Over 1 million tech questions and answers.

teen-biz pop-ups & redirects

Q: teen-biz pop-ups & redirects

i am posting on behalf of a friend who, unfortunately, due to being to occupied with family concerns, is unable to log on and post for herself. therefore, i am trying to find out whatever i can for her. her problem (or at least the most bothersome thereof) is being constantly & frequently bombarded by pop-ups & redirects apparently associated with http://teen-biz.com

she has already downloaded, installed and regularly updated and run spybot, adaware as well as hijack this. unfortunately she is still being tormented by having her children be subjected to the extremely profane visual & text attacks that teen-biz seems to feel compelled to launch at every opportunity. as you can see from the following hijack log, teen-biz was found:

Logfile of HijackThis v1.97.7
Scan saved at 11:43:52 AM, on 1/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sony\Net MD Simple Burner\NetMDSB.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Limore\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://teen-biz.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://teen-biz.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://teen-biz.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://teen-biz.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://teen-biz.com/
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - Global Startup: winlogon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdq/downloads/sysinfo.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdq/downloads/msxml4.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9F478E6-6066-4263-8113-E676826B9E8B}: NameServer = 212.150.48.169 206.49.94.234

she has deleted all references to http://teen-biz.com, but still teen-biz attacks have not abated. does anybody here see anything that might be resposible for the continued assaults? also, i was wondering if the webshots screensaver download program could possibly be causing, or at least opening the way for teen-biz or other such malicious intruders? another question, that has been on my mind is: could it be possible that by using incredimail rather than outlook express or some sort of webmail (i noticed many incredimail references to incredimail download/install functions), she is making or leaving herself more vulnerable to these types of attacks? i have seen that you guys here almost always seem to be able to get to the root of the matter and to get the job done when it comes to resolving persistent problems like this, so i thought maybe you would know something about it. also, from the hijack log i have submitted, do there seem to be any indications of the presence of cws, peper, or any other trojans that you know of? i thank you very much for your time and assistance

beau909

RELEVANCY SCORE 200
Preferred Solution: teen-biz pop-ups & redirects

I recommend downloading and running Outlook PST Repair. It's a PST repair tool that I've used it in the past to recover emails, contacts, tasks and notes from corrupt Outlook files that are damaged or inaccessible. Supports Outlook 2000, 2002, 2003, 2007, 2010 and 2013.

You can download it direct from this link http://goo.gl/1bjhSi. (This link will automatically start a download of Outlook PST Repair that you can save to your computer.)

A: teen-biz pop-ups & redirects

Read other 7 answers
RELEVANCY SCORE 45.2

hey guys, everytime i start my computer my home page has been changed to teen-biz. also websites have been added to my favourites list. when i shutdown iget a window come up that says Win Min not responding. and sometimes it says NVIDEA twinwindow not responding. I have tried Spy-bot, adaware 6, cwshredder they get things sometimes but when i reboot its all backthere again. i tried Hijack this and this is what i got.
Logfile of HijackThis v1.97.7
Scan saved at 2:02:16 PM, on 28/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSv... Read more

RELEVANCY SCORE 45.2

I'm having the same problem as many others are. Teen biz defaults when i open IE and win min comes up when shutting down. I've included the hijack info that I scanned off of my machine.

Thanks in advance for your help

Logfile of HijackThis v1.97.7
Scan saved at 7:12:14 PM, on 1/6/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Program Files\McAfee\QuickCl... Read more

A:teen biz and win min

Get the CoolWebShredder from this site, update and run it with the browser closed. Then reboot and check and "fix" any of these entries which remain in HijackThis:

http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://teen-biz.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://teen-biz.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://teen-biz.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-1.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://teen-biz.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://teen-biz.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
O4 - HKLM\..\Run: [WinAuth] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\winlogon.exe

O4 - Global Startup: winlogon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

teen-biz has taken over the search engine; the home page, etc on Internet Explorer.

The log is shown
Logfile of HijackThis v1.97.7
Scan saved at 8:53:08 PM, on 12/8/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SpyKiller\spykiller.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\home\Local Settings\Temp\Temporary Directory 1 for hijac... Read more

A:teen-biz

I would appreciate your help
 

Read other 2 answers
RELEVANCY SCORE 45.2

I have had trouble recently with my homepage and serch engines. They have all changed to some teen-biz page, and I am continually getting new sites in my favourites list, and all my sites are deleted. I have run Hijack this and CWShredder. I was wanting to know if there is anything else I need to do.
Thanks

Here is the log:
 

A:teen-biz bug

log posted so we can see it
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\NVIDIA\VI_GRM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\SYSTEM.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wynnumvikings.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://teen-biz.com
F1 - win.ini: load=C:\NVIDIA\vi_grm.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

