Over 1 million tech questions and answers.

Google redirects to random sites, some sites blocked, can't install spybot.

Q: Google redirects to random sites, some sites blocked, can't install spybot.

Please help me. I am having several problems that I've never had before with my computer and I am now convinced that it is hi-jacked and infected with malware.

The only protection I have used since I got the computer is avast antivirus protection and piriform ccleaner. I have had no malware, spyware or viruses on this computer in the past. I've had it for almost a year.

However my computer has since yesterday (i think) become infected. It has not slowed down much, but whenever I use Google, it redirects me to random sites. Many websites I visit regularly that have never had pop-up ads before now have pop-up ads.

When I went to check my e-mail in Hotmail, I received this message constantly:

"Please refresh your browser window. When you access your Windows Live Hotmail account from more than one computer, we ask you to sign in again to help keep your account private and secure."
At this point I decided to install Spybot, however the website was blocked. I went to download.com and downloaded it and attempted to install but I was unable to, receiving this message:

"Error sending request. The server name or address could not be resolved."

I just installed ad-aware and did a full scan and it found one malware agent and supposedly fixed it, but after rebooting all of these issues are still occuring.

So this brings me to here and now. I just downloaded Trend Micro HijackThis and here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:50 PM, on 2/13/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\IOI\ButtonMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?

Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX7020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?

Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX7020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?

Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX7020
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?

Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX7020
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web

Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ButtonMonitor] C:\Program Files\IOI\ButtonMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01

\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12

\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web

Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web

Printing\hpswp_extensions.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1

\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1

\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{92AD9946-79C3-4E25-9C8F-7C1F0E7B6E1C}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4

\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxWatch9.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8400 bytes


Thanks for your time and I hope you can help!

RELEVANCY SCORE 200
Preferred Solution: Google redirects to random sites, some sites blocked, can't install spybot.

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Google redirects to random sites, some sites blocked, can't install spybot.

Read other 6 answers
RELEVANCY SCORE 110.8

Hello.I have the issue where google search links get redirected to other sites, some shopping some porn, through 'hugosearch' 'lisosearch' and 'fastsearch' and also that access to security / anti-virus sites (including microsoft & windows update) is blocked as a 'no internet connection' page comes up when I attempt to access them. (although the connection is fine for all other sites).I have disabled CD emulation software and posted the DDS logs below and attached the relevent DDS and ARK logs. I have malwarebytes on the PC and a full scan in safe mode comes back clean. Please assist me if you can, I have attached another PC to this connection and that seems fine but I am rather worried that my router has been accessed.Thanks in advance.DDS (Ver_10-12-12.02) - NTFSx86 Run by Freddie at 15:45:48.07 on 27/01/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.392 [GMT 0:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\WINDOWS\Explorer.EXE... Read more

A:Google redirects & blocked access to Security & AV sites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 16 answers
RELEVANCY SCORE 107.2

Have clearly got some kind of malware/virus. When accessing the web, searches on google will open in a new tab and redirect to other sites, normally to do with anti-spyware. All access to tech support sites is blocked - I'm having to write this from another computer - and AVG cannot connect to the update server (gives the message 'control file is missing')...

I read the 'New Instructions' post and tried to run Gmer.exe but all that happens is a little hang with an hourglass next to the cursor. That's it.

I realise this isn't much information. Not entirely sure what to do or how. Any help greatly appreciated,

Thanks...

A:Browser Hijacked - Google redirects, tech support sites blocked - Gmer won't run...

1. Download this file

2. Double click to run it

3. When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 6 answers
RELEVANCY SCORE 106.8

Any google affiliated site comes up with a "404 not found, nginx" page. I can do a search on google.com, but when I click on a link from the search it first redirects to dietpuma.com or any ****puma.com site before taking me to the site I want. This problem will spontaneously go away once in a while but always comes back. I've tried solutions I found online about 'hosts' files but didn't work. Any help is much appreciated! I tried to adhere strictly to the instructions found on the 'preparation guide'. Here is the DDS log, I ran GMER and it said 'no modifications found' or something to that effect. I saved the gmer log, but it is blank. Please advise if I did this correctly. Thanks again!
-Andy

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Andy at 1:28:00 on 2012-02-13
Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.3999.2644 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\syste... Read more

A:Google sites blocked and searches redirect to various puma.com sites.

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

Read other 16 answers
RELEVANCY SCORE 106

Hello,
I think I have a virus. Whenever I do Google search and click on a link I get redirected to random sites.
I am able to access the right sites by double clicking the link. This happens in Firefox. I haven't tried other browsers (IE).
My operating system is Windows XP.
 
Thanks in advance for your help.
 
 
 
 

A:Google redirects to random sites.

