Over 1 million tech questions and answers.

Browser Redirects And Url.cpvfeeds.com

Q: Browser Redirects And Url.cpvfeeds.com

I have ran mcaffee virusscan and fixed all the items it suggested,then I ran ad-aware se and fixed all the items it selected.I'm still getting bombarded with these sites,with 3 browsers (opera,IE,Firefox)If anyone gets the time I sure would appreciate some help here.The rest of my system is running like a dream,so if formatting to rid this could be avoided,it would be awesome

Here is a hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:01:06 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\KSE\nHancer 32bit\nHancerService.exe
C:\Documents and

Settings\QuickSilver24\Desktop\SetAffinity\setaffinity_ser

vice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\KSE\nHancer 32bit\nHancer.exe
C:\WINDOWS\system32\devldr32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} - C:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan -

{BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program

Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe

NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program

Files\RivaTuner v2.0 RC 16.1\RivaTuner.exe" /S
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE

/P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus

CX4600"
O4 - HKLM\..\Run: [MCUpdateExe]

c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask]

"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program

Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program

Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [CleanUp]

C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunServices: [Microsoft] msmsger.exe
O4 - HKCU\..\Run: [nHancer] "C:\Program Files\KSE\nHancer

32bit\nHancer.exe" /tray
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O17 -

HKLM\System\CCS\Services\Tcpip\..\{E5644047-5EC2-431A-BE82



-9D2E23F75A14}: NameServer = 206.248.154.22 69.28.199.126
O20 - Winlogon Notify: WBSrv -

C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: McAfee.com McShield (McShield) - McAfee

Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: nHancer Support (nHancer) - KSE -

Kornd?rfer Software Engineering - C:\Program

Files\KSE\nHancer 32bit\nHancerService.exe
O23 - Service: setaffinity - Unknown owner - C:\Documents

and

Settings\QuickSilver24\Desktop\SetAffinity\\setaffinity_se

rvice.exe

RELEVANCY SCORE 200
Preferred Solution: Browser Redirects And Url.cpvfeeds.com

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Browser Redirects And Url.cpvfeeds.com

Hello,First of all, The current formatting of your log makes it difficult to read, so in notepad:On top, click Format >uncheck Word WrapThen, * Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply together with a new hijackthislog.

Read other 10 answers
RELEVANCY SCORE 49.6

Hi,

Here's the symptoms that I'm seeing need some help.

1)Using Internet Explorer - Enter a URL and instead of going to the site it's redirected
2)Google Search - Clicking on Suggested Links the Browser will redirect
Noted Redirect Sites: happili.com, mevioe.com and flyrry.com and other unwanted sites.
3)No Longer able to connect to windowsupdate.microsoft.com or access the windows update site directly from www.microsoft.com

Ran Malwarebytes with latest definintions comes up clean
Ran Ad-Aware with latest Definintions comes up clean
Running AVG scans reports clean

Note: In the Following Requested Logs you may notice the process Teamviewer I'm Aware that this is a Remote Control Software as Me (The person posting this) is helping a friend who lives to far away to actually work directly from their PC. Wanted to point this out.

Before Running hijackthis, DDS and GMER I disabled the AVG processes so that the Antivirus Engine wouldn't interfer with these scans.

Requested Logs

####### DDS ##########
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jen at 23:58:43.82 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.530 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Internet Antivirus 2011 *Enabled/Updated* {DD66DA46-1A1C-43D7-B787-8D5FA72... Read more

A:Browser Redirects, Google Search Redirects

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issu... Read more

Read other 18 answers
RELEVANCY SCORE 48.4

DDS Pasted below + have attached ark.txt & attach.txt. Have also used Defogger.

Running XP Home ver. 2002 with SP2 on a Dell DIM4600 (2.66GHz w/1.5GB RAM) - 5 user accounts
500 GB SATA HD partioned as C & E drives
History of problem: Installed latest version of Firefox in June. Caused compatibility issues with Dell printer so I uninstalled and went back to previous stable version. Solved printer problem but then started having Firefox crash after a few minutes of use. Tried IE and downloaded Chrome - all would crash after only one or two searches. Removed parental web filter software K9 web protection.

Then the Shopica redirects started shortly after some browser reinstalls to try and correct the crashing - now have ver. 5.0.04183 of Firefox.

When shutting down or logging off user the Hello4 window pops up and locks things up.

When browsing you can search but all the links just bring up a blank screen. My DLink wireless router died during this time so I have replaced it with a Linksys. I also made some changes using the msconfig command so that may have caused some issues with stability.