My daughter is wanting a new laptop that will run the game Star Wars The Old Republic.
The system requirements are :
Processor: AMD Athlon 64 X2 Dual Core 4000+ / Intel Core 2 Duo 2.0 GHz or better
Operating System: Windows XP or later
RAM: 2gb
Video Card: min256 MB on-board RAM and support for Shader 3.0

I am looking at HP 17.3" HD+ Notebook 17-x047cl, Intel Core i3-6006U DC Processor, 8GB Memory, 1TB Hard Drive, Backlit Keyboard, Optical and need to know if it fits the requirements
 

Read other answers
RELEVANCY SCORE 44.8

I have an almost 13 year old granddaughter that is very good with logic puzzles and loves the computer and stated an interest in learning how to program games.
While I know my way around the PC, I've never done much in the line of programming. I am considering on buying her for Christmas a beginners guide to C++. My thinking is if she's going to learn she might as well gain some real life experience she can use as opposed to getting her a book on basic or something like that.
My question is two fold to you programmers. Is C++ going to be too difficult for a kid her age? And secondly any other recommendations for a simple C++ book or other suggestions if I'm not on the right path thinking about C++. I did find the MS visual C++ compiler that I downloaded for her and a beginners video from the MS website to supplement the book.
Any help will really be a appreciated.
Floyd
 

A:Help for my teen granddaughter

Read other 9 answers
RELEVANCY SCORE 44.8

From my teenage girl's computer, though I don't know what I'm looking at, I can see a huge difference in these logs between my computer and hers. It's acting really funny, as well!

Logfile of HijackThis v1.99.1
Scan saved at 2:29:53 PM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\MyWay\bar\7.bin\mwsoemon.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hdqqtkfydmaqwdnasek.net//...SOLoI9VCx.html
R0 - HKCU\Softwar... Read more

A:Hijackthis-what has my teen done?!

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes..

Download any of the required programs before attempting to start any of the fixes.


Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check ?Turn off System Restore?, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.

SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

If you hav'nt already done so,download and run AboutBuster & CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.




How to install and run CWShredder

Download CWShredder
Choose the stand alone version. This is free.
Save cwshredder.exe into its own directory, NOT in a T... Read more

Read other 1 answers
RELEVANCY SCORE 44.8

I have run Hjt and saved the log. I have also red the other posts I could find regarding this issue. It seems my problem is a bit different than the others.

I do have winlogon.exe in my startup folder, but I can not delete it. It says the file is in use. There are multiple user accounts on this PC, 3 to be exact. The log file from Hjt is below...

TIA
Vince

Logfile of HijackThis v1.97.7
Scan saved at 3:23:20 PM, on 12/16/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\WIN... Read more

A:New Win Min problem with teen-biz.com

Read other 11 answers
RELEVANCY SCORE 44

Hello, folks.
My teen can't get enough of MySpace, YouTube and associated activities. The more she uses them, the more I have to keep cleaning out Virtumonde, Smitfraude, etc. malware that keep repeatingly placed on my PC. I'm tired of the junk! How can she keep using her favorite sites without junking up the PC with malware? I am running Win XP, antivirus is Panda Internet Security (which I love 10x better than Norton or McAfee) plus I also clean out with Spybot often (probably need to do this more often). What guidelines can I give my teen to help prevent malware? She also IM's a lot, and I'm gonna tell her about not clicking on IM links.
Frustrated Mom

A:Keep Getting Reinfected When My Teen Uses Myspace

Do you use the Firefox browser? That will definitely help. You're more likely to get infected on myspace using Internet Explorer.

Spybot is pretty ineffective these days. It was decent several years ago, but now I'd recommend Malwarebytes or SuperAntiSpyware.

Read other 4 answers
RELEVANCY SCORE 44

Toshiba 1.8Ghz laptop
4 GB RAM (recent upgrade to memory 2x1GB, machine only sees 3GB, I can't find the cause, any advice most welcome)
160 GB HDD
Windows XP Media Center sp3

I recently 'cleaned' this computer and upgraded the memory. I left it with Eset running and it seemed fine until a 14 yr old nephew spent one session on it. When I heard about it, the browser was hanging without connecting. System control soon degraded to the point where Windows loads but that is it. Task mgr, file explorer, start button, browser... nothing works. Disk activity is evident but 'it' will not release the machine even after sitting off the ethernet wire for a substantial time after loading the OS. Safe mode available but 'it' blocks the run of Malwarebytes (though the app will load into memory). The only scans I could run were from within safe mode. not sure how useful that may be but RSIT outputs attached. I have DDS scan from safe mode I will place under separate post.

Best advice about next step please. Thank you for taking this under advisement.

A:Toshiba trashed by teen

here is the DDS scan outputs

thank you for helping with this problem.

Read other 2 answers
RELEVANCY SCORE 44

Hello,
I hope you can help me.
My daughter is experiencing problems with her Windows ME machine. I've cleaned off what I could with Spybot and Adaware. I've also run Norton 2002 and the Micro trend on-line virus scan (although I'm not confident that the on-line scan made it to completion).

I'm seeing alot of modem activity, even when nothing else is running on her PC. She's getting icons on her desktop, pop-ups and spyware. Her machine is running very slowly and locks up on a regular basis.

I've run hijackthis and Hijackthis analyzer. The analyzer log is posted below:
Thanks in advance.
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 7:41:39 PM, on 3/8/2005
Platform: Window... Read more

A:Parent of Teen needs help! HiJack log

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

Read other 11 answers
RELEVANCY SCORE 44

OK. I will attach the HJT log for my son's computer. It is running really slow and is constantly running low on disc space. He was using his computer in safe mode until I found out. I removed some of the crap that he had but have no clue what else there may be. Please help. Computer is only a few months old and should not have too many problems. Thanks....

Here is the LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:57 PM, on 2/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Pa... Read more

A:HJT Log for my Teen Son's Computer. ARRGG!

Why hasnt anyone replied? This computer is driving me nuts.
 

Read other 1 answers
RELEVANCY SCORE 44

Hi, when I start my computer and run my IE, the startpage changes to teen-biz.com and a bunch of porn sites are added to my Favorites folder. IE will also open on its own periodically to some porn-site. Lastly, when I shut my computer down, I receive a Winn Min error ("can't end program . . . ").

I've run Ad-Aware, Spybot, SpyHunter and CWShredder but still the above garbage occurs. Can anyone please help? I appreciate any comments. Below is my Hijackthis output. Thank you in advance.

Running processes:
C:\WINNT\Explorer.EXE
C:\program files\timbuktu pro\tb2logon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Jeremy\HijackThis.exe
C:\WINNT\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-495... Read more

A:Teen-biz.com IE Hijack/ Win Min Problem

Read other 7 answers
RELEVANCY SCORE 44

http://www.amazon.com/Lenovo-15-6-Inch-Touchscreen-Laptop-59426255/dp/B00K6ZIFFG/ref=sr_1_1?ie=UTF8&qid=undefined&sr=8-1&keywords=lenovo++i7-4700hq+y50

It's actually over his budget... until his next paycheck, at which point it'll wipe out his savings account.
So before he blows everything he's earned this summer taking orders at a fast-food joint, thought I'd ask if this will be a great choice. It's a Lenovo Y50 laptop sold on Amazon. He looked at it in a Best Buy store where it costs nearly a hundred dollars more. He's a junior in high school this year, so use will be for any school related study/research rolleyes, facebook, Minecraft and he wants to get Skyrim/Elder Scrolls downloaded once he makes his purchase. I think the salesman said that this could be linked to his PS4 - I'm not a techie at all so I don't know that this is hugely important but my son seemed impressed.

I've read reviews dissing the screen. But we saw it in store and didn't think it looked as... unpleasant as some reviewers thought. The other negative thing I've read is something about having to press two keys on the keyboard to control the sound. Again, I don't think that that sounds like a big deal either.

I guess I'm wondering if there's something better for his money or is this actually dang good for $1250 plus tax from Best Buy? (I know Amazon's price is cheaper but hesitate to have to handle any troubles we ... Read more

A:My teen wants to buy this gaming laptop...

Read other 7 answers
RELEVANCY SCORE 44

Hi. Im brandnew to the forrum but i have a good question. I am an avid pc gamer but im only aloud to play teen rated games. Are there any decent teen shooters out? If so, are they recent with good graphics? Thanks!
 

A:Teen First Person Shooter

i play counterstrike source, thats rated mature, i realize thats your problem. I hope im wrong but there may not be any teen rated fps out there. Good Luck to you.
 

Read other 2 answers
RELEVANCY SCORE 43.6

Hi:
Not even sure if this is the right place. My pre-teen cousin installed WINAMP on my mother's computer.
1. Is this a legal program? Is it any good? Does it cost anything monthly?

2. Now The sound on her computer doesn't work. I get an error message from NullSoft. "bad direct sound driver. PLEASE INSTALL Proper drivers OR SELECT another device in configuration." Error Code 887800A

Anything yu can tell me about this or how to fix will be deeply appreciated.

Thanks. wildbill
 

A:Pre-teen installed unknown program?

Read other 8 answers
RELEVANCY SCORE 43.2

Valis sent me for help. I have Windows 7. I have an administrator account. My son uses a standard account and does not know the password for the administrator account. My son has been visiting unwanted web sites. I need to find the easiest way to block him from visiting this type of site.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II X4 635 Processor, AMD64 Family 16 Model 5 Stepping 3
Processor Count: 4
RAM: 5886 Mb
Graphics Card: ATI Radeon HD 4200, 256 Mb
Hard Drives: C: Total - 939685 MB, Free - 745733 MB;
Motherboard: Dell Inc., 04GJJT
Antivirus: GFI Software VIPRE, Updated and Enabled
 

A:Solved: teen and unwanted web sites Valis sent me

Read other 7 answers
RELEVANCY SCORE 43.2

Help please. I have a tech savvy 16 year old son that has to use his computer to do his homework, but is abusing it. I need to be able to see how he is using it (sites/time/things he's doing) and ideally restrict the site "affimatively" to just the sites he needs to do his homework. I check history, but he's savvy enuf' to clear individual entries as he goes..... I've reat about Webwatcher adn SpectrePro but have no idea what's good and what he couldn't detect and remove... I'm not that technical.... help please!
 

A:Parent Control S/W for tech savvy teen

Read other 7 answers
RELEVANCY SCORE 43.2

Hello. I am new here but have been following these forums for a couple of weeks. I think the people [??] who create viruses should be treated like any other terrorist.

I have AVG and today when I opened my e-mail, I noticed a message labeled "Teen poll results" above a couple of other entries. So I used Shift and selected all three so I could delete them all at once. However Delete didn't work.

The AVG [Griswold] screen popped up and said it detected a virus. So I pressed "n" and even enter. Meanwhile, behind the AVG box, there was another box showing a file being downloaded. So I quickly clicked the Close X button for Outlook Express. I hope that cut it off at the pass.

So I have some questions:

1) Is there some way to select and delete something from my inbox without it starting to download?

2) Why didn't AVG stop this thing from down loading?

3) Assuming part of the virus downloaded, how do I find it and get rid of it?

That's enough for now. You guys are great.

-Peter
 

A:Teen poll results virus[?] + AVG + Outlook

Read other 7 answers
RELEVANCY SCORE 43.2

This website keeps popping up and I have run Adware and Spybot. It was also charging calls to my phone. I have put a block on my phone with the phone company and now have to send a letter an a email to dispute these charges. I have never been to that web site and it keeps popping up. I did read whre the average person can go remove this with help so Help. This is the information I get when I run spyware.

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-1078145449-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\LSP.sbi
2004-11-29 Includes\Cookies.sbi
2004-12-15 Includes\Dialer.sbi
2004-12-16 Includes\Hijackers.sbi
2004-12-15 Includ... Read more

A:Solved: Hard Core Teen Sex website

Read other 9 answers
RELEVANCY SCORE 42.8

Hi

I am a dad who wants to give his rebellious pre-teen daughter some control on her laptop, like update iTunes or install games, but she cannot do such as a Standard User.

I initially setup her laptop with both of us (dad and daughter) as admin users. I wanted to be an admin user to help install updates, backup, and check for viruses, etc... Dad as "Home IT guy".

However, in her rebellious attitude over the last couple of months, she removed me as an admin; so, I had no way for login. Pissed IT dad.

IT dad took her laptop away for a week, demanded her password, created IT dad as admin and changed frustrated daughter into standard user.

All fine. No. Daughter wants to upgrade iTunes (admin login required), install games (admin login required), etc... (admin login required). Non-IT mom does not want to do IT stuff (i.e. "admin login required" stuff).

Is there a way to allow my daughter (degraded to Standard User) to have some admin privileges (to perform upgrades and downloads without "admin login required"), but without having the permissions from removing other administrators (i.e. IT dad)?

In other words, IT parents as Uber-Administrators and User children as Limited-Adminstrators (i.e., cannot remove a Uber-Adminstrator but can upgrade and download software)?

IT Dad wants to know, thx

jeff in seattle

A:Windows 7 Pro: Parent adminstration control and rebellious pre-teen

Sorry, I dont have an answer for you, but I'm in exactly the same boat. because I have three sons that install programs and updates like your daughter, that required me to intervene on a multiple-times-per-days basis I gave my kids administrative accounts on their own computers.

BIG MISTAKE!!

I use OpenDNS to prevent access to undesirable web stuff, and so I can have some semblence of knowledge of what is going on. But they hack, and they crack and they circumvent every bit of security I add.

Now I am considering setting them to standard users. And that means non-stop whining, negatively charged atmosphere, and daily interventions by me to install, update, remove and configure things on their PCs.

I feel for you. I hope someone here will be able to offer some guidance to us frustrated parents.

Tanya

Read other 4 answers
RELEVANCY SCORE 42.8

I have a couple of older Dell laptops here of the Windows 98 vintage. They have more than ample hard disks and 64 megs of RAM. I'm thinking of turning them into NetBooks for a couple of 10- and 12-year-olds. The laptops both have good batteries USB ports and PCMCIA slots so wireless will be an easy task.