I want you to check if IE is affected as well. Then...  Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the e... Read more

Read other 7 answers
RELEVANCY SCORE 106

It started last week with a couple of malware/virus attacks. I ran malwarebytes and got some removed. However, now when I click on Google searches I get redirected to random sites. Also since the attack I haven't been able to access Window Updates or get Spyware Doctor restore points. I don't know if this means anything. Anyways, here is my log file, PLEASE HELP.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:49:23 PM, on 6/1/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18904)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exeC:\Program Files\Lexmark 5600-6600 Series\lxdumon.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Windows\WindowsMobile\wmdc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Acronis\TrueImageHome\TimounterMoni... Read more

A:Google redirects to random sites

Hello, mrkotter1.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksShould you still require assistance, please take note of the points below:Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad. The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.Please do not install, update, or run any programs for the duration of the fix.If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.If you are running Vista, please run all the fixes as an administrator. This is done by r... Read more

Read other 16 answers
RELEVANCY SCORE 106

Sometime today, I noticed that my google searches started redirecting me to some weird search engines full of ads or some ad sites. I also found that my system restore had been disabled. Basically, this is what I did :1) Deleted cookies and temp internet files.2) Ran prefetch and cleared the folder.3) Ran %temp% and cleared the folder.4) Ran Malwarebytes (which found some malware) and deleted the items.5) Ran Hijackthis and analysed it on hijackthis.de - didn't show any discrepancies.6) Used gpedit and enabled system restore - started the service.7) Retried a google search - the issue still occurred.8) Ran Trendmicro housecall which (found some malware as well) and deleted the infected files.9) Retried the google search - no go. "dds.txt"DDS (Ver_09-12-01.01) - NTFSx86 Run by User at 1:36:19.64 on 27/01/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.510.64 [GMT 0:00]AV: PCguard Anti-Virus *On-access scanning disabled* (Outdated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Virgin Broadband\PCguard\Fws.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Virgin Broadband Wireless\Af... Read more

A:google redirects to random ad sites in IE

I also did a OTL custom scan (after seeing it on another forum) usingnetsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sys/md5stop%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfilesCREATERESTOREPOINT----------------------------------------------------------------------------------------------------------------------------------------------OTL logfile created on: 27/01/2010 02:10:34 - Run 1OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\User\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 510.00 Mb Total Physical Memory | 150.00 Mb Available Physical Memory | 29.00% Memory free1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 38.28 Gb Total Space | 24.08 Gb Free Space | 62.91% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or... Read more

Read other 8 answers
RELEVANCY SCORE 106

Hello - When I search on google using either Firefox or IE, the results redirect me to seemingly random sites. I've tried disabling any add-ons that I think are running, scanned my computer a bunch with MSSE, but none of that helped. My friends have tried their magic (malwarebytes scans, avast scans, even combofix I guess) - but they don't seem to have the fu you guys do. Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by amlive at 3:09:57 on 2012-04-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2371 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe ... Read more

A:Google redirects to random sites

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

Read other 21 answers
RELEVANCY SCORE 106

I got the fake antivirus popup last week, and no I did not fall for it! It would not let me close it or even open task manager or anything for that matter. Force shutdown my comp and the virus is still here. Virtumonde is the name of it. Tried to clean it with AntiMalware and Spybot Search and Destroy, 3 times each, and it remains. I tried to run gmer, but towards the end of the scan, avast and lsass.exe take up all of my CPU and I am unable to save the file or do anything for that matter. (lsass.exe, with an L) So I'm sorry I could not provide that log. Thanks for your help!PS: I am unable to attach anything to this post. I cant even copy and paste the location of Attach.txt. When I hit browse, the icons on my desktop flash and nothing happens.DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 0:42:37.31 on Sat 07/03/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.902 [GMT -4:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exesvchost.exeC: ... Read more

A:Google redirects me to random sites

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.Please run another DDS scan and post the latest DDS report. Also make sure to attach the attach.txt. Thanks.

Read other 24 answers
RELEVANCY SCORE 106

Hi
After searching on google and clicking a link from the results I often get redirected to random advert sites. Also occasionally popups appear from nowhere when not even using the computer. I have Malwarebytes Antimalware which I have done a quick scan but it doesnt pick anything up. Neither does my Norton Antivirus. Any help would be much appreciated.

A:Google redirects to random sites

Hello and welcome. let's do this...Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equi... Read more

Read other 3 answers
RELEVANCY SCORE 106

In addition to the browser redirects. Boot up time has become extremely long. Often when boot up is complete Macaffee and wireless network adapter are not working. Thanks much for any support you can provide.
RSL
DDS (Ver_09-07-30.01) - NTFSx86
Run by Family at 17:13:11.14 on Tue 09/22/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.133 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Aventail\Connect\as32svc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched... Read more

A:IE Browser Hijacked... Redirects to random sites/search sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner o... Read more

Read other 2 answers
RELEVANCY SCORE 105.2

Hello
This thanksgiving i was download a few files from the internet.. and wha thappened next is that .. whenever i search for something on google, it redirects to a new site that are allll maliciious sites/porn sites !! I am scared to death as this is my office laptop and i am not the kind to browse for this sort of stuff, especially on my office laptop ! I am sure there is a lot of viruses/malwares infecting my laptop . I tried running sophos antivirus , avast antivirus (which did remove a few viruses)) , followed by malware-byte antimalware and spyware doctor. The problem still remains !! I have tried this on IE , Firefox and Chrome. Problem persists on ALL of them !!
Please help me ... here is the contents of the dds.txt pasted below , and the attach.txt and ark.txt are attached. Thanks !!!!

DDS.txt ---
DDS (Ver_09-11-29.01) - NTFSx86
Run by 203017980 at 12:18:36.74 on Mon 11/30/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1152 [GMT -6:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Sophos Client Firewall *enabled* {0786E95E-326A-4524-969... Read more

A:Malware infected. Redirects google searches to mal-sites and porn-sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 105.2

I have a problem where my browser re-directs me to different sites, when i get to these site sometimes the browser tries to download things labelled "S(1)" etc, i have tried to system restore to no avail and i have tried to download things to remove it to no avail.

After reading the stickied topic on what to do it tells us to download Hijackthis, it says "page not available" when i click the link, it also does this when i try to access anti-virus/malware/spyware sites.

My loading times for youtube etc have become sluggish and any help is appreciated

(PS: i dont understand most computer terminology so if its possible break it down for me, thanks)

edit 1: i can overcome the redirecting when i right click on the link then click "open in a new tab" and then it effectively opens the link to the place i waned to go to
 

A:Browser (mainly google) redirects me to random sites

Read other 16 answers
RELEVANCY SCORE 105.2

Dear Sirs,
Thanks very much in advance for the help. I think my computer is infected as everytime I do a search in Google, it redirects me to random sites.

Please let me know what I have to do solve this.

My DDS results are:



DDS (Ver_09-02-01.01) - NTFSx86
Run by Michael at 20:43:09.08 on 21/02/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.530 [GMT 0:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
AV: Norton AntiVirus *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.e... Read more

A:Every google search I do redirects me to random sites. Help please.

Howdy there Michael and welcome to TSF Forums

I'm Steve and I will be helping you thoughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial post then thread will be closed.

Please follow these directions in the order they are set out for you.

It appears that you have two antivirus programs installed and running, Norton AntiVirus and AVG 7.5. While I understand the frustrations of malware this may seem like a good idea to improve protection, but they can actually have the opposite effect and conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the other via Add or Remove Programs in your Control Panel.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti ma... Read more

Read other 6 answers
RELEVANCY SCORE 104

Hi BleepingComputer! As you can see, I have a problem with my computer that doesn't seem much of a problem but it is annoying and maybe there is more damage done to my system than what appears. So basically the problem is that whenever I search something up on google.ca I will get the page with the results and stuff. But when I click on one of the results, I will get redirected to a random site. This random site may or may not have any relevance to what I actually searched up. For example, I searched up the term "bleeping computer". The result page shows up. I click on the Wikipedia entry of "bleeping computer". I can see already that I am going to get redirected because I can see at the bottom of my browser (a random IP address shows up or yourmagicserach.com or something shows up then a different website loads). If I were to right click on the "Back" button of my browser, I can "Wait a few second" page appear twice then the google results page. This is troublesome and annoying since I can't even search up something on google without going back click again and maybe going back again to click. The only temporary solution that I have found or maybe lower the chances of being redirected is if I clean out the cookies, cache and internet history. This would last about 3 searches before it starts appearing again. Also, the more I search, the worst it gets or so it seems. I ahve also tried a full scan with Malwarebytes but nothin... Read more

A:Google redirects me to random sites when I click on the result

Hello and welcome.. We'll do these and see what we get.Please read and follow all these instructions very carefully.Please download GooredFix and save it to your Desktop.Double-click GooredFix.exe to run it.A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Read other 21 answers
RELEVANCY SCORE 104

Hello! I recently rid a virus using my antivirus software, but there is still a problem with my computer. Most of my Google searches are redirected to weird sites. I don't know what to do! Please help me! Thanks!EDIT: I keep getting a "Host Process for Windows Services Stopped Working" error and I cannot access Windows Update. Oh and I get a blue screen of death in the middle of the GMER scan right after a Host Process error. So here is the DDS stuff and my HiJackThis log

A:Malware redirects Google Searches to random sites

I really hate to bump, but this virus is still on here, randomly making the the computer crash. Please help!EDIT: Please be patient. There are over 450 unanswered topics in this forum at present and the current average wait time to receive help is 7 days. ~BPOh, 7 days? You guys are really busy! Thanks, Ill see you in 7 days, until then, I'll be playing Star Craft 2

Read other 10 answers
RELEVANCY SCORE 104

Have ran Malwarebytes and Spybot SD in safe mode: console only. Both come back clean. Have uninstalled firefox then ran CCleaner, and re-installed firefox.Antivirus - AVG Free 9Firewall - ZonealarmPlease take a look and see if you can help me out. ThanksHijack this logLogfile of Trend Micro HijackThis v2.0.4Scan saved at 6:45:25 PM, on 6/16/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Progra... Read more

A:Google Redirects to random sites / no windows update

Hello dstribs,Sorry about the delay. If you still need help, please post a new HijackThis and/or DDS log to be sure nothing has changed and I'll be happy to look at it. Thanks,tea

Read other 12 answers
RELEVANCY SCORE 102.8

Hi, almost every time I click on a search result in Google I am redirected to a page on a similar topic to the page I linked to but never to the actual site. Sometimes this links to adult orientated sites which has caused me to stop my children using the Net. Can anyone help please?
 