I have read several posts on here and have run some of the tools such as Malwarebytes and did one of the online scans. A few items were detected but the computer is still infected. I tried to install the Recovery Tool but with no success. My XP disk is SP1 and even after following the detailed tutorials it still would not load. All of my important files are backed up so I am re... Read more

A:Hello4, browser redirects, blank browser pages, general instability of system

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 20 answers
RELEVANCY SCORE 48.4

Hello. I just wanted to give a quick rundown of what issues I am having, as well as note a few problems during the recommended procedure for posting here. First, I did not run GMER as I am running a 64-bit OS. Second, I have been having occasional browser redirects. It does not seem to have any restriction as to where it will happen. From League of Legends forums, to bleeping computer forums, to google searches. It can and does happen at random fairly frequently (maybe once every 10-15 minutes when browsing the internet).

The white box is actually up on my browser screen as I type this post. It will typically only show up on forum type sites from what I have seen. It will say "Recommended for You" and have an 'x' in the upper right corner. When clicked, it just shrinks down to the "Recommended for You" box again.

I have included the dds.txt copy/paste below, as well as attached the attach.txt to this post. You guys are awesome, looking forward to hearing from you.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Matt at 9:14:58 on 2012-04-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2864 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.e... Read more

A:Sirefef Infection, Occasional Browser Redirects, White "Recommended for You" box in bottom right corner of browser.

Also just wanted to clarify the Sirefef infection types as they were listed in previous steps taken for the person assisting me before.

They are:

22:06:30.428 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
22:06:32.321 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]

Read other 32 answers
RELEVANCY SCORE 48.4

Hi Gang:Last Friday my PC was hit with AV Security Suite. I removed it per online directions but my browser (IE8) was redirected and AV Security Suite reappeared. I have deleted the rouge software three times and I still notice occasional redirects and random browser windows popping up so I suspect there is still malicious code within the bowels of my machine but I am unable to locate it.I have used: Malwarebyte's Anti-Malware, A-Squared Free, AVG Anti-Viris, AVG Anti-Rootkit Free, CCLeaner and Disk Cleanup.For your viewing pleasure, my Hijack logo:Thanks for the help!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:12:37 PM, on 7/5/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Digital Media Reader\readericon45G.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\WINDOW... Read more

A:Browser redirects/random browser windows/AV Security Suite

Hi,Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.

Read other 23 answers
RELEVANCY SCORE 48.4

Hi,

I have a Dell Inspiron 1525 laptop that is running Windows Vista Home Premium SP2.

Recently, I've noticed that when using Internet Explorer, occasionally, I'll click a link in Google and it will open a 'generic' search site that has nothing to do with the original Google link. Also, the browser will unexpectedly close for no reason.
There does not seem to be any rhyme or reason to these two occurances - i.e. I can't reproduce either one with specific actions - they occur seemingly completely randomly.

Suspecting a virus, I went to manually update McAfee VirusScan and then scan the system, but get the following error:
"The ordinal 1112 could not be located in the dynamic link library WSOCK32.dll.

Of course, I suspect something suspecious on the computer.... How do I check/scan begin to diagnose/fix the problem?

Thanks!
D

A:ordinal 1112 not in WSOCK32.dll, browser redirects, browser autoclosing

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware,... Read more

Read other 7 answers
RELEVANCY SCORE 48.4

Hello cherish I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

A:Browser Hijack - Browser redirects to - websearch.simplespeedy.info

Thanks Gringo for your help
Here are my log files..
 
Checkup.txt from Security Check by screen317:
 