Here's the question: How practical a job is this and what OS would be best?

I know just a very little about NetBooks, mostly what I've learned by looking at them on the store shelves.
 

A:Turn an old Win98 laptop into a NetBook for pre-teen child?

Read other 6 answers
RELEVANCY SCORE 38.4

Does anyone know of a good simulation game on the order of Sims, but rated for a child of 10. She wants to be able to take care of a family, but her parents, of course, don't want all the teen rated material to be a part of it.

We would really prefer one we can buy and download rather than have to go out and get it.

Thanks for any suggestions.
Peg
 

A:Good simulation games not rated "teen"

Don't think there is any simulation games like the Sims.
 

Read other 1 answers
RELEVANCY SCORE 34.8

Hi:

My computer is brand new out of the box couple days ago. Bought it because my other machine was atacked by malware. I did not download anything from old machine onto new. I did go to my aol email account and signed in. Imediately after this new machine is redirecting google searches, randomly, and also seems to redirect the second I try to sign on to my aol email.

Here are my highjackthis logs. Please advise and help!
The highjackthis scan also says: 'YOUR SYSTEM DENIED ACCESS TO THE WRITE FILE". Wants me to do something about this myself.
I am a newbie and know nothing.

Thank you,

A

A:Search Redirects, Random redirects, AOL email sign on highjack

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 34.4

I am hoping someone can help.I stupidly clicked to install some codec to get a video to run and then it asked me to install freshplay. either or both messed up the computer. Now, I cannot get IE7 to load (it flashes on the screen for a second then closes) and Google's Chrome browser will redirect after a few seconds of getting to the webpage I want. I assume there is some DNS problem too since Orb is not able to connect, I tried to install and run AVG and it can't connect to update (Malwarebytes can't connect to update either, but I installed the most current version from another computer) and Spybot won't run at all either after a successful install. I also just noticed my clock in the lower right hand corner has been set to 24 hour time rather than 12 hour time...Here was my first Malwarebytes run:Malwarebytes' Anti-Malware 1.34Database version: 1749Windows 5.1.2600 Service Pack 32/13/2009 9:10:40 PMmbam-log-2009-02-13 (21-10-40).txtScan type: Full Scan (C:\|)Objects scanned: 174278Time elapsed: 31 minute(s), 50 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 4Folders Infected: 1Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\Curr... Read more

A:freshplay/dns redirects-can't run IE7, Chrome redirects, can't load AV updates

Please delete, problem solved

Read other 2 answers
RELEVANCY SCORE 33.6

Okay,For the past 4 days I have been trying to get rid of malware that redirects my searches. It redirects searches links from google, yahoo, ding, etc. It may also be turning off my MacAfee when MacAfee updates at night. I have done all steps to cleaning this up as according to several forums I have seen posted. I'm running on an older hp that I have upgraded with more RAM, etc over the years. I run on XP. I need to try to keep this computer running for the next 6 months until I'm done with school, then I'm tossing this an buying new. Here is what I have done:updated Javaupdated Adoberun CC cleanerturned off real time scan on MacAfeerun malbytes anti-malware scanrun super anti-spy warerun hijack thisI just finished a full scan of MacAfee and it comes up clean.This is the last log from hijack this. Is there still something in here I should delete?Please help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:05:41 PM, on 1/1/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS&#... Read more

A:search engine redirects, website redirects

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab and then scan.Don't check
Show All
box while scanning in progress!When scanning is ready, click Copy.This copies log to clipboardPost log in your reply.

Read other 2 answers
RELEVANCY SCORE 33.6

Hi,

Here's the symptoms that I'm seeing need some help.

1)Using Internet Explorer - Enter a URL and instead of going to the site it's redirected
2)Google Search - Clicking on Suggested Links the Browser will redirect
Noted Redirect Sites: happili.com, mevioe.com and flyrry.com and other unwanted sites.
3)No Longer able to connect to windowsupdate.microsoft.com or access the windows update site directly from www.microsoft.com

Ran Malwarebytes with latest definintions comes up clean
Ran Ad-Aware with latest Definintions comes up clean
Running AVG scans reports clean

Note: In the Following Requested Logs you may notice the process Teamviewer I'm Aware that this is a Remote Control Software as Me (The person posting this) is helping a friend who lives to far away to actually work directly from their PC. Wanted to point this out.

Before Running hijackthis, DDS and GMER I disabled the AVG processes so that the Antivirus Engine wouldn't interfer with these scans.

Requested Logs

####### DDS ##########
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jen at 23:58:43.82 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.530 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Internet Antivirus 2011 *Enabled/Updated* {DD66DA46-1A1C-43D7-B787-8D5FA72... Read more

A:Browser Redirects, Google Search Redirects

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issu... Read more

Read other 18 answers
RELEVANCY SCORE 33.6

Any Google result sends me off to anti-virus software sites (probably fake). In addition when I try an access a security site like TrendMicro or BleepingComputer this also sends me off to these anti-virus (fake) sites. Here is the HiJack 2.0.2 log (hope I'm doing this correctly)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:10:59 PM, on 1/27/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\stsystra.exeC:\Program Files\Del... Read more

A:Google Redirects and Security Site Redirects

Hello, OverSixtyToo to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirrorThis is another mirrorDisable any type of "Script Blockers" or "Script Protection" installed on your system.Double click on your desktop.If prompted by any script blocking tools, please allow any actions taken by DDS.Two reports will open. Please reply with the generated reports:DDS.txt <-- Copy and paste into your next postAttach.txt <-- Attach to your next postWe need to scan for Rootkits with GMERPlease download GMER from one of the following mirrors:This is the Primar... Read more

Read other 2 answers
RELEVANCY SCORE 24

I just purchased a new computer a few weeks ago and now I am having problems using it. Any web page I visit will have multiple adult pop-ups and at times I will be redirected to another page all together. I figured Windows updates might have something to help but I cannot access the update page at all, get redirected every time. I am not a computer savy person so I purchased Norton Antivirus 2005 yesterday figuring that would resolve my problems. After install, it detected quite a few viruses but also detected spyware. Even after quaratine and all I still have the pop-up issues. Im not sure where to start to get rid of all this crap but I would definately appreciates someones assistance. As I said before, I am not a "Computer person" so please be gentle.
 

A:Pop-ups and Redirects

Read other 14 answers
RELEVANCY SCORE 24

I have a pop up ad virus on my computer that I can't identify nor get rid of. I am using Windows 7 and in any browser, ads start popping up in the lower right hand corner of my browser. Sometimes it looks like a cell phone, sometimes it looks like and ad and sometimes is shows a video screen and says "you are missing a plugin to play videos" and wants me to click on an Update button. I cannot get rid of this.

A:Pop-up Ad & redirects

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 13 answers
RELEVANCY SCORE 24

Hello, I've used AVG, AdAware and Counterspy to scan and remove most of the malware on my PC. They all run now without detecting anything. My problem is that whenever I do a Yahoo! search, upon clicking on a link I am redirected (results.yahoo.com) to the wrong site (each time it's different). This happens on IE6, IE7 and Mozzilla - but is unique to Yahoo. I am running XP SP2. I am attaching a HijackThis log for your review.Your help is greatly appreciated!Best Regards,Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:38:56 PM, on 1/24/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeD:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\System32\ezSP_Px.exeC:\WINDOWS\AGRSMMSG.exeC:\program files\support.com\client\bin\tgcmd.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeD:\Program Files\Sunbelt Soft... Read more

A:Ie 6 Redirects

Hi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerAlso, I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it is finding.Then reboot.After reboot, open your Avira and select "reports".There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and p... Read more

Read other 12 answers
RELEVANCY SCORE 24

Hope you guys can help

My daughter got sent a link via Messenger which she clicked.

I now have NOD32 flagging up problems, pop-up ads within IE pages, browser pages opening on their own.

I have scanned with Adaware, Spybot S&D, and also tried CWS Shredder. I have removed anything flagged up, but still the problem is there.


Logfile of HijackThis v1.99.1
Scan saved at 23:36:03, on 28/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Scr... Read more

A:IE Pop-ups and redirects

Hello nagsville and Welcome to TechSupport,

Please do the following:

Scan with HijackThis. Place a check against each of the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

* Turn off the real time scanner of any existing antivirus program while performing the online scan
Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In... Read more

Read other 19 answers
RELEVANCY SCORE 24

Mainly new windows appearing, but some redirects from search engines. All seem to be for virus or system scan utilities. Also disabled links on most sites Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:04:56, on 07/02/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exeC:\WINDOWS\system32\spoolsv.exeC:\Acer\eManager\anbmServ.exeC:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\UStorSrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\SOUNDMAN.EXEC:\acer\epm\epm-dm.exeC:\... Read more

A:Redirects and pop ups

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 24

My computer has just today started to redirect my IE7 to some registry cleaner site and slowing my internet speed way down. I've read a lot of posts about this occurance and I figured before doing a clean sweep of my ystem (resulting in total loss of data) I would give posting my hijack file a shot. I know there's a lo of steps involved but I would muc rather go through all the steps than to try to put all the programs I have and try to recover the data I had. System restore does not seemto want to work either...my system keeps tellng me that it was unable to complete and no changes have been made. Help would be greatly apprecaited.here's the hijack log:
__________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:47 AM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy... Read more

A:Redirects and pop-ups

So after some research and fiddling here's what I've done so far to rid my puter of these redirections and pop-ups: booted in safemode and ran spybot S&D...it found 4 problems...wwwcoolsearch, and windowsfirewallbypass, which I fixed. I then ran malwarebytes and it found nothing. I rebooted in normal mode and tried to go to IE and boom...again with a popup. BUt this time with teatimer running it blocked the popup from actually showing a webpage yet still showed an empty page. I will posta new HJT log if someone will answer my request for help.

Thanks
 

Read other 1 answers
RELEVANCY SCORE 24

This is one of the computers at work I've been asked to troubleshoot. I get multiple popups whether browsing the internet or just working on local aps like Word, am redirected to other web pages without requesting them, and the PC shuts down often. I've run various virus checkers, but most recently Ad-Aware and Spybot. Both had difficulty downloading updates. Ad-Aware found several cookies and win32.trojandownloader.zlob which kept returning after removing it and rescanning. Spybot stopped scanning 1/3 way through and got "error during check!" messages on coolwwwsearch and webdialer - neither of which I could "fix". On startup, I get the following error messages:*awtsq.exe - cannot access specific device*could not run awtsq.exe c\windows\sys32\awtsq.exe*error loading e\win\sys32\mlchivpu.dll*during scan of files at system startup errors in sys reg found p-07-0100 irql:1fSYSVER0xff00024 NT_Kernel error 1256KMODE_EXEPTION_NOT_HANDLEDI only have access to this computer a few hours a couple of days a week, so be patient with me. Here's the HJT log I ran the last time I had access to it. I'll have access to it again for a few hours in the morning. Even though it shows AVG files, the program has expired. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:29:27 PM, on 1/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\S... Read more

A:Pop Ups And Redirects

I have done some additional things since posting this original hjt log - I've removed the Kaspersky antivirus software, tried to update avg but couldn't, ran ccCleaner slim, ran the vundofix and it found 2 files - wtfuetxe.dll and wtfuetxe.dllbox which it looks like it quarentined in a folder, and I ran SmitFraudFix. The C drive icon is now replaced with a red X and there are multiple .dll files in the C drive. I was going to install a new free avg anti-virus and anti-spyware program but ran out of time. I'm going back now to do that. Here is the latest HJT logs and rapport.txt log from SmitFraudFix.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:41:00 AM, on 1/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\sv... Read more

Read other 12 answers
RELEVANCY SCORE 24

Ok, my Windows 7 computer was randomly redirecting me, like I would be clicking on links in youtube and it would go to some other site. So I ran HJT and it has the following entries:

O1 - Hosts: ::1 localhost
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.

When I loaded HJT it gave an error about not being able to access the hosts file. I went to drivers/etc and the hosts file was not there. I had to use the command line to do some tricky things (gain ownership of the file, and remove the S and H attributes) so that I could see and open the file. All that's in the file is:

127.0.0.1 localhost
::1 localhost
The ::1 localhost looks weird to me, is that ok?

Anyhow, then I scanned with HJT, found those O1 entries above, and fixed them. And rebooted. Then I scanned with HJT and those entries were back!

Where are they coming from if not the hosts file?

And are they bad or just normal? They seem odd!

Thanks!

A:O1 HJT Redirects I can't get rid of

Hi,Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds file to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.

Read other 10 answers
RELEVANCY SCORE 24

Hello,

I am having a similar problem to what I have seen in other posts. In Internet Explorer, when I do a google search and click on any of the results, I am redirected to other unrelated sites. I believe it started when I clicked on a link a few days ago, and "Antivirus XP 2008" automatically started downloading to my PC. I stopped it as soon as I could, but ever since then, my sites have been redirected or "jumped." I ran an antispyware, and it did not fix the problem. I ran hijackthis, and here are my results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:33 PM, on 10/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\p... Read more

Read other answers
RELEVANCY SCORE 24

I am trying to help a co-worker with his daughters laptop. Everytime she attempts to go online, the browser gets redirected to some random website, or a popup that tells her she needs to buy some AV software. I ran malwarebytes and cleaned about 700 files but it didn't seem to help that much. I tried to run HiJack this but it wouldn't let me see the host files at all. I cannot get that machine to go on the internet so any downloads will have to be transported via usb flash drive to her laptop. Thank you so much!
 

A:IE Redirects

Read other 16 answers
RELEVANCY SCORE 24

I've been having a terrible time trying to disable a virus (or multiple viruses) on the computer. I've run MSE as well as trying lavasoft and avast software, nothing seems to detect this thing. Despite that, I am constantly redirected to spam sites while surfing the web and either square or phone shaped pop up appear in the bottom right hand corner of my browser. This happens on both Firefox and Chrome. Now something seems to be messing with my anti-virus, since it magically disappeared from my system yesterday. Any help would be greatly (!) appreciated.Thanks!Win7 64 bit

A:Redirects and pop-ups

Welcome,please run these and post the logs...Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.>>>>Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click on Change Parameters Put a check in the box of Detect TDLFS file system Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select a... Read more

Read other 17 answers
RELEVANCY SCORE 24

I have been having issues with IE7 redirecting my searches. If I search for a topic, a relevant list of sites comes up. However when I click on it I then get re-directed to another site.

I have Norton 360 which scans 2 times a day and shows that my system is clean. I ran the panda active scan which shows that not true. I have automatic updates and my system shows it is up to date??

How do I get rid of these and get my browser functioning properly again? Thanks for the help!

====================================================

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-19 09:20:02
PROTECTIONS: 2
MALWARE: 21
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton 360 8.2.0.81 No Yes
Norton Antivirus Internet Security 2008 No No
;=============================================... Read more

Read other answers
RELEVANCY SCORE 24

Thankyou to whom will help.

While surfing (Chrome) I am periodically (not always) redirected to:
"http://00c89119.linkbucks.com/url/http://www.kpoww.com/index.html"

I have noticed that my security suite (Eset) is unable to update its definitions and when I attempt to run a scan - it bogs down to a crawl.

Ad-Aware found nothing and Malwarebytes did not find anything.

Cheers!
Josh

A:Web redirects

Hello Josh,First run MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.NowReboot into Safe mode with Networking.Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again. >>>>Please Download TDSSkiller Launch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.... Read more

Read other 7 answers
RELEVANCY SCORE 24

When i go on some of my favourite sites i keep getting redirected to another webpage.

Logfile of HijackThis v1.99.1
Scan saved at 21:53:05, on 21/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Documents and Settings\Rhys Morgan.RHYSJOERHYS\Desktop\Applications\utorrent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rhys M... Read more

A:redirects

Read other 16 answers
RELEVANCY SCORE 24

Every few minutes or so my IE will automatically open a new window redirected to Direct Tv or something else. Also when clicking on the results of a search the window will be redirected to something else other than what I seached for for three consecutive times. Your expertise is requested...
Thanks jcfvoygr

The Attach.txt is attached and the DDS log follows:
DDS (Ver_09-12-01.01) - NTFSx86
Run by james.freeman at 17:01:08.73 on Tue 12/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.333 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program ... Read more

A:Another One IE redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 24

Hi Everyone I'm new here and I hope I'm putting this in the correct place. I have Vista operating system. There is a froum/group that I visit and today I've been having a redirect problem. When I go to click on a post I get redirected to either Adspace or Reseller Cluster. In that group I can pm and see profiles I just can't read/reply any posts. Now if I'm logged out I can read what is public but cannot reply. So far this is only happening in this one group. I have been able to use my email and visit other groups without a problem. So far I have tried doing a virus scan - I have Nortons 360 and nothing has been dectected. I tried clearing all my files, cookies, history etc. I tried a system restore a couple different times and when the computer would start back up it would tell me the restore failed to complete I spoke with the group owners and they were able to sign in with my user name and password. They had no problems getting to and reading/replying to posts. The last thing I tried was creating a new user name for that forum. Still the same thing was happening. I would get redirected to the 2 sites mentioned. Thank you in advance for any assistance you can give me.

Read other answers
RELEVANCY SCORE 24

Hi, last couple of days I've found if I do a google search and click on the result, I get taken to various advertising sites - Lightseek.biz savecompare.com sportcampinglocations.com bigshoppingdeals.co.uk kelkoo.co.uk etc I've run an anti-virus scan (F-Secure) which didn't show anything bad.Downloaded Ad-Aware, which found win32.trojan.NSAnti and 199 cookies it didn't like, and deleted them. I'm still getting directed to the sites. Found this site, and downloaded Malwarebytes following advice in this thread http://www.bleepingcomputer.com/forums/t/270212/ie-redirection/This found 4 objects and quarantined/deleted them.But, I'm still getting directed to the sites.Here's the logfile below, any ideas what I can try next?ThanksPaul---------------------------------------------------------Malwarebytes' Anti-Malware 1.41Database version: 3154Windows 5.1.2600 Service Pack 212/11/2009 18:35:49mbam-log-2009-11-12 (18-35-49).txtScan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)Objects scanned: 271208Time elapsed: 1 hour(s), 35 minute(s), 55 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detec... Read more

A:IE redirects

Welcome to BCUpdate mbam and run a FULL scanPlease post the results========================We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr==========================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it fi... Read more

Read other 5 answers