A:Solved: Google redirects links to similar but random sites

Read other 15 answers
RELEVANCY SCORE 102

Hi,

I have been getting this issue for a while and haven't been able to fix it. This is a business computer and use it to access google a lot. I have followed advice elsewhere and checked hosts file, dns settings, malwarebytes scan, etc... but none of this has helped so far.

Every search that I do in google and elsewhere (ex: hotmail) gets redirected to places that have the ip 63.209.69.107 and other sites.

Any help is greatly appreciated

JP

heres the DDS scan:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Vera Moreno Store at 20:09:26 on 2012-02-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2005 [GMT -5:00]
.
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:&... Read more

A:Google and other search sites redirects to 63.209.69.107 and other sites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 3 answers
RELEVANCY SCORE 95.6

Hi, please help...The machine is running XP Home, SP3.As it says in the topic, I'm getting IE redirects, and it's blocking Ad-Aware updates, thus I installed aniversary edition, but it only ran once. Couldn't even download it on said machine.It was worse before I ran spybot S&D from Ultimate Boot CD v3.50/XP-SP3. After installing Ad-Aware, and rebooting, I ran LSPFIX, which got rid of CLSP.dll (Layered Service Provider). At that point, I had gotten AVG on, and it was able to update. But it keeps coming up with trojan dropper messages, and browsing is being redirected. AVG can't seem to kill it, whatever it is. Here's the hijack this log on it to see what's left to clean up - Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:08:54 AM, on 8/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS... Read more

A:Hijack This log - Getting IE redirects, blocked sites

Hello ibcolder and welcome to the BleepingComputer.com! I will be helping you today. In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please give me some time to analyse your logs, I will be back shortly.

Read other 8 answers
RELEVANCY SCORE 94.4

Unable to update or download from any antivirus or antispyware sites. Some sites redirected, frequent internet timeouts and sites failing to load. Ad-aware detects trojans but is unable to "heal" them. System will not boot to safe mode.

Thanks in advance for your help.

First step results follow:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Dad at 17:07:24.21 on Mon 06/21/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.323 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\JDisc\JDisc Discovery 1.1\db\bin\pg_ctl.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\JDisc\JDisc Discovery 1.1\db\bin\postgres.exe
C:\Pro... Read more

A:Redirects, Antivirus and Antispyware sites blocked

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it sh... Read more

Read other 7 answers
RELEVANCY SCORE 94.4

Thanks for helping, first of all.

I got infected from some p2p downloading a few days back. I didnt have AV then, only Spybot and Ad-Aware. I went online, downloaded some scanners, which didnt do me any good. Spybot recognized one as malicious, so I ended up buying Kaspersky. Kaspersky found viruses, which I deleted. The online scanners were removed. I got myself the newest versions of Spybot and Ad-Aware, as well as Spyware Terminator, CCleaner, SpywareBlaster. And now, after multiple days of trying to fix everything myself, I had to come here.
Scanning with each of those programs above gives me a clean system. However, my internet browser still redirects google searches to random sites. I am unable to view webpages such as kaspersky.com, any microsoft page, or even this site (currently using another computer). The computer also freezes 90% of the time while at the welcome screen during startup; although I think this is just a by-product of the adware, and not a problem in itself. I also get a Casino.url icon on my desktop from time to time, Spyware Terminator says it's the remains of AZE Search, but it keeps coming back!
I think I've spoke enough for now, feel free to ask for more specifics. Here's the HJT log. Thanks!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at ?W?? 02:37:15, on 2008/9/15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\sm... Read more

A:HJT Log; Search Redirects, Sites Blocked, Freezing

Bump!
Still looking for some help.
Yesterday, upon having internet plugged in for a while (I've had it unplugged for the majority of the past 3 days), I got a message from Kaspersky saying I was infected with Trojan Monder. The .dll files just popped up in the system32 folder. I deleted it on restart. Ran my spyware cleaners, Spybot found Virtuemonde in the registry. Deleted those as well. Nothing else detected.

Strangely, the search redirecting problem disappeared. I havent done anything with the computer the past 3 days. However, I still cannot access certain sites, and it still feels slow. I want to get it completely clean =]

I also have another question. When the first wave of viruses were appearing, Kaspersky and SpywareTerminator had found problems with msfont.dll and winsys.dll. I deleted both (couldnt disinfect), and deleting msfont has some very visible repercussions. Should I restore those files? Or is there another way to fix that? Cuz Im seeing a lot of gibberish around.

New HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at ?W?? 02:49:11, on 2008/9/19
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS... Read more

Read other 19 answers
RELEVANCY SCORE 94.4

Hello! Thank you guys for volunteering your time to help people diagnose and fix their issues. Here are some of the issues affecting my grandparents computer: 1)On start up, 2 errors pop up (see images). 2)Upon opening internet explorer (I know, I will advise them of other options) the browser gets redirected to search.gugle.com (which redirects further to a number of different pages). 3)Computer in general is slow (could be the celereon 2.4ghz and 512MB ram, but it shouldn't be this slow.4)Certain sites (safer-networking.org for one) are blocked from being viewed, also spybot is blocked from updates needed to even install the software.5)The task manager window is not normal (see image). There is no title bar for the task manager.I have viewed the before you post topic and hope I have taken the appropriate steps. Also attached is the attach.txt file from DDS.Here are the two errors:andAnd here is the unusual task manager:Here is the DDS log:DDS (Ver_09-10-13.01) - NTFSx86 Run by glenn at 0:45:34.53 on Mon 10/19/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.114 [GMT -4:00]AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS&#... Read more

A:Issues: Redirects, Errors and Certain sites blocked

Hi,

I will handle your log. As I am in training all my answers have to be approved by my Coaches.
I hope you understand.

I'll get back to you as soon as is possible.

Read other 10 answers
RELEVANCY SCORE 93.2

Hi, I have a virus that is causing a lot of problems for my computer. It disabled Spybot so it won't execute. It also blocks me from the Spybot website.I downloaded Avast instead and its working but its not finding the virus. I also ran CCleaner to no avail. The way I know that I'm still infected is that it redirects me to all sorts of websites when I click on links from Google.I've never encountered such an advanced virus ever! I have Windows XP and I ran Hijack this, the log is below. If anyone can tell me how to get rid of this virus I'd really appreciate it. Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:16:32 PM, on 9/24/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs... Read more

A:Virus that redirects Internet sites and disables Spybot.

Hello dinadirections,Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. ************Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy... Read more

Read other 2 answers
RELEVANCY SCORE 91.6

Hi,

I am a windows xp user and believe I have a rootkit problem. First thing i noticed was that abc and spybot could not update (couldn't connect to server). My searches with firefox appear normal however if i click on a result i get redirected to another search. I can copy/paste the url of the search result and get what i want. Every security related site is blocked. Including this one. I have to use another computer to download anti-spy stuff. I get a "Failed to connect" Only happens to security sites.

Sorry I can't post logs until i figure out how to unblock urls.

I was able to download "rootkit reavealer"

it found tdssserv.sys timestamped 8/9/08, which is about when i noticed the problem.

I ran HijackThis, it is pretty full of entries (again I can't post a log yet)

I had to download these files on another computer. I also installed combofix and accidently ran it when i transfered it from a cd. It runs for a second and then reports "combofix had detected the presence of rootkit activity and needs to reboot the machine. It does then boots normally and combofix does nothing else. I did install "windows recovery console"

Any help is appreciated.

Read other answers
RELEVANCY SCORE 91.6

Hello,

I am running Windows XP. For the past few days, I've been getting randomly redirected both from following links and directly from the address bar. The most common way, though, is via a link from a Google search. I'll search for anything - "spyware removal" or "orange julius" - click the link, and bounce through several redirects and wind up at a bogus ad page that often tries to download something to my computer. If I go back to the original google search, then I can (usually) successfully click the link.

I've tried both running and reinstalling Spybot pro and HijackThis!, without success. Whatever bug has infected this computer is blocking both programs. I cannot connect to safer-networking.org at all (cannot find server), and cannot connect to update servers for HijackThis or AVG Antivirus. I've tried reverting to a backup of my hosts file, without any apparent change.

Other things I've tried: 1. Trendmicro's Housecall antivirus found a bunch of infections, but couldn't do much about them. 2. ClamAV's memory scan didn't find anything actively running. 3. I ran SDFix.exe, with no trojans found (to the best of my knowledge) and nothing changed. 4. It looks like ComboFix won't run, but I didn't try more than once out of curiosity since I realized it's recommended against without specific direction. 5. I ran ATFCleaner, and don't think it found anything yet.

Another note: my firewall (Sunbelt Personal Firewall) keeps on detecting co... Read more

A:Random hijacks and redirects, spybot & similar blocked

Hi,

I will handle your log. As I am in training all my answers have to be approved by my Coaches.
I hope you understand.

I'll get back to you as soon as is possible.

Read other 6 answers
RELEVANCY SCORE 90.8

Here is My Info
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, Intel64 Family 6 Model 69 Stepping 1
Processor Count: 4
RAM: 8096 Mb
Graphics Card: Intel(R) HD Graphics Family, -2016 Mb
Hard Drives: C: Total - 939414 MB, Free - 750436 MB;
Motherboard: Dell Inc., 00871V
Antivirus: Windows Defender, Disabled
This is my sons computer. I we can no longer access any google sites including youtube but other sites are accessible. He was using google chrome but uninstalled that and starting using IE but had the same result of no google sites. I have avg antivirus-no problem found. I also tried to use a restore point, but it wouldn't work.
Thanks in advance for any help.
 

A:Google Sites are being blocked,

Solution was to remove all antivirus programs and ran windows defender, which i assume reset the host file. all sites are available now.
 

Read other 1 answers
RELEVANCY SCORE 90.8

Hi,
Today I started having a problem, and it seems to be getting worse. The problem is that I can't get to www.google.com via my browsers, both IE and Firefox. I can get to other web sites. From the command prompt, I could PING www.google.com, and got back 216.239.37.104.

Seems weird, I looked every I could think but not really sure where this kind of thing is controled. I ran Spybot, Windows Defender, and Adaware all today after this started. Spybot and Windows Defender reported everything was fine. However, while I was poking around, I opened the Windows Firewall progaram and was looking at it, while I was doing that Windows Defender popped up and reported something was doing something it wasn't supposed to be doing : BrowserModifier:Win32/Matcash and WD offered to remove it. I clicked OK.

Then I noticed that a program named chuck.exe in a temporary directory had an exclusion in the firewall, so I removed the exclusion. I looked in the directory where the firewall said the program lived, nothing was there.

Then I downloaded, installed, and ran Adaware. It found all kinds of things and removed them all, one of which it could not remove until I rebooted. I think it was named virtualdns.dll, but I failed to write the name down.

Anyway, Adaware reports everything is ok now, but still I can't get to www.google.com, and also now not my gmail account (it appears my login has expired and gmail is trying to get to google.com to verify my information). ... Read more

A:Certain Sites, Such As Google.com Are Blocked

Hello, octavius, to bleeping computer. The return that you are getting on your ping does not resolve to www.google.com. It should be 72.14.253.147. Please download LSP Fix, here: http://www.bleepingcomputer.com/files/lspfix.phprun the program, please post of the files listed in the left hand pane. If you can I would also like to look at a copy of your hosts file. It can be found on you computer here: C:\windows\system32\etc\hosts . It should be hidden

Read other 11 answers
RELEVANCY SCORE 90.8

Hey everyone,

Im trying to help a friend fix her laptop. Its a sony vaio running vista home basic without sp1. She recently tried downloading adobe reader from some random site on the Internet and upon restart she can no longer visit specific sites such as the entire google directory. She also has yahoo blocked off according to her. she tried downloading firefox but it was the same trouble. She said she gets redirected to random sites when she tries visiting gmail for example. I tried looking in ie addons but didnt see anything suspicious.

I ran a hijack this scan and have attached the log file below. Any help would be really appreciated!

Thanks
 

A:All google sites blocked!

hey everyone. Thanks to those you who took the time to go through my message so far. I was hoping someone could help my friend out as she continues to have the same problem.

One thing i did not mention in the previous post is that she has up to date norton and spysweeper installed from legitimate sources for a while now.

Any help please ?
 

Read other 1 answers
RELEVANCY SCORE 90.8

I just installed broadband internet on my HP Pavilion tx2000 notebook PC loaded with Windows Vista Home Premium 32 bit. I have not been able to access any site other than Google and its allies. I have turned off the windows firewall to avoid and conflict with the Norton Antivirus 2009 firewall. I have tried by disabling phising filters. But nothing working...please suggest

A:All Sites other than Google are blocked

How do you connect to the Internet, do you have a router and if so are you wired to it by Ethernet cable or do you connect via wireless ?

Read other 7 answers
RELEVANCY SCORE 90

Hey guys-I've been working on this problem for about a week now. The problem is that I get random audio adds in the background. They sound like commercials but never pop anything up. I also get all of my internet traffic redirected to random search sites. The main problem is that I can not access certain websites, including bleeping computer (I'm using fire-proxy to post this) Here are the steps I have taken.I noticed that I had an extra iexplore.exe in my task manager and I do no use internet explorer. SO the first thing I did was remove access to IE8 and also delete all the files for it. This removed the iexplore.exe but did not fix the problem.Here are a list of scans I have used, all of them found things and removed and say my computer is clean:SuperAnti SpywareAVG8Malware BytesSpybot search and destroyAdAwareEach one of these were downloaded and then installed by changing the installation file name. Then of course, I ran them once and then they became useless after the first run.I have run my computer in safe mode with networking and I still have the browser problem. I'm at a point where I am gathering all the programs to do a re-format but I figured I'd try my luck here first. Here is the hijack this logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:34:06 PM, on 1/19/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC: ... Read more

A:random audio and blocked internet sites

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 3 answers
RELEVANCY SCORE 89.6

Hi,
 
I can't access certain sites owing to Avast Anti-vir detecting a trojan infection - "JS:Includer-BOF".  The browser tabs display blank pages.  When I try to reach the sites via Google links, I'm redirected to what I assume are malicious sites, which are impossible to leave, save for closing the tab.
 
All help is gratefully appreciated.  Thanks.
 
AdwCleaner 6.3.0 detects 3 registry entries, but I have left them in place.
 
# AdwCleaner v6.030 - Logfile created 21/11/2016 at 20:48:22
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-21.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Dad - DAD-PC
# Running from : C:\Users\Dad\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\... Read more

A:JS:Includer-BOF [Trj] hijacked my popular sites; redirects Chrome to susp. sites

Apologies for posting this twice.  I continually received "ERROR" on a blank page, after clicking "Post", so didn't think it had posted.  I'm using another laptop to post this reply.
 
Only this second post appears to have included the attached "Addition.txt".

Read other 0 answers
RELEVANCY SCORE 89.6

Hi,
 
I can't access certain sites owing to Avast Anti-vir detecting a trojan infection - "JS:Includer-BOF".  Trying to reach the sites via Google links, redirects me to nefarious sites, which are impossible to leave, save for closing the tab.
 
All help is gratefully appreciated.  Thanks.
 