 
 Results of screen317's Security Check version 0.99.62  
 Windows 7  x64 (UAC is enabled)  
 [/b] 
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
Norton Internet Security        
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 21  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (for.) 
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 5% 
````````````````````End of Log``````````````... Read more

Read other 20 answers
RELEVANCY SCORE 48.4

I have a Dell Inspiron 1525 laptop that is running Windows Vista Home Premium SP2.

Recently, I've noticed that when using Internet Explorer, occasionally, I'll click a link in Google and it will open a 'generic' search site that has nothing to do with the original Google link. Also, the browser will unexpectedly close for no reason.
There does not seem to be any rhyme or reason to these two occurances - i.e. I can't reproduce either one with specific actions - they occur seemingly completely randomly.

Suspecting a virus, I went to manually update McAfee VirusScan and then scan the system, but get the following error:
"The ordinal 1112 could not be located in the dynamic link library WSOCK32.dll."

Of course, I suspect something suspicious on the computer.... How do I check/scan begin to diagnose/fix the problem?

Thanks!
Original diagnosis logs here:
http://www.bleepingcomputer.com/forums/topic439757.html


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Windows at 13:21:17 on 2012-01-26
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.1603 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -... Read more

A:ordinal 1112 not in WSOCK32.dll, browser redirects, browser autoclosing

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated f... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Hello Everyone,

I unfortunately let my security software expire and immediately fell prey to malware. I downloaded malwarebytes and ran a scan. The program found trojans, etc and supposedly removed them. The problem with my redirects and unseen commercials still exists. Help with this would be greatly appreciated. Thank you.

Here is the SysInfo, to be followed by hijackthis log, DDS text, Attach text, and Gmer.

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz, x86 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 3036 Mb
Graphics Card: Intel(R) G45/G43 Express Chipset, 1024 Mb
Hard Drives: C: Total - 76252 MB, Free - 43994 MB;
Motherboard: Dell Inc., 0P301D, A00, ..CN7360489S07T0.
Antivirus: Trend Micro Titanium Maximum Security, Updated: No, On-Demand Scanner: Disabled
 

A:Browser redirects & audio commercials play without open browser!

Read other 7 answers
RELEVANCY SCORE 48.4

Hello! I have seen this problem posted a lot, but I gather that each solution is taylor made, so here it goes:

As other people, I have this problem of random browser redirects when clicking on some links, as well as the annoying popup (sometimes in a cellphone shape) on the lower right corner of my browser's windows (either IE9 or Firefox 14). I have gone into the two browsers' plug-in or add-in controls and disabled anything that I did not recognized as installed by me. This has diminished the problem somewhat, as sometimes the popup comes out empty, but it still comes up.

I am running on Windows 7 Ultimate.

Thanks in advance for any help!

Pedro

A:Browser redirects, annoying popup add in bottom right corner of browser

Hi Pedro -First: Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:•Flush DNS•Report IE Proxy Settings•Reset IE Proxy Settings•Report FF Proxy Settings•Reset FF Proxy Settings•List content of Hosts•List IP configuration•List last 10 Event Viewer log•List Installed Programs•List Users, Partitions and Memory size.•List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please Copy and Paste the Results txt in your next replyNext: Install Malwarebytes Free and SuperantiSpyware FreeNote that Malwarebytes has just released a new version, so please make sure you Update to the newest version. Once both programs are installed and Updated, please run a Quick Scan with both of these - Copy and paste any logs back here -Now: Please download Farbar Service Scanner and Save it to desktop, then run it •Make sure the following options are checked:Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdateWindows Defender•Press "Scan".•It will create a log (FSS.txt) in the same directory the tool is run.•Please copy and paste the log to your reply.Please take your time, and do then at your own pace. This will now give us some details to review -Thank You -

Read other 12 answers
RELEVANCY SCORE 48.4

So I've been having this problem for a little while. Today, while doing a google search, I stumbled upon this post on these forums:http://www.bleepingcomputer.com/forums/topic449229.htmlThis is EXACTLY the issue that I'm having. Browser redirects every so often, little white "Recommended for you" popup box in the bottom right corner that seems to advertise the things I've been recently searching, etc. The box doesn't close when I click "close", it just minimizes itself. This only happens when browsing some sites like reddit and even here, but as the OP of the other thread stated, it doesn't appear on sites like facebook and yahoo. Anyhow, in hopes of saving some time I went ahead and followed the advice given in the other thread to post logs using SecurityCheck, Farbar Security Service, MiniToolBox, MBAM and aswMBR. Here are the results: Results of screen317's Security Check version 0.99.24 Windows 7 x64 (UAC is disabled!) Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy Java™ 6 Update 29 Out of date Java installed! Adobe Reader X (10.1.3) Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent AVG avgwdsvc.exe AVG... Read more

A:Browser redirects occassionally and get "Recommended for You" box in bottom right corner of browser.

Welcome aboard Your "hosts" file has been hijacked.Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.Follow all prompts.*********************Re-run MiniToolbox.Checkmark following boxes:List content of HostsClick Go and post the result.

Read other 5 answers
