Over 1 million tech questions and answers.

Browser Redirects And Url.cpvfeeds.com

Q: Browser Redirects And Url.cpvfeeds.com

I have ran mcaffee virusscan and fixed all the items it suggested,then I ran ad-aware se and fixed all the items it selected.I'm still getting bombarded with these sites,with 3 browsers (opera,IE,Firefox)If anyone gets the time I sure would appreciate some help here.The rest of my system is running like a dream,so if formatting to rid this could be avoided,it would be awesome

Here is a hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:01:06 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\KSE\nHancer 32bit\nHancerService.exe
C:\Documents and

Settings\QuickSilver24\Desktop\SetAffinity\setaffinity_ser

vice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\KSE\nHancer 32bit\nHancer.exe
C:\WINDOWS\system32\devldr32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} - C:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan -

{BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program

Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe

NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program

Files\RivaTuner v2.0 RC 16.1\RivaTuner.exe" /S
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE

/P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus

CX4600"
O4 - HKLM\..\Run: [MCUpdateExe]

c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask]

"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program

Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program

Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [CleanUp]

C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunServices: [Microsoft] msmsger.exe
O4 - HKCU\..\Run: [nHancer] "C:\Program Files\KSE\nHancer

32bit\nHancer.exe" /tray
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O17 -

HKLM\System\CCS\Services\Tcpip\..\{E5644047-5EC2-431A-BE82



-9D2E23F75A14}: NameServer = 206.248.154.22 69.28.199.126
O20 - Winlogon Notify: WBSrv -

C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: McAfee.com McShield (McShield) - McAfee

Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: nHancer Support (nHancer) - KSE -

Kornd?rfer Software Engineering - C:\Program

Files\KSE\nHancer 32bit\nHancerService.exe
O23 - Service: setaffinity - Unknown owner - C:\Documents

and

Settings\QuickSilver24\Desktop\SetAffinity\\setaffinity_se

rvice.exe

RELEVANCY SCORE 200
Preferred Solution: Browser Redirects And Url.cpvfeeds.com

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Browser Redirects And Url.cpvfeeds.com

Hello,First of all, The current formatting of your log makes it difficult to read, so in notepad:On top, click Format >uncheck Word WrapThen, * Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply together with a new hijackthislog.

Read other 10 answers
RELEVANCY SCORE 49.6

Hi,

Here's the symptoms that I'm seeing need some help.

1)Using Internet Explorer - Enter a URL and instead of going to the site it's redirected
2)Google Search - Clicking on Suggested Links the Browser will redirect
Noted Redirect Sites: happili.com, mevioe.com and flyrry.com and other unwanted sites.
3)No Longer able to connect to windowsupdate.microsoft.com or access the windows update site directly from www.microsoft.com

Ran Malwarebytes with latest definintions comes up clean
Ran Ad-Aware with latest Definintions comes up clean
Running AVG scans reports clean

Note: In the Following Requested Logs you may notice the process Teamviewer I'm Aware that this is a Remote Control Software as Me (The person posting this) is helping a friend who lives to far away to actually work directly from their PC. Wanted to point this out.

Before Running hijackthis, DDS and GMER I disabled the AVG processes so that the Antivirus Engine wouldn't interfer with these scans.

Requested Logs

####### DDS ##########
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jen at 23:58:43.82 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.530 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Internet Antivirus 2011 *Enabled/Updated* {DD66DA46-1A1C-43D7-B787-8D5FA72... Read more

A:Browser Redirects, Google Search Redirects

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issu... Read more

Read other 18 answers
RELEVANCY SCORE 48.4

DDS Pasted below + have attached ark.txt & attach.txt. Have also used Defogger.

Running XP Home ver. 2002 with SP2 on a Dell DIM4600 (2.66GHz w/1.5GB RAM) - 5 user accounts
500 GB SATA HD partioned as C & E drives
History of problem: Installed latest version of Firefox in June. Caused compatibility issues with Dell printer so I uninstalled and went back to previous stable version. Solved printer problem but then started having Firefox crash after a few minutes of use. Tried IE and downloaded Chrome - all would crash after only one or two searches. Removed parental web filter software K9 web protection.

Then the Shopica redirects started shortly after some browser reinstalls to try and correct the crashing - now have ver. 5.0.04183 of Firefox.

When shutting down or logging off user the Hello4 window pops up and locks things up.

When browsing you can search but all the links just bring up a blank screen. My DLink wireless router died during this time so I have replaced it with a Linksys. I also made some changes using the msconfig command so that may have caused some issues with stability.

I have read several posts on here and have run some of the tools such as Malwarebytes and did one of the online scans. A few items were detected but the computer is still infected. I tried to install the Recovery Tool but with no success. My XP disk is SP1 and even after following the detailed tutorials it still would not load. All of my important files are backed up so I am re... Read more

A:Hello4, browser redirects, blank browser pages, general instability of system

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 20 answers
RELEVANCY SCORE 48.4

Hello. I just wanted to give a quick rundown of what issues I am having, as well as note a few problems during the recommended procedure for posting here. First, I did not run GMER as I am running a 64-bit OS. Second, I have been having occasional browser redirects. It does not seem to have any restriction as to where it will happen. From League of Legends forums, to bleeping computer forums, to google searches. It can and does happen at random fairly frequently (maybe once every 10-15 minutes when browsing the internet).

The white box is actually up on my browser screen as I type this post. It will typically only show up on forum type sites from what I have seen. It will say "Recommended for You" and have an 'x' in the upper right corner. When clicked, it just shrinks down to the "Recommended for You" box again.

I have included the dds.txt copy/paste below, as well as attached the attach.txt to this post. You guys are awesome, looking forward to hearing from you.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Matt at 9:14:58 on 2012-04-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2864 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.e... Read more

A:Sirefef Infection, Occasional Browser Redirects, White "Recommended for You" box in bottom right corner of browser.

Also just wanted to clarify the Sirefef infection types as they were listed in previous steps taken for the person assisting me before.

They are:

22:06:30.428 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
22:06:32.321 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]

Read other 32 answers
RELEVANCY SCORE 48

Hello! I have seen this problem posted a lot, but I gather that each solution is taylor made, so here it goes:

As other people, I have this problem of random browser redirects when clicking on some links, as well as the annoying popup (sometimes in a cellphone shape) on the lower right corner of my browser's windows (either IE9 or Firefox 14). I have gone into the two browsers' plug-in or add-in controls and disabled anything that I did not recognized as installed by me. This has diminished the problem somewhat, as sometimes the popup comes out empty, but it still comes up.

I am running on Windows 7 Ultimate.

Thanks in advance for any help!

Pedro

A:Browser redirects, annoying popup add in bottom right corner of browser

Hi Pedro -First: Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:•Flush DNS•Report IE Proxy Settings•Reset IE Proxy Settings•Report FF Proxy Settings•Reset FF Proxy Settings•List content of Hosts•List IP configuration•List last 10 Event Viewer log•List Installed Programs•List Users, Partitions and Memory size.•List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please Copy and Paste the Results txt in your next replyNext: Install Malwarebytes Free and SuperantiSpyware FreeNote that Malwarebytes has just released a new version, so please make sure you Update to the newest version. Once both programs are installed and Updated, please run a Quick Scan with both of these - Copy and paste any logs back here -Now: Please download Farbar Service Scanner and Save it to desktop, then run it •Make sure the following options are checked:Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdateWindows Defender•Press "Scan".•It will create a log (FSS.txt) in the same directory the tool is run.•Please copy and paste the log to your reply.Please take your time, and do then at your own pace. This will now give us some details to review -Thank You -

Read other 12 answers
RELEVANCY SCORE 48

Hi,

I have a Dell Inspiron 1525 laptop that is running Windows Vista Home Premium SP2.

Recently, I've noticed that when using Internet Explorer, occasionally, I'll click a link in Google and it will open a 'generic' search site that has nothing to do with the original Google link. Also, the browser will unexpectedly close for no reason.
There does not seem to be any rhyme or reason to these two occurances - i.e. I can't reproduce either one with specific actions - they occur seemingly completely randomly.

Suspecting a virus, I went to manually update McAfee VirusScan and then scan the system, but get the following error:
"The ordinal 1112 could not be located in the dynamic link library WSOCK32.dll.

Of course, I suspect something suspecious on the computer.... How do I check/scan begin to diagnose/fix the problem?

Thanks!
D

A:ordinal 1112 not in WSOCK32.dll, browser redirects, browser autoclosing

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware,... Read more

Read other 7 answers
RELEVANCY SCORE 48

Hi all,

Thanks in advance for helping with my problem -- I really appreciate it.

Last weekend I got a very bad infection that basically rendered my system unusable, i.e., when I tried to launch resident programs such as Word, some message said that the .exe was infected, and asked if I would like to activate my antivirus software. The problem at that time was evidently a rogue antivirus program; I ran several spyware cleaner programs (those that I saw recommended on this forum) and this seems to have been fixed -- so now it looks like I just have this redirect problem.

First, my details:
- Windows XP Service Pack 3
- IE 8
- Firefox 3.5.5
- Chrome 3.0

Here's what happens: When I use any of the above-mentioned browsers to search, using Google or Yahoo, and I click on one of the links in the search results, I get taken to some random, garbage website instead of the one mentioned in the search results.

Also, multiple browser windows open repeatedly -- multiple windows with IE, and multiple tabs with Chrome. This seems to get worse over time, until the next reboot.

Here's what I've tried within the past two days:
- SuperAntiSpyware
- Spybot Search & Destroy
- Malwarebytes' Anti-malware
- Spyware Doctor
- Browser Hijack Recover
- Windows Live Onecare Safety Scanner
- My primary antivirus program had been McAfee, but now I'm running Microsoft Security Essentials instead

I've run scans with all of the above (some of them in safe mode) but the pro... Read more

A:Please help - Browser redirects to random sites, plus multiple browser windows

Hello please post your SuperAntiSpyware logTo retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take som... Read more

Read other 6 answers
RELEVANCY SCORE 48

Hello cherish I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

A:Browser Hijack - Browser redirects to - websearch.simplespeedy.info

Thanks Gringo for your help
Here are my log files..
 
Checkup.txt from Security Check by screen317:
 
 
 Results of screen317's Security Check version 0.99.62  
 Windows 7  x64 (UAC is enabled)  
 [/b] 
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
Norton Internet Security        
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 21  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (for.) 
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 5% 
````````````````````End of Log``````````````... Read more

Read other 20 answers
RELEVANCY SCORE 48

Hello Everyone,

I unfortunately let my security software expire and immediately fell prey to malware. I downloaded malwarebytes and ran a scan. The program found trojans, etc and supposedly removed them. The problem with my redirects and unseen commercials still exists. Help with this would be greatly appreciated. Thank you.

Here is the SysInfo, to be followed by hijackthis log, DDS text, Attach text, and Gmer.

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz, x86 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 3036 Mb
Graphics Card: Intel(R) G45/G43 Express Chipset, 1024 Mb
Hard Drives: C: Total - 76252 MB, Free - 43994 MB;
Motherboard: Dell Inc., 0P301D, A00, ..CN7360489S07T0.
Antivirus: Trend Micro Titanium Maximum Security, Updated: No, On-Demand Scanner: Disabled
 

A:Browser redirects & audio commercials play without open browser!

Read other 7 answers
RELEVANCY SCORE 48

So I've been having this problem for a little while. Today, while doing a google search, I stumbled upon this post on these forums:http://www.bleepingcomputer.com/forums/topic449229.htmlThis is EXACTLY the issue that I'm having. Browser redirects every so often, little white "Recommended for you" popup box in the bottom right corner that seems to advertise the things I've been recently searching, etc. The box doesn't close when I click "close", it just minimizes itself. This only happens when browsing some sites like reddit and even here, but as the OP of the other thread stated, it doesn't appear on sites like facebook and yahoo. Anyhow, in hopes of saving some time I went ahead and followed the advice given in the other thread to post logs using SecurityCheck, Farbar Security Service, MiniToolBox, MBAM and aswMBR. Here are the results: Results of screen317's Security Check version 0.99.24 Windows 7 x64 (UAC is disabled!) Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy Java™ 6 Update 29 Out of date Java installed! Adobe Reader X (10.1.3) Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent AVG avgwdsvc.exe AVG... Read more

A:Browser redirects occassionally and get "Recommended for You" box in bottom right corner of browser.

Welcome aboard Your "hosts" file has been hijacked.Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.Follow all prompts.*********************Re-run MiniToolbox.Checkmark following boxes:List content of HostsClick Go and post the result.

Read other 5 answers
RELEVANCY SCORE 48

Hi Gang:Last Friday my PC was hit with AV Security Suite. I removed it per online directions but my browser (IE8) was redirected and AV Security Suite reappeared. I have deleted the rouge software three times and I still notice occasional redirects and random browser windows popping up so I suspect there is still malicious code within the bowels of my machine but I am unable to locate it.I have used: Malwarebyte's Anti-Malware, A-Squared Free, AVG Anti-Viris, AVG Anti-Rootkit Free, CCLeaner and Disk Cleanup.For your viewing pleasure, my Hijack logo:Thanks for the help!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:12:37 PM, on 7/5/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Digital Media Reader\readericon45G.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\WINDOW... Read more

A:Browser redirects/random browser windows/AV Security Suite

Hi,Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.

Read other 23 answers
RELEVANCY SCORE 48

I have a Dell Inspiron 1525 laptop that is running Windows Vista Home Premium SP2.

Recently, I've noticed that when using Internet Explorer, occasionally, I'll click a link in Google and it will open a 'generic' search site that has nothing to do with the original Google link. Also, the browser will unexpectedly close for no reason.
There does not seem to be any rhyme or reason to these two occurances - i.e. I can't reproduce either one with specific actions - they occur seemingly completely randomly.

Suspecting a virus, I went to manually update McAfee VirusScan and then scan the system, but get the following error:
"The ordinal 1112 could not be located in the dynamic link library WSOCK32.dll."

Of course, I suspect something suspicious on the computer.... How do I check/scan begin to diagnose/fix the problem?

Thanks!
Original diagnosis logs here:
http://www.bleepingcomputer.com/forums/topic439757.html


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Windows at 13:21:17 on 2012-01-26
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.1603 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -... Read more

A:ordinal 1112 not in WSOCK32.dll, browser redirects, browser autoclosing

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated f... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

I have tried to remove this for a while now and it keeps reappearing. I get pop-ups if I let my browser sit open for a while, I get redirects at least 50% of the time when I do searches from Google. I have tried a few anti-rootkit scans and haven't seen anything lately, and all my AVG and Malwarebytes scans come back clean.

GMER only gives me the options to select []Services []Registry []Files []C:\ []ADS and when i run the scan it generated a blank log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Kendall Silver at 14:18:30 on 2012-06-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2248 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windo... Read more

A:Browser Hijacker, Browser redirects, Pop-ups

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 16 answers
RELEVANCY SCORE 45.2

I don't know what happened but everytime that I am browsing my computer an IE browser opens up and goes to browser-security.microsoft.com but the page doesn't open up and it leaves me with the browser open without anything happening to it. I'm not sure of how to get rid of this problem. Please help if this problem can be removed from the computer...

I do have HJT on my comp, but unsure of which files to fix and which ones to leave.

A:IE browser redirects to browser-security.com

Welcome omichnga

Please follow our pre-posting process outlined here:
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
After running through all the steps, you shall have a proper set of logs. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Thanks

Read other 4 answers
RELEVANCY SCORE 42.8

I am randomly getting redirects when using my ie browser. nothing was detected using malwarebytes. please help

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jess at 19:36:59 on 2012-07-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3032.1780 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windo... Read more

A:browser redirects

by the way, i am not seeing an ark file created after running dds. Just the dds file and the attach both in notepad.

Read other 19 answers
RELEVANCY SCORE 42.8

Yes I have the same problem! I ran AVG to see what is going on and it is saying it is a Trojan Horse Agent3.ACMY

AVG seems to stop the problem from getting worse but I can't seem to fully delete the malware out of my computer.

A:Browser redirects.

Hello and welcomeI split you to yout own topic.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal InstructionsIf it finds something make sure Cure is selectedNext click Continue then Reboot nowA log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instruc... Read more

Read other 5 answers
RELEVANCY SCORE 42.8

My browser redirects me to some porn site. This doesn't happen every time I open the browser, but it happens very frequently.
I think this happened after I clicked some random website by mistake. I did a full system scan but Avast doesn't detect any threats.
I'm pretty sure I've got something because I'm seeing this problem after I clicked that hacked website.
 
Please help, I don't know what to do.
 
My laptop whas Windows 7 installed. Avast antivirus and windows firewall.

A:Browser redirects

Hello imfedup and Welcome to the BleepingComputer.  
 My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
Ensure your external and/or USB drives are inserted during always the scan.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the comp... Read more

Read other 1 answers
RELEVANCY SCORE 42.8

Hello, thank you in advance for your help!
 
I have been experiencing issues with my laptop for sometime now. I use chrome, but have been getting browser redirects often. Also, in the body of a webpage, certain words will be underlined (like a link), but when I go over them pop ups appear or it takes me to a page. 
 
Also, when we use Google, it sometimes takes is to random pages, rather than the results page. I could not find a name of the malware, etc. But I did run a few programs, as I have read through the "Am I infected" sites and dealt with this sort of thing in the past. I will post the malware bytes log too.
 
Thank you!
 

A:Browser redirects and pop ups

Hello jlanefwbbc I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sam... Read more

Read other 7 answers
RELEVANCY SCORE 42.8

I recently cleaned a virus off this computer and I am still getting browser redirects. I have ran both Malwarebytes and SuperAntiSpyware both. I have also ran Gmer and TDSSKiller. I am getting redirects in both Firefox and Internet Explorer.I am running Windows XP Pro.What can I do to make sure this system is clean? I tried attaching the log file from Gmer but it was too large.DDS (Ver_10-03-17.01) - NTFSx86 Run by Unknown User at 18:01:45.70 on Sun 08/15/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.185 [GMT -5:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\... Read more

A:Browser redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 14 answers
RELEVANCY SCORE 42.8

Combofix file is here... What to do next...

A:Browser redirects

browser redirects are often caused by malware as you no doubt already know. Consequently, you should post on the "Virus/Trojan/Spyware Help" forum here:
http://www.techsupportforum.com/f50/

Read other 2 answers
RELEVANCY SCORE 42.8

Currently using Firefox 4.0.1..getting constant browser redirects towards search-results.com

Scanned malwarebytes on safe mode with no results. Below are the listed scanned logs in attachments using HiJackThis, OTL,dds & TDSSKiller. Uninstalled AVG if Combofix is needed to be used.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:07:33 PM, on 01/06/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.hotspotshield.com/g/?c=h
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Li... Read more

A:Browser Redirects

Delete thread if possible Mods.
 

Read other 1 answers
RELEVANCY SCORE 42.8

Hi, I've seen a number of other similar issues where search results are being redirected...here's my OTL results:OTL logfile created on: 12/20/2009 12:45:14 PM - Run 1OTL by OldTimer - Version 3.1.19.0 Folder = C:\Users\JK\Documents\Downloads Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstationInternet Explorer (Version = 8.0.7100.0)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 232.69 Gb Total Space | 215.21 Gb Free Space | 92.49% Space Free | Partition Type: NTFSDrive D: | 111.79 Gb Total Space | 78.20 Gb Free Space | 69.95% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: JK-PCCurrent User Name: JKLogged in as Administrator. Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2009/12/20 12:43:42 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\... Read more

A:more browser redirects

Just some more info on this - it looks like there's quite a few with the same issue.

I scanned my drive from a different OS and Norton 360 indicated that drive was infected in atapi.sys and browser cache with Backdoor.Tidserv.I!inf.

I'm not sure how I'll clean or if I'll try to restore atapi.sys. Symantec isn't providing real great help on this issue.

Read other 3 answers
RELEVANCY SCORE 42.8

I looked around and could not find a thread to ask in so I started this one. I have Windows XP SP3 and IE8 which was updated from IE7. I also have avast! anti-virus software, Spy-Bot anti-spyware software and Malwarebytes' anti-malware software as main security software that is running 24/7 and has been since 2007 when I bought my laptop. I have never had any problems with IE even when I updated to IE8 earlier this year from IE7. My firewall setting is set high enough that my FTP program needs an exception in order to traverse my firewall to upload my files to my website so I think it is secure enough. About a week ago, I went looking for some information regarding some automotive repair data and everything was fine and I exited IE and did something else. The next time I opened IE, I go straight to my homepage (correct) and if I use the search engine (Bing but it does not seem to matter) it will take me to the search results page like normal. However, when I choose a site from the page, I get redirected all over the place mostly ad type sites like monsterinfo, infomash, etc. If I manage to get to open up a site that I did select, a "ad" page opens up in a blank page format. I thought I might have some sort of malware that had creeped through my security so I scanned all of my files (deep scan) with all of the programs mentioned before as well as with maintenance type programs like Advanced SystemCare 3 and after taking about 3 days of running scans, they all came ba... Read more

A:Browser Redirects

Go to the Security Section in the Main Menu and see First Steps. I believe you're still infected.

Read other 1 answers
RELEVANCY SCORE 42.8

I have a lot of browser redirects and pop ups when I search for something using a search engines

I tried to past a hjt log but hjt wont run when i click on it it does nothing tried downloading and installing it again would not run

windows xp pro
 

A:Browser redirects please help

Closing duplicate, please reply here:

http://forums.techguy.org/malware-r.../840182-browser-redirects-injector-virus.html

eddie
 

Read other 1 answers
RELEVANCY SCORE 42.8

I am on:
windows XP-pro , and I use the following security programs:

1. avast free edition registered updated and all shields enabled.
2. Malwarebyte full version registered updated and all shields enabled.
3. Usb disk security registered updated and all shields enabled.
4. Winpatrol

I scanned by using the above programs but no infection has been found.

Problem description: when I try to log in 'syriatrust.org' in mozilla firefox or in internet explorer I got redirected to 'facebook.com'.

syriatrust.org is a valid non governmental organization website.

I noticed that the redirection is happening only with syriatrust.org not other websites. I called my brother in law and he managed to log in syriatrust.org successfully without any problem.

Your intervention is very appreciated.
 

A:Browser Redirects

Read other 11 answers
RELEVANCY SCORE 42.8

Even on a fresh re-install of XP I still get redirects...This log is not from a fresh install however.Here are the logs requested - what do you guys think?.DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_24Run by tr at 20:03:13 on 2011-06-21Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1369 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}.============== Running Processes ===============.C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\ULi5287\ULi5287.exeC:\Program Files\AVAST Software\Avast\avastUI.exeC:\WINDOWS\system32\RUNDLL32.EXEF:\EASEUS\Todo Backup\bin\EuWatch.exeF:\EASEUS\Todo Backup\bin\TrayNotify.exeF:\winpatrol.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeF:\EASEUS\Todo Backup\bin\Agent.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\System32\svchost.ex... Read more

A:Help with Browser redirects!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 19 answers
RELEVANCY SCORE 42.8

I am working with a co-worker that is being redirected when searching in IE7. Being in a public entity we are limited to the tools (software) that we can install and use. We use McAfee VS Enterprise 8.5.0i which has logged some detections and removals from this pc but it is obvious that it still has something going on with it. We have also used Malewarebytes which didn't find anything with a full scan??? Here is the HJT log for you experts to peruse! Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:25:04 AM, on 8/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\oracle\ora92\bin\agntsr... Read more

A:Browser redirects

Does anyone have something to give me on this?
 

Read other 2 answers
RELEVANCY SCORE 42.8

My browser keeps redirecting almost every single time I click on a link through google or any other search engine. Every once in a while it does not redirect but it's almost every time.

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Craig and Amber at 9:12:24.14 on Mon 04/04/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2065 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Softwa... Read more

A:Browser redirects

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts. If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
When finished, it will produce a report for you.
.
Please include the foll... Read more

Read other 19 answers
RELEVANCY SCORE 42.8

I've read the posts regarding my issue and have come to the parts that I shouldn't use Combofix without a technician. I have AVG 9 Free edition installed, I've ran Spybot -Search & Detroy, SUPER AntiSpyware, but none of them find anything. The only way I can get to a link is by copying and pasting. Otherwise I'm redirected to somewhere else. Please help. Thanks so much in advance.

A:Browser redirects

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 42.8

I have had a number of small problems which make me fear my laptop is infected. Symptoms have occurred sporadically. If it were not time to do my taxes, I would probably wait to see if the problems got worse before seeking help. But I do not feel safe to do any financial or secure activities until I know it's clean. Thank you for your attention.


1. On 02-15-12, MSE detected Trojan:Win32/Opachki.H and claimed to have successfully removed it. The one thing that troubled me was that it was found in IE's Temporary Internet Files. However, IE had been opened, briefly used, and closed at least 6 hours earlier that day. (But maybe the time delay in detection is normal.)

--No other problems that I know of until:

2. On 03-05-12, I was using chrome, mistyped an address, and was redirected to hxxp://channelrewardcentral_com via hxxp://secredir_com. A survey pops up with a Youtube-like logo and a message approximately like the following appeared:

"Congratulations!
You've been selected to take part in our anonymous survey. Complete this short questionnaire and choose between these three totally awesome apple products."

I closed chrome using Task Manager, ran scans of MSE, MBAM, & SAS. Everything was clean. After a fruitless google search for the cause of the redirect, I assumed I had no lurking malware.

--

3. Two days later a similar redirect happened in firefox to hxxp://survey.prize-giveaways_com via hxxp://bidr.trellian_com. I upd... Read more

A:browser redirects

BUMP, please

Read other 19 answers
RELEVANCY SCORE 42.8

Hi
My Relative has asked me to help him as his Internet browser when ever he goes onto Internet explorer on a site which needs passwords typed in the page redirects to another UN relative site.
He feels this is a virus has any one got i idea how i can check his computer or even fix these problems.

Thanks.
 

A:Help my Browser Redirects

Have your relative download Hijackthis.
Create a folder on your hard drive and save it there.
Unzip the file and extract it to the folder you have created.
Scan your machine, then click on Save Log.

Post a copy back here and someone will be happy to review it.

Don't make any changes until instructed to do so.
 

Read other 1 answers
RELEVANCY SCORE 42.8

Windows 7 system was infected. Installed and ran malwarebytes 1.51.2.1300 database 8363 several problems fixed, infections removed. Also have McAfee Antivirus Plus installed. It also found several issues that were corrected. However, any browser used has most pages redirected. Have run scf /scannow from cmd prompt (as admin), no issue. have reset tcp stack, run 'stinger' package from mcaffee, nothing has fixed the redirct issue. will sometimes get a message from mcaffee that it has blocked a 'potentially risