it.

Symptoms:

1. Browser redirection

When I do a google search, once I click on a link on the search results page, I am redirected to another website. This is true of FireFox, Internet Explorer, and Chrome. If I look at my browser history, I see, in chronological order:
- My google search
- Various "intermediate" sites that never show up on my screen. These are named things like "c.php" "r.php" "kkk.php" "findwhat.dll" "click.aspx" and, for the most part, have locations with IP addresses rather than names, such as hxxp://64.111.196.117. Some do have names, such as hxxp://meta.7search.com/...
- The site to which I am redirected. These have included hxxp://www.consumersdiscountrx.com and hxxp://vitanetonline.com

Occasionally, but not always, clicking on a link in the search results will lead to the browser closing down (no error message). Occasionally, this will lead to a McAfee pop-up with an On-Access Scan Message. This message has given me the following information:

a) Name: A0038971.exe. In Folder: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP381. Detected As: Generic.dx. Dete...: Trojan. Status: Deleted. Date and Time: 3/28/2009 4:31:10 PM. Application: C:\WINDOWS\System32\svchost.exe
b) Name: setup_u.exe. In Folder: C:\WINDOWS\system32\setu... Read more

A:Browser redirect and other issues: trojan/virus?

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

Read other 13 answers
RELEVANCY SCORE 72

Hello,First of all a huge thanks to the folks who work this forum and provide all the great assistance and expertise. I have had an issue for several weeks with both IE7 and Firefox redirecting to other pages. I have run a number of programs including Malwarebytes, Spybot S&D, BitDefender and ESET online scanners, and SUPERAntispyware. I have run most of them multiple times. I am also running McAfee Internet Security 2009 (up to date).The programs found and supposedly fixed or quarantined various things (I have most of the logs if needed) but the redirects are continuing, and I am also now having other issues. Frequently an instance of svchost.exe will show up in Task Manager as consuming a high percentage of the CPU, and keep it pegged to 100%. Often when this happens I will receive repeated messages from McAfee that it has blocked and removed a Trojan (sorry - I do not have a copy of this msg - I think the trojan name is usually GenericBackDoor-something), and the file name at the end of the path is svchost.exe. (part of the name in the path changes each time.) I can kill the process, but another one is typically spawned fairly quickly.Also sometimes the PC will just freeze and I have to cold boot. Following the instructions on the Preparation guide page - - I have enabled XP Internet Connection Firewall- I have run DDS and am pasting DDS.txt and attaching Attach.txt as instructed- I was unable to run DeFogger - it reboots the PC each time I try to run it- I was also un... Read more

A:Browser redirect, svchost.exe trojan, other issues

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malwa... Read more

Read other 28 answers
RELEVANCY SCORE 72

Hi
Thanks in advance for your help
Have followed advice and run defogger, DDS and GMER
Logs below/attached
Firefox started playing up with pages not loading or constantly being refreshed. Then google started sending me to all sorts of pages. Now browser struggles to load and crashes.
Not sure if it helps but pc crashed several times running GMER but finally got a complete scan.
Many thanks

A:Google redirect virus and browser issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 29 answers
RELEVANCY SCORE 71.6

Hello! For the past few days I've been having issues with Windows Startups; first a black error screen, then sometimes a blue one. Also all day today Google has been redirecting to a "302 this page has moved" screen. I'm running Windows 7. The only action I've taken is to run Webroot, but that didn't comeup with anything. Thank you in advance.

A:Browser redirects and Windows startup issues

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware,... Read more

Read other 10 answers
RELEVANCY SCORE 71.6

Well, Firefox has been crashing a lot, and when i boot my PC sometimes not all of my startup programs start. Furthermore, some of them do start, but dont show up in the systray for example. Ive reintstallled firefox, this has not helped. Ive scanned with Malwarebytes, AVG.
 
Thanks in adcance for the help.
 
------------------
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:03 AM, on 3/14/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
C:\!Tor Browser\App\vidalia.exe
C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
C:\Program Files (x86)\Bitcoin\bitcoin.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Users\Owner\Downloads\Torrentz_SeeDBoX... Read more

A:Browser crashes and startup issues / Win7

Hello jaswine Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at yo... Read more

Read other 33 answers
RELEVANCY SCORE 71.2

Hey guys,
Hoping you could help me with the remnants of a virus that is driving me absolutely crazy because I dunno if its still serious or not. My browser redirects me to random sites after clicking on a search result, happens with all my browsers and search engines. Below is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:43 PM, on 10/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files... Read more

A:Browser Search Engine Redirect Issues after Antivirus2010

Here is my gmer log as well....
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-28 09:52:03
Windows 5.1.2600 Service Pack 2
Running: fwpg5f68.exe; Driver: C:\DOCUME~1\Steven\LOCALS~1\Temp\uxtdypob.sys
---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA1466B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA146574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA146A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA14614C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA14664E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA14608C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA1460F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA14676E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA14672E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA1468AE]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\driv... Read more

Read other 2 answers
RELEVANCY SCORE 71.2

For the last week or so one of our computers has been getting a warning in the taskbar that says "Warning Spware Notice - Scan your computer now" and then a site opens where I'm directed to download software (PCPrivacy). In addition, whenever I click on a link after having done a Google search, rather than the site opening that I've selected - the browser is redirected to www.search-daily.com (to either one of the following: //201.218.196.152/click.php?c=21511a4b096241b2c66f4002&r=1, or //201.218.196.152/click.php?c=21511a4b096241b2c66f4002&r=2.Anyway, here's a copy of the HijackThis log - I'm hoping it may provide some insight into what's going on - I feel like I'm gong around in circles at the moment trying to rid us of this problem. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:51:51 AM, on 4/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files&... Read more

A:Ie7 Browser Redirect Issues & Spyware Notice Warnings - Can Someone Help Please?

Hello beejay0308,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 4 answers
RELEVANCY SCORE 71.2

DDS (Ver_09-02-01.01) - NTFSx86
Run by Muffy at 3:38:56.36 on 10/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2047.1406 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Razer\DeathAdder\razerhid.exe
D:\Program Files\Security Task Manager\SpyProtector.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Razer\DeathAdder\razertra.exe
D:\Program Files\Razer\DeathAdder\razerofa.exe
D:\Program Files\Azureus\Azureus.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Muffy\Desktop\spyware\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
mWinlogon: SFCDisable=-99 (0xffffff9d)
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,... Read more

A:[SOLVED] Can't update spyware + browser redirect issues

Because I can't update Adaware or superantispyware, I tried reinstalling them. Adaware doesn't start at all now and I still can't update superantispyware. About 50% of the time I am redirected to a random url when I click links from the search results of google in both firefox and ie.

Read other 3 answers
RELEVANCY SCORE 71.2

Hello! I am new to the forum and figured I should post here first before going to the Virus, Trojan, Spyware, and Malware Removal Logs forum.

I am running Windows Vista with 32-bit security on an HP DV9700 (which I hate, but do not have money to replace at the moment). I should mention that I do not have Windows back up/restore CDs or anything like that. My father purchased some sort of extended coverage (scam) plan from Staples but they are 1) useless and 2) take forever to send back the computer. I backed up all necessary files on an external harddrive a week or two before obvious virus problems started.

A few days ago, Security Suite reared its ugly, obnoxious head. I wrote down the long number that showed up when I hovered over the taskbar icon, closed the programme immediately with Windows Task Manager, and then couldn't find a trace of it when I searched my computer for it or Security Suite. I ran a full Malwarebytes scan in safe mode and that seems to have gotten rid of it. (I just read in the Malwarebytes alternative pinned topic that MBAM.exe is supposed to run in normal mode...woops. I need to buy a cooling pad before running that again as it makes my computer overheat unless I pause it frequently. Another curious note, Malwarebytes also seems to have fixed issues with my optical drive which had stopped working in early August. I had assumed that the physical drive was broken but it seems to have been something else. Since Malwarebytes fixed that, I wond... Read more

A:Possibly got rid of Security Suite, now have browser redirect issues

As you have an open topic here http://www.bleepingcomputer.com/forums/topic350116.html I am closing this topic.

Read other 1 answers
RELEVANCY SCORE 71.2

My older Mother has issues with browser redirect, very slow computer system, possible virus/malware?. She keeps rebooting but her computer freezes up and won't shut down. Below are the various logs:

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) 64 Processor 3800+, x86 Family 15 Model 95 Stepping 2
Processor Count: 1
RAM: 446 Mb
Graphics Card: NVIDIA GeForce 6150 LE , 256 Mb
Hard Drives: C: Total - 143846 MB, Free - 125707 MB; D: Total - 8762 MB, Free - 568 MB;
Motherboard: ASUSTek Computer INC., NAOS, 1.05, MS1C6AS00302402
Antivirus: AVG Anti-Virus Free, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:04:40 PM, on 12/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C... Read more

A:Browser redirect/virus/malware issues that I can't solve on my own

Read other 16 answers
RELEVANCY SCORE 71.2

I ran CCleaner, Malwarebytes(found some threats) Super antispyware, WIndows Defender and ESET(found threats). ran DDS as instructed but stalls during scan and even adfter 20 minutes, no logs, just a blinking cursor. Have not run GMER yet. please helpThank youLogfile of Trend Micro HijackThis v2.0.4Scan saved at 1:34:52 PM, on 3/21/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\E_S00RP1.EXEC:\Program Files\Hotspot Shield\HssWPR\hsssrv.exeC:\Program Files\Hotspot Shield\bin\hsswd.exeC:\Program Files\Java&#... Read more

A:Trojan downloader found and browser redirect issues

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

Read other 32 answers
RELEVANCY SCORE 71.2

Hi. I've been having issues for the past few days. Sometimes when I search for something in Google, Yahoo, etc., I will get a popup when I click on the link. Sometimes it redirects me to other sites, but it only does that if I open the search link in my current tab. If I open it in a new tab, it never redirects. Again, it only redirects some of the time, too. Sometimes, it takes me to the actual linked site without a problem. Some of the redirects have been to sites starting with the following:
63.209.69.107
logged.xe.cx
star.feedsmixer.org

Recently, my computer was giving me a blue screen when I would try to put it to sleep, but I could never see the actual message because it would reboot immediately. That seems to have stopped now, so I don't know if it was part of the problem or not.

I went to check on Windows Firewall only to find that it has been disabled, and I'm being prevented from re-enabling it. I know it was enabled before.

I'm having issues when I try to view my network. I can connect to the internet just fine, but when I go to the actual network folder, all I see is the router, not the other computer on the network or the printer that I installed recently. Because of that (I'm assuming), I can't print anything. Again, I don't know if that's a symptom of this infection or if it's something else. Also, often when I go to the network folder, it won?t load anything in the window at all. On the program bar, it just shows that the... Read more

A:Browser redirect, disabled firewall, network issues, etc.

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated f... Read more

Read other 6 answers
RELEVANCY SCORE 70.4

System Information
==================
OS Name Microsoft? Windows Vista? Home Premium
Version 6.0.6001 Service Pack 1 Build 6001
System Dell Inc. - Inspiron 1520 - X86-based PC
Processor Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz, 2001 Mhz, 2 Core(s), 2 Logical Processor(s)
BIOS Version/Date Dell Inc. A04, 11/05/07
SMBIOS Version 2.4
Boot Device \Device\HarddiskVolume3
Hardware Abstraction Layer Version = "6.0.6001.18000"
Installed Physical Memory (RAM) 4.00 GB
Total Physical Memory 3.50 GB
Available Physical Memory 1.94 GB
Available Virtual Memory 5.41 GB
Browser: Internet Explorer 7, Google Chrome

================================

I am unable to update Windows, Office, my anti-virus (pc-cillin) and Windows Defender.
With Microsoft updates, none of my browsers open the update websites.

I also experience some kind of redirect bug on both browsers. I click on a link but an entirely different page opens up. I used to be able to use the "back" button to go to the original page as as workaround but that doesn't work anymore.

About the same time as my above workaround stopped, I also noticed that my computer stopped recognizing my CD/DVD writer. I'm going to call Dell about this problem (on Monday) but I thought I should mention it here in case it's all connected.

A:3 issues: Unable to update, Browser redirect bug, CD/DVD drive disappeared

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 70.4

HELP - I am having big time issues - my favorites work, but anytime i do a search - it redirects. I looked and there is no HOSTS file in the drivers/etc folder. I don't know if this even matters, but they got me and I need your help to eradicate this problem. I am ready to post any logs you need, just tell me where to begin.

IN advance - thanks so much for you help!

A:Browser Redirect - syswow64/ping.exe issues and killed by rkill

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these stepsDownload and run OTLDownload OTL by Old Timer and save it to your Desktop.Double click on OTL.exe to run it.Under Output, ensure that Minimal Output is selected.Under Extra Registry section, select Use SafeList.Click the Scan All Users checkbox.Under the Custom Scan box paste this in

%TEMP%\smtmp�... Read more

Read other 3 answers
RELEVANCY SCORE 70

Previous thread: My linkI was having some issuses with my browser redirecting (mostly just with Google) and Windows startups. I followed all of steps I was given in my previous topic; ran Security Check, Farbar Scan, Minitoolbox, MBAM, aswMBR, and my Webroot. MBAM found a Trojan but each time I removed and restarted, it came back. Webroot seemed to remove it for good, but I'm still getting a notification from MBAM on my toolbar about a malicious website..DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514Run by Owner at 1:03:57 on 2012-01-17Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2002 [GMT -5:00].AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files\Webroot\WRSA.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\R... Read more

A:Browser redirects/ Windows startup issues/ Trojan svchost.exe

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 16 answers
RELEVANCY SCORE 69.6

I am constantly getting "generic host win32" error which causes my computer's internet to stop running and internet explorer to change the way I view it. Internet explorer and firefox also redirects after i click a link when i do a search. I have sp3 installed and have run many malware programs. please help.

A:generic host win32 error and internet browser redirect issues

Please download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan
Only if Malicious objects are found then ensure Cure is selected
If suspicious objects are found select skipThen click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)

Read other 1 answers
RELEVANCY SCORE 69.6

Having a number of Internet Explorer functionality problems and tried almost every options setting change to get it back. Get a http://runonce.msn.com/runonce2.aspx white screen at launch. Can nav through most websites but any redirects, vids, ebay, etc.. all crap out. Think it could be WMP11, Vista, Explorer changed settings linked.

Also tried re-registering regsvr32 jscript.dll and regsvr32 vbscript.dll but get loaded but call to DllRegisterService failed with error code 0x80004005 for both.

I am not sure if my McAfee Total Protection did something and it took me a while to get that thing uninstalled completely. I am not planning on doing new install until I can somehow get Explorer back up. All other computer functions are normal. I am using Firefox now and really don't mind it but hate to have anything not working on my PC.

PC is 2007 Dell Intel 2 Core Duo 1.86 2GB RAM and, painfully, running on Windows Vista 32. Any help on this or anything else you can see in my HJT would be greatly appreciated! Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 10:48:13 PM, on 2/24/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\sttray.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 69.2

A week ago, I got the Windows Recovery virus. After lots of work and many different scans, I think it's gone. But now I am having a google redirect issue on both IE and Firefox. It redirects to this site: http://www.bing.com/?pc=ZUGO&form=ZGAPHP

I am not all that computer literate, so your help is very appreciated!

My DDS log:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Joey at 22:54:44 on 2011-05-27
Microsoft? Windows Vista? Business 6.0.6002.2.1252.1.1033.18.3070.1728 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32�... Read more

A:Browser hijacked (Google redirect) and other post Windows Recovery virus issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 20 answers
RELEVANCY SCORE 68.8

Everytime I do a search, I click on the links and am redirected to different nonsense websites. Most of these websites are about making money from home, entering a contest or telling me I am a winner of something. I also cannot download any new games from a gaming website. My computer is running very slow and it seems to be getting worse by the day. I have ran several programs to fix this and nothing is found. Can these logs tell anyone anything? Everytime I run the GMER program I get the blue screen so I do not have those logs, sorry.DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 17:54:49.51 on Sun 07/11/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.307 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Sys... Read more

A:Search Engine redirect issues issues! Virus? Malware?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 68.4

When I click on a result from a search engine I am sometimes redirected and there will be a blue loop icon or a green globe icon in the top corner of my browser tab. Also, I sometimes get random popups, my connection has slowed considerably and my browser (firefox) often times out. I am running windows XP but sometimes when I log in it has the appearance of windows2k (gray boxy toolbars and window borders).I have run malwarebytes, spybot s&d, avg and superantispyware with no success.Here is my hijack this log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:10:49 PM, on 6/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WI

A:Search results redirect + popups + slow internet connection + browser functionality issues

duplicategringo

Read other 1 answers
RELEVANCY SCORE 68.4

When I click on a result from a search engine I am sometimes redirected and there will be a blue loop icon or a green globe icon in the top corner of my browser tab. Also, I sometimes get random popups, my connection has slowed considerably and my browser (firefox) often times out. I am running windows XP but sometimes when I log in it has the appearance of windows2k (gray boxy toolbars and window borders).I have run malwarebytes, spybot s&d, avg and superantispyware with no success.Here is my hijack this log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:10:49 PM, on 6/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WI

Read other answers
RELEVANCY SCORE 68.4

When I click on a result from a search engine I am sometimes redirected and there will be a blue loop icon or a green globe icon in the top corner of my browser tab. Also, I sometimes get random popups, my connection has slowed considerably and my browser (firefox) often times out. I am running windows XP but sometimes when I log in it has the appearance of windows2k (gray boxy toolbars and window borders).I have run malwarebytes, spybot s&d, avg and superantispyware with no success.Here is my hijack this log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:10:49 PM, on 6/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WI

Read other answers
RELEVANCY SCORE 68.4

When I click on a result from a search engine I am sometimes redirected and there will be a blue loop icon or a green globe icon in the top corner of my browser tab. Also, I sometimes get random popups, my connection has slowed considerably and my browser (firefox) often times out. I am running windows XP but sometimes when I log in it has the appearance of windows2k (gray boxy toolbars and window borders).I have run malwarebytes, spybot s&d, avg and superantispyware with no success.Here is my hijack this log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:10:49 PM, on 6/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WI

Read other answers
RELEVANCY SCORE 68.4

When I click on a result from a search engine I am sometimes redirected and there will be a blue loop icon or a green globe icon in the top corner of my browser tab. Also, I sometimes get random popups, my connection has slowed considerably and my browser (firefox) often times out. I am running windows XP but sometimes when I log in it has the appearance of windows2k (gray boxy toolbars and window borders).I have run malwarebytes, spybot s&d, avg and superantispyware with no success.Here is my hijack this log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:10:49 PM, on 6/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svc

A:Search results redirect + popups + slow internet connection + browser functionality issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note**Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Note**Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' messa... Read more

Read other 15 answers
RELEVANCY SCORE 68.4

When I click on a result from a search engine I am sometimes redirected and there will be a blue loop icon or a green globe icon in the top corner of my browser tab. Also, I sometimes get random popups, my connection has slowed considerably and my browser (firefox) often times out. I am running windows XP but sometimes when I log in it has the appearance of windows2k (gray boxy toolbars and window borders).I have run malwarebytes, spybot s&d, avg and superantispyware with no success.Here is my hijack this log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:10:49 PM, on 6/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WI

Read other answers