RELEVANCY SCORE 48.4

Hi all,

Thanks in advance for helping with my problem -- I really appreciate it.

Last weekend I got a very bad infection that basically rendered my system unusable, i.e., when I tried to launch resident programs such as Word, some message said that the .exe was infected, and asked if I would like to activate my antivirus software. The problem at that time was evidently a rogue antivirus program; I ran several spyware cleaner programs (those that I saw recommended on this forum) and this seems to have been fixed -- so now it looks like I just have this redirect problem.

First, my details:
- Windows XP Service Pack 3
- IE 8
- Firefox 3.5.5
- Chrome 3.0

Here's what happens: When I use any of the above-mentioned browsers to search, using Google or Yahoo, and I click on one of the links in the search results, I get taken to some random, garbage website instead of the one mentioned in the search results.

Also, multiple browser windows open repeatedly -- multiple windows with IE, and multiple tabs with Chrome. This seems to get worse over time, until the next reboot.

Here's what I've tried within the past two days:
- SuperAntiSpyware
- Spybot Search & Destroy
- Malwarebytes' Anti-malware
- Spyware Doctor
- Browser Hijack Recover
- Windows Live Onecare Safety Scanner
- My primary antivirus program had been McAfee, but now I'm running Microsoft Security Essentials instead

I've run scans with all of the above (some of them in safe mode) but the pro... Read more

A:Please help - Browser redirects to random sites, plus multiple browser windows

Hello please post your SuperAntiSpyware logTo retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take som... Read more

Read other 6 answers
RELEVANCY SCORE 45.2

I don't know what happened but everytime that I am browsing my computer an IE browser opens up and goes to browser-security.microsoft.com but the page doesn't open up and it leaves me with the browser open without anything happening to it. I'm not sure of how to get rid of this problem. Please help if this problem can be removed from the computer...

I do have HJT on my comp, but unsure of which files to fix and which ones to leave.

A:IE browser redirects to browser-security.com

Welcome omichnga

Please follow our pre-posting process outlined here:
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
After running through all the steps, you shall have a proper set of logs. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Thanks

Read other 4 answers
RELEVANCY SCORE 45.2

I have tried to remove this for a while now and it keeps reappearing. I get pop-ups if I let my browser sit open for a while, I get redirects at least 50% of the time when I do searches from Google. I have tried a few anti-rootkit scans and haven't seen anything lately, and all my AVG and Malwarebytes scans come back clean.

GMER only gives me the options to select []Services []Registry []Files []C:\ []ADS and when i run the scan it generated a blank log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Kendall Silver at 14:18:30 on 2012-06-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2248 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windo... Read more

A:Browser Hijacker, Browser redirects, Pop-ups

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 16 answers
RELEVANCY SCORE 42.8

Since late last week most of the links that are clicked on after a Google search are redirected to random sites. The computer also freezes from time to time but I believe that is a different issue as a new video card was installed. First problem is the redirects. Here is the DDS.TXT contents.Thanks for the help.DDS (Ver_10-03-17.01) - NTFSx86 Run by jwells at 15:04:08.89 on Wed 06/02/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.862 [GMT -7:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k eapsvcssvchost.exeC:\WINDOWS\System32\svchost.exe -k dot3svcC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Intel\AMT\atchk... Read more

A:Browser redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore... Read more

Read other 17 answers
RELEVANCY SCORE 42.8

Hello, I recently found clicking on any links in google or other sites redirects me to some random sites. I ran AVG and it detected a couple of trojans (which I had seen running in the background in the task manager). These were Fnelaa.exe, fml.exe, fmm.exe and fmk.exe. The trojans(?) were supposedly removed by AVG but even after several more scans, the browser problem continues. I would appreciate if someone can help resolve this issue. I am posting the Hijack This log...

OS Version: Microsoft Windows 7 Home Premium , Service Pack 1, 64 bit
=============================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:39 PM, on 7/26/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Zamboozi\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.... Read more

Read other answers
RELEVANCY SCORE 42.8

Hi:

I appear to have a browser hijacker that is not showing up on any scans. When I run a Google search, the site cl-searc.com is occasionally contacted. Then, when I click on the search results I am sometimes redirected to sites such as toseeka.com, shopica.com, bizrate.com, and even pctools. There doesn't appear to be a pattern to when I get redirected, but the redirects themselves often seem connected to the search phrase I originally entered.

So a search for a certain Kodak camera model will turn up an appropriate list of results on Google. The first will be the specs page for the camera model at the Kodak site. However, when I click on that link, I'm directed not to Kodak but to a Bizrate.com listing for the same camera model on sale. If I back up to the search results and click on the Kodak site link again, I will go there as intended.

I'm running Windows XP. My typical browser is Firefox. Spyware Doctor and Registry Mechanic are my usual main scanning tools, but I also use several other tools on a weekly basis.