AdwCleaner 6.3.0 detects 3 registry entries, but I have left them in place.
 
# AdwCleaner v6.030 - Logfile created 21/11/2016 at 20:48:22
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-21.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Dad - DAD-PC
# Running from : C:\Users\Dad\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key ... Read more

Read other answers
RELEVANCY SCORE 89.6

Hi,
 
I can't access certain sites owing to Avast Anti-vir detecting a trojan infection - "JS:Includer-BOF".  Trying to reach the sites via Google links, redirects me to nefarious sites, which are impossible to leave, save for closing the tab.
 
All help is gratefully appreciated.  Thanks.
 
AdwCleaner 6.3.0 detects 3 registry entries, but I have left them in place.
 
# AdwCleaner v6.030 - Logfile created 21/11/2016 at 20:48:22
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-21.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Dad - DAD-PC
# Running from : C:\Users\Dad\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key ... Read more

Read other answers
RELEVANCY SCORE 89.6

Hi,
 
I can't access certain sites owing to Avast Anti-vir detecting a trojan infection - "JS:Includer-BOF".  Trying to reach the sites via Google links, redirects me to nefarious sites, which are impossible to leave, save for closing the tab.
 
All help is gratefully appreciated.  Thanks.
 
AdwCleaner 6.3.0 detects 3 registry entries, but I have left them in place.
 
# AdwCleaner v6.030 - Logfile created 21/11/2016 at 20:48:22
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-21.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Dad - DAD-PC
# Running from : C:\Users\Dad\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key ... Read more

Read other answers
RELEVANCY SCORE 89.6

Hi,
 
I can't access certain sites owing to Avast Anti-vir detecting a trojan infection - "JS:Includer-BOF".  The browser tabs display blank pages.  When I try to reach the sites via Google links, I'm redirected to what I assume are malicious sites, which are impossible to leave, save for closing the tab.
 
All help is gratefully appreciated.  Thanks.
 
AdwCleaner 6.3.0 detects 3 registry entries, but I have left them in place.
 
# AdwCleaner v6.030 - Logfile created 21/11/2016 at 20:48:22
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-21.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Dad - DAD-PC
# Running from : C:\Users\Dad\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\... Read more

Read other answers
RELEVANCY SCORE 89.6

Hi,
 
I can't access certain sites owing to Avast Anti-vir detecting a trojan infection - "JS:Includer-BOF".  The browser tabs display blank pages.  When I try to reach the sites via Google links, I'm redirected to what I assume are malicious sites, which are impossible to leave, save for closing the tab.
 
All help is gratefully appreciated.  Thanks.
 
AdwCleaner 6.3.0 detects 3 registry entries, but I have left them in place.
 
# AdwCleaner v6.030 - Logfile created 21/11/2016 at 20:48:22
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-21.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Dad - DAD-PC
# Running from : C:\Users\Dad\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\... Read more

A:JS:Includer-BOF [Trj] hijacked my popular sites; redirects Chrome to susp. sites

Apologies for posting this twice.  I continually received "ERROR" on a blank page, after clicking "Post", so didn't think it had posted.  I'm using another laptop to post this reply.
 
Only this second post appears to have included the attached "Addition.txt".

Read other 11 answers
RELEVANCY SCORE 89.6

My computer seems to have suddenly stopped being able to load certain websites. I have tried multiple browsers [chrome, i.e., firefox], uninstalled them all, re-installed, etc. but the problems remain, no matter the browser.

I have deleted all caches and browsing history/cookies. I have run numerous Anti Virus/Malware progs [e.g. AVG, malwarebytes, superantispyware, Ccleaner.. even paid for Registry Mechanic, and ran that] No joy.

Most sites are ok, but sites that i frequently use e.g. maps.google.com and http://fantasy.premierleague.com either don't load or dont load properly. It now seems that Facebook is not loading either.

I am pretty sure it is unrelated, but I have an old Sony Vaio, and in the last week or so have been getting a blue screen on startup with the following message:

"STOP: (000021A FATAL SYSTEM ERROR) THE WINDOWS LOGON SYSTEM PROCESS TERMINATED UNEXPECTEDLY...."

I think the above is Hardware related, and nothing to do with blocked sites. Just as an aside, I have no firewalls, all security settings are set to low, etc. etc. All sites were running fine until about 4/5days ago.

Please help! I am usually competent at fixing these things, but this one was got me stumped - thanks!

DDS.txt below [also see attachment]:


DDS (Ver_09-03-16.01) - NTFSx86
Run by General at 12:19:12.92 on Wed 06/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.36 [GMT 1:00]


=========... Read more

A:Certain sites blocked e.g. Google Maps

sorted, it was my landlord's router. not my comp at all. cheers.

Read other 1 answers
RELEVANCY SCORE 89.6

Hello,
 
Sometimes I am unable to access yahoo, google, any of the email systems of the two or any associated sites (yahoo answers, google news, etc). It does not matter the search engine -- IE, Chrome, Firefox -- but once or twice a day, I will get a page cannot be displayed message if trying to get to one of those pages. Briefly, my IE homepage was changed to Bing. And, while I could not get to yahoo and google, I could get to Bing, Ask, Blekko, etc.I have no toolbars or anything like that installed. No add-ons (that I know of) either, except for the Avast site checker.
 
I have Avast, which has detected nothing. Ran Malabytes and uncovered a few crossrider files. Quarantined them. Problem persisted. Ran SuperAntiSpyware and uncovered a fake-doc trojan. Quuarantined and removed it. Problem less frequent but still there. Did ADWCleaner and it uncovered another crossrider file and a few corrupted files. Took them out. Problem better but not gone. Ran RKill and found corrupted Hosts file. Repaired that.
 
Much better than when I started but still having some spots when google and yahoo sites will spin their wheels, as do some other sites (including this one) while Bing pops up immediately if I type that in the browser. I'm no where near my data limit with my ISP, so ...
 
Here's my last RKill log. There are perhaps a couple of issues there, but I can't figure out how to handle them. If anyone can tell me what my next move is to finish off this, I'd apprecia... Read more

A:Blocked from yahoo, google sites sometimes

Can you post the logs from adwcleaner and super anti-spyware?

Read other 31 answers
RELEVANCY SCORE 89.6

hello,My compaq presario 2100 is running normaly except for the fact that I cannot access anything related to Google.comonthe internet. I have Run Sophos anti virus,Sophos ant rootkit, Zonealarm security suite, and Malware bytes. I have also used ATF cleaner and Hijack this. It sounds to me like I have a version of a Qhost1 virus but i have not been able to find it. Here is my hijack this log,Any help would be greatly apprecited . thanksDDS (Ver_09-02-01.01) - NTFSx86 Run by bruce at 17:49:26.11 on Sun 03/01/2009Internet Explorer: 8.0.6001.18372Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.50 [GMT -5:00]AV: Sophos Anti-Virus *On-access scanning enabled* (Updated)AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\HPConfig.exeC:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exeC:\Program Files\HPQ\One-Touch\OneTouch.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Roxio&... Read more

A:all sites related to google are blocked

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 89.6

I was infected with Antisyware Soft. I believe Combofix got rid of that. Then I got this redirect virus and the time on my computer is now in military time. It redirects every search I make. I have to operate it in safe mode now. Could you please help?DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by chris at 21:53:41.03 on Tue 05/18/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.190 [GMT -4:00]AV: avast! antivirus 4.8.1368 [VPS 100518-1] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\chris\Desktop\dds.scr============== Pseudo HJT Report ===============uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptopuInternet Settings,ProxyOverride = <local>uInternet Settings,ProxyServer = http=127.0.0.1:5555uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0 ... Read more

A:IE redirects to random sites

Hello slowhand361, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please Delete any previous copy of [b[Combofix[/b] from your desktop.2.Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4 Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) A black screen will appear and then disappear. Please do not worry, that is... Read more

Read other 12 answers
RELEVANCY SCORE 89.6

I've been getting redirected to random sites when doing searches especially when using GOOGLE - but the same thing happens with any search engine. Sometimes I'll actually be on a page - and suddenly a random page opens up. I'm using IE8 - Windows XP SP3 - with all the automatic updates. I've use Maleware and spyware and virus software and nothing seems to find the little bugger that is causing this. I've attached a Hijack log file to this questions.
 

A:IE redirects to random sites

Read other 9 answers
RELEVANCY SCORE 88.8

Help, Firefox, IE, and Opera all are being hijacked by an unknown malware. It seems to redirect all search engine hits to random ad sites. Also, I am unable to connect to any antivirus websites, including AVG, avast, norton, ect. I scanned with AVG, ad-aware, spybot - search and destroy but I am unable to find any traces of the malware.

Also I'm not sure if this is related, but my AVG stopped working on the 3rd day of infection. I can't run it nor install it, I am getting an error.

I'm using a Windows XP SP 2
AMD 64 3700+ 2.19 ghz 3gb ram

HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:32 PM, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\n... Read more

A:Google being redirected, antivirus sites blocked

BUMP: I still need help
Updated HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:41 PM, on 9/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\L... Read more

Read other 2 answers
RELEVANCY SCORE 88.8

Yesterday most of the links on Google began redirecting me to sites blocked by Trend Micro. Also random tabs occasionally appear containing ads. All pop-ups are still blocked.
Dell Inspiron e1705
Windows Vista
Mozilla Firefox
Any help is appreciated
Thanks!
-Luke

A:Google Links Redirect to Blocked Sites

Anyone?

Read other 1 answers
RELEVANCY SCORE 88.8

is this malware that I haven't managed to remove or can something else cause this. the redirects occur only when I try to use a link on any search engine, type in the URL directly and I get to the site I want.

A:Redirects to seemingly random sites.

It is usually a malware. Lets run these and see how you are.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to... Read more

Read other 11 answers
RELEVANCY SCORE 88.8

I've run numerous spyware and virus scans and still have this issue with the browser redirectingme sometimes, not always, to other sites, seemingly at random. Any help would save what is left of mysanity.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:52:20 PM, on 10/18/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\... Read more

A:Browser redirects to random sites

hi mayr,

Sorry for the delay. If you still need help simply reply to the post and we will get started.

Read other 1 answers