I've run full scans with the latest updates for Malwarebytes, SuperAntispyware, Spybot, Ad-Aware, as well as the Kaspersky online (critical areas only) and Spyware Doctor (IntelliScan). They've found nothing of note, just tracking cookies that come from legit sites I've visited (like Kaspersky) and places like pricegrabber that must be related to the redirects.

Thanks in advance for your assistance.

A:Browser redirects

Please download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 13 answers
RELEVANCY SCORE 42.8

I am getting random redirects and then pop-ups. I ran malware-bytes and it cleaned up 5 objects. The behavior continues. I tried following the steps for HiJackThis and it generates a blank log. I tried to "run it as administrator" but the check box is gray. I tried the dds.scr as well and it came back with an error "The dependency service or group failed to start". Running windows vista home. I have copied all data that I can off to an external hard drive already. I did have symantec endpoint protection and ad-adware running on the machine as well. Any ideas where to start?
 

A:Browser redirects and pop-ups

Read other 16 answers
RELEVANCY SCORE 42.8

My browser randomly redirects to unknown websites, more so when I am browsing results from google. I scanned my system using Ad-Aware, Malwarebytes, Spybot and McAfee system, but that did not solve the problem. After browsing through this forum I ran the ComboFix and that has resolved the issue. However, I want to be sure that there is no more malware present on my laptop. I am attaching the DDS logs I generated after running the ComboFix. I tried to run gmer in the safe mode as well but my system kept crashing before the scan was completed. Thank you for your help. -MMDDS (Ver_10-03-17.01) - NTFSx86 Run by manish at 12:55:42.29 on Sun 05/30/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_15Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.2038.676 [GMT -5:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32... Read more

A:Browser redirects

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 17 answers
RELEVANCY SCORE 42.8

It seems like everytime I am on a website andtry to download something or try to go to another page I get redirected to a site that asks for all kinds of information. It is very annoying! I am posting the files requested. Please help me clean this up.

Thank You

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8 Pro with Media Center, 64 bit
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz, Intel64 Family 6 Model 15 Stepping 11
Processor Count: 4
RAM: 8191 Mb
Graphics Card: NVIDIA GeForce 9500 GT, 1024 Mb
Hard Drives: C: Total - 953766 MB, Free - 752106 MB; F: Total - 476890 MB, Free - 334128 MB;
Motherboard: Dell Inc., 0M017G
Antivirus: Windows Defender, Disabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:06:04 PM, on 7/5/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Users\Lester\AppData\Local\Akamai\netsession_win.exe
C:\Users\Lester\AppData\Local\Akamai\netsession... Read more

A:Browser redirects

Read other 16 answers
RELEVANCY SCORE 42.8

When i click on a link from google or another search engine, Internet Explorer and Google Chrome redirect me while Mozzila Firefox just doesn't load the page. I have used the program Hijackthis and the log is below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:25:27 PM, on 7/4/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virtualdj.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HK... Read more

A:Browser Redirects. Please help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 42.8

Hello,
 
I am running an up-to-date version of McAfee on my computer. My antivirus says that my computer is protected, but I've noticed some suspicious activity recently. I've been getting browser redirect warnings, as well as hijacks frequently. This is happening a lot when I try to sign onto my school email account. My email account is through Google Chrome. One hijack was by bluegrate, displaying a virus warning. Another hijack was casino. Is this something I should be concerned of?
 
Thanks for any help in advance!

A:Web browser redirects

Hello and welcome back.What is the browser?Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users ri... Read more

Read other 7 answers
RELEVANCY SCORE 42.8

Hoping to get some help here

after picking up something nasty a few days ago
and somewhat foolishly attemting my own removal - which was partially sucessful

After one last online virus scan which found nothing
decided to do a clean install of vista (system was very cluttered HDD almost full so scans taking forever - fully backed up all needed stuff to external HDD)

all seem to go well
But still getting browser redirects via IE and Firefox
also iexplore.exe is running as process in the background - end the process and it reappears within 10 mins

so far only tried malwarebytes scan X2 - both crashed within 4 mins
and one online scan which found nothing

help is needed

A:Browser redirects still

Hello, please run these next. Was that an ESET online scan?Your HOSTS file may be infected. Reset the HOSTS fileAs this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system. Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?To reset the hosts file automatically,go HERE click the button. Then just follow the prompts in the Fix it wizard.ORClick Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.Next run How to remove Google Redirects A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.

Read other 11 answers
RELEVANCY SCORE 42.8

Thanks in advance...got the Antivirus2008XP what-not, alongh with the joke bsod screen-saver...I was able to remove that, but now clicking on google links takes me to various "www.buythisnowdamnit.com" sites...cant connect to anti-spyware sites of any kind, although I can get to other non fix-yer-pc type sites...cant update my SpyDoctor subscription either...basic system-bog down also.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:33 PM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Micros... Read more

A:Browser Redirects

Bump, please

Read other 2 answers
RELEVANCY SCORE 42.8

In Windows IE on Vista home basic everytime when on Facebook.com an app called Zoost which I have added to my account will not load. First of all it redirects afew times and ends up with IE cannot connect with error 404, it then takes me to a screen telling me that the zoost app is already on my account which I already know anyway.
While all these redirects are going on the address bar displays "about:blank" and "double click" but then disappear. I have done my anti virus,spyware,malware and hijacker checks but this annoying thing keeps occurring.
Spybot s+d has imunised my laptop from these so please can someone help me with this dilemma.
 

Read other answers
RELEVANCY SCORE 42.8

Ok, well it seems that I'm not the only one to run across this problem.
Windows XP SP3 browsers are re-directing. First it sarted with Internet Explorer 8 so I install another browser (Firefox) actually updated to newest version. Then it started redirecting, so then I installed Google Chrome and now it is redirecting.
I've ran Malwarebytes, and SuperAntivirus and a older copy of CCleaner. Rebooted and the redirecting starts to initiate all over again. I've been tempted to d/l combofix, but have headed the warnings. So any and all help would be appreicated.
Thanks Again in advance....

A:Browser redirects

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Set... Read more

Read other 1 answers
RELEVANCY SCORE 42.8

daughters acer extensa 4620z redirects.have installed hijackthis but do not know what to delete. first post of any kind on web.thanks

A:ie browser redirects

Hello and welcome. As the HJT forum is very busy,let's see if we can clean it here.If SpyBot is running,disable it for these.Please download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automati... Read more

Read other 1 answers
RELEVANCY SCORE 42.8

Hi,

I am having browser re-direct issues on search engine links. I am also getting a crazy number of pop-up tabs, usually offering a $1,000 wal-mart gift card. I have run AVG and Malwarebytes software (in and out of safe mode)and have not been able to kick the problem.

Please see my logs below. Thank you.

-Scott
 

A:Browser Redirects and More

Read other 6 answers
RELEVANCY SCORE 42.8

Hey all,

I have issues with my daughters tablet. I'm getting redirects on both browsers (IE and Firefox). I'm also getting Spooler SubSytem App error messages.

Her tablet:
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Manufacturer Hewlett-Packard
System Model HP EliteBook 2730p

HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:09:07 PM, on 11/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\In... Read more

A:Browser Redirects

Wow. 72 views and no replies. Did I post this wrong?
 

Read other 1 answers
RELEVANCY SCORE 42.8

Every time I click on a link from any search engine such as google or yahoo, I get redirected to another random search site. Periodically while browsing, the computer goes to the blue death screen and when I restart it, it doesn't load all the way up until after a few tries, stopping instead at a black screen. Please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:56 PM, on 7/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\... Read more

Read other answers
RELEVANCY SCORE 42.8

I was just surfing a page for rice krispy treats recipe (lol) and all of a sudden wallpaper changed, and was infected with Internet Security 2010. I ran malwarebytes and it cleaned it up, I thought. Now I am getting referred to different sites when searching on google, etc. Please help me to remove this as well as suggest something so that it doesn't happen again. I have posted the HijackThis log below.Thank you,JonLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:06:48 AM, on 1/23/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\oodag.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\explorer.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exeC:\Documents and Settings\LUVELLI\Loca... Read more

A:Still getting browser redirects...

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. Do you still require help?If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 11 answers
RELEVANCY SCORE 42.8

I am working with a co-worker that is being redirected when searching in IE7. Being in a public entity we are limited to the tools (software) that we can install and use. We use McAfee VS Enterprise 8.5.0i which has logged some detections and removals from this pc but it is obvious that it still has something going on with it. We have also used Malewarebytes which didn't find anything with a full scan??? Here is the HJT log for you experts to peruse! Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:25:04 AM, on 8/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\oracle\ora92\bin\agntsr... Read more

A:Browser redirects

Does anyone have something to give me on this?
 

Read other 2 answers
RELEVANCY SCORE 42.8

After downloading Mozilla and accessing megavideo.com, hulu, and surf the channel, I started getting security pop-ups from PC extra protection (I think that was the name.) I have Trend Micro PC cillin anti-spyware which came with the PC and the Windows XP operating system, but that did not take care of it. So I bought Spyhunter and ran that. That worked for the pop-ups, but then I got browser redirects on EVERYTHING that I tried to google. It goes to Shopica, Toseeka nad/or antivirusmorro. Neither the Trend Micro PC cillin nor the Spyhunter worked on that. I read through the forum and tried GooredFix although that didn't look like described. So when it asked me if I wanted it to wipe out the infection, I said yes. (I also saved it on the desktop along with its clipboard). That worked for one time. But now the redirects are back. Can you help?

A:Browser Redirects

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

Read other 1 answers
RELEVANCY SCORE 42.8

i have done everything I know how to on my own to stop this, but it just comes right back.
Here's my HiJackThis log:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.autoblog.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analo... Read more

A:browser redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 28 answers
RELEVANCY SCORE 42.8

Hi,

I was having problems with my IE7 and Firefox 2.0 browsers getting redirected to 69.50.190.131, so I searched and tried out the info contained in the following thread:

http://forums.techguy.org/security/517824-solved-redirection-69-50-190-a.html

Which seemed to work OK (I didn't do the registry edits). However, it seems that the problem is back or maybe a different one has popped up. I'm getting redirected now to 216.133.243.28 for some reason in IE7 and that browser runs slower than Firefox. I attached a log from Hijack This at the bottom. I run Trend Micro Internet Security 2007, use Windows Firewall, and just installed avast! anti-virus as well (is it bad to have two installed at the same time?) and frequently run Ad-Aware SE (free) and Registry Mechanic to clean things up. What else can I do to protect myself from these redirect hacks? Can I fix this one?

Thanks!

--------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:08:26 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\... Read more

A:Help with browser redirects

Read other 16 answers
RELEVANCY SCORE 42.8

I hooked my laptop up to my broadband connection directly, bypassing my router. I ran a DNS benchmark program Name bench to see if I could improve my DNS response time. Many of the results reported ?appears incorrect or hijacked?. Could this be because I bypassed my router or is something redirecting my browser? How do I investigate this?
Thanks, Caelis

IP Descr. Hostname Avg (ms) Diff Min Max TO NX Notes
192.168.0.1 SYS-192.168.0.1 cp.local.tld 3.85 2.3 10.8 0 0

The current preferred DNS server.
safebrowsing.clients.google.com appears incorrect: 172.16.254.254
a.root-servers.net appears incorrect: 172.16.254.254
www.paypal.com is hijacked: 172.16.254.254
NXDOMAIN Hijacking
static.ak.fbcdn.net appears incorrect: 172.16.254.254
twitter.com appears incorrect: 172.16.254.254
windowsupdate.microsoft.com is hijacked: 172.16.254.254
google.com appears incorrect: 172.16.254.254
www.google.com is hijacked: 172.16.254.254
www.google-analytics.com appears incorrect: 172.16.254.254
www.facebook.com appears incorrect: 172.16.254.254

216.146.35.35 DynGuide 216.146.35.35 208.24 -98.2% 84.1 3500.0 1 4

www.facebook.com appears incorrect: star.facebook.com
Replica of SYS-172.16.0.1 [172.16.0.1]
www.paypal.com is hijacked: www.paypal.com.akadns.net
twitter.com appears incorrect: 199.59.150.39, 199.59.148.82, 199.59.150.7
Replica of UltraDNS [156.154.70.1]
www.google.com is hijacked: 74.1... Read more

A:Browser Redirects

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the t... Read more

Read other 18 answers
RELEVANCY SCORE 42.8

Having some trouble with firefox and the browser just redirecting to another website for no reason. Some china website.called chinaonTv... never heard of this before. Hoping the log would show something goin on.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:36 PM, on 1/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Samsung\FrameManager\sam_service.exe
D:\Program Files\Samsung\FrameManager\sam_controller.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Samsung\FrameManager\FrameManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreS... Read more

A:Browser Redirects

Read other 12 answers
RELEVANCY SCORE 42.8

A couple weeks ago I started getting the ave.exe windows security/defender/etc scareware popups. I successfully removed this malware using trojan_fakerean_exe_fix.reg to allow exe files to run and MBAM to remove. This malware came back several times and I continued to remove in the same manner. I added Avira to my system and I think it is able to keep the ave.exe from reinstalling itself (often pops up warning that "D:/Autorun.inf has been blocked"?) However, I have been experiencing the same browser redirects that many people in these forums have mentioned. Search engines produce seemingly legit search results. but when you go to them you are redirected to random shopping sites, etc. I often get the following error message "DISCover Drop & Play System Executable has encountered a problem and needs to close" that has just started happening with the Malware and my system is EXTREMELY slow most of the time and often crashes or freezes. DDS logs are below. Every time I run GMER my system crashes half way through the scan. Is there anything I can do to prevent this so I can give you a GMER log?I run the following software on my system that have found various "malware" but haven't done much to improve the symptoms of my system:Avira Antivir Free PersonalMBAMAVGAdAwareSpybotCCleanerThreatfirePlease let me know of any other info you need.Thanks in advance for your help.DDS (Ver_10-03-17.01) - NTFSx86 Run by HP_Administrator at 13:03:40.... Read more

A:ave.exe, browser redirects - Please Help Me

Good evening. The first thing you need to do is to remove one of your anti-virus programs as there is the risk of conflictions with two, or more, running in real-time - not a good thing. Once you have done that, do this:Download HAMeb_check.exe by noahdfear from here and save it to your Desktop.Double click the tool to run it - it will take a minute or two to complete. Once complete it will open Notepad with the results and save a copy as HelpAsst.log to the root of your hard drive, usually C:\ Please post the contents in your next reply.

Read other 26 answers
RELEVANCY SCORE 42.8

Recently I reinstalled Windows 7 Pro 64-bit in a new partition. Also, I reinstalled the programs I like to use. At some point my web browsers began to redirect to places I don't want to go sometimes when I click links. I don't know what's causing the redirects. I tried removing some browser extensions and then tried different browsers. Then I tried a portable version of Opera that has no extensions and I'm still redirected sometimes. I tried uninstalling some programs. That didn't help. I don't know what is causing the redirects. Scans with MBAM, Adwcleaner, Super Antispyware, and Emsisoft Emergency Kit have never found anything I can clearly blame for the redirects. I have Bitdefender Internet Security installed, too. There was something about a proxy override for *.local (I think?) that was found but I'm not sure that's really a problem. If a program is causing the redirects by a proxy then I think the program would've been found or my proxy settings would've been tweaked but everything seems ok. I want to know if I installed a program that resulted in these redirects so I don't install it again. However, while installing programs I was careful to avoid the extra junk that was offered. Seems like the thing that's causing the redirects should be easy to remove but I can't find it.

A:web browser redirects

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

Read other 13 answers
RELEVANCY SCORE 42.8

Hello, i am having the same problem, i use windows xp internet explorer, but every google search directs me to a youtube porn link,and the same popups and iedefender as stated above! please help!
J
EDIT: i have now fixed it, just updated my virus software (AVG, which automatically updates quite regularly) and it located and removed the virus as soon as i opened Internet Explorer again!

A:Browser redirects

Glad to hear its sorted out

Read other 1 answers
RELEVANCY SCORE 42.8

DDS (Ver_10-03-17.01) - NTFSx86 Run by lherrin at 15:21:23.53 on Fri 06/04/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.852 [GMT -5:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\windows\system32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\Program Files\Microsoft Offi... Read more

A:Browser Redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers and Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Un... Read more

Read other 29 answers
RELEVANCY SCORE 42.8

Hi guys, could someone please have a look at the HJT log, my browser keeps getting redirected and PeerGuardian is blockin an awful lot of crap trying to access my system.
Cheers

Logfile of HijackThis v1.99.1
Scan saved at 17:53:16, on 07/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\hijackthis\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Int... Read more

A:HJT log / Browser Redirects

Read other 7 answers
RELEVANCY SCORE 42.8

Howdy,

I was reading the 'Am I Infected" forum and noticed the abundance of people that were having their browsers redirected.
Almost a third of the posts on the first 2 pages were dedicated to the problem.

Is there a new Trojan going around ? Maybe I am reading it wrong but I don't seem to remember that many folks having this much trouble at one time with their browsers being hijacked.

Maybe it is just coincidence ???

Anyone have a comment ?

Thanks,

Dennis

A:Why All The Browser Redirects ?

Hello. Currently, browser redirection is simply the most prevalent method malware writers are using to accomplish their primary goal: making money. by redirecting a browser, they can make it hit a website where they get paid an affiliate commission by the hit, via ads or other means. In the past they've used popups to accomplish something similar. It's just a phase, sooner or later someone will figure out a more effective way to use malware to make money and that will become the main symptom.Hope that answers your question.~Blade

Read other 12 answers
RELEVANCY SCORE 42.8

Hello all,Couple of days ago started having redirects from searches in Google, pop-ups coming from nowhere, and what seems to be a single ad that shows up in every single page I visit instead of the usual ones that would be there. Here goes my HijackThis log. Any help is very much appreciated.MiguelLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:46:47 AM, on 12/22/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Softex\OmniPass\Omniserv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exeC:\... Read more

A:Pop-ups and browser redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

Read other 1 answers
RELEVANCY SCORE 42.8

Hello,
I am also experiencing unwanted browser redirects

So far i ran combofix and the DDS tool listed here

The Combofix log says:

System File is infected!! Attempting to Restore.
C/Windows/regedit.exe

I had a similar problem a few weeks ago where my antivirus would detect it and delete it but it would happen every day untill i tried TDSSkiller which ended the problem..but now i think i have a different malware..TDSSkiller doesnt detect it

I am posting my Combofix log:

ComboFix 10-12-18.01 - Owner 12/18/2010 12:31:19.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1526.1126 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: The Shield Deluxe 2009 Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
C:\setup.exe
C:\Thumbs.db
D:\Autorun.inf
K:\Autorun.inf

c:\windows\regedit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))
.

2010-12-18 17:24 . 2010-12-18 17:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-17 22:39 . 2010-11-10 04:33 6273872 ----a-w- c:&... Read more

A:Browser redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 42.8

good evening, i have a problem of redirects in IE9 and google chrome i have ran security check please see output text below : Results of screen317's Security Check version 0.99.7 Windows 7 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! McAfee Internet Security WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware Java™ 6 Update 26 Out of date Java installed! Adobe Flash Player 10.0.12.36 Adobe Reader 9.1 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe Ad-Aware AAWTray.exe ``````````End of Log```````````` I then tried to run the RKUnhookerLE and it would not start , it threw up an error and outputted an error text file please see below :Exception code : 0xC0000005Instruction address : 0x00402EAAAttempt to read at address : 0xFFFFFFFFCurrently running super anti spyware in safemode after making the changes to the tick boxes on the settings page so far it is 22 minutes gone and it has found :Trojan.Agent/Gen-SVC(Fake)Trojan.Agent/Gen-IExplorer(Fake)Trojan.Agent/Gen-PECHopefully these are the 3 problems above that it has found will post result of SAS scan when it has finished Regards Matt

A:Browser Redirects

As you have another topic here: http://www.bleepingcomputer.com/forums/topic407468.html I will close this one.

Read other 1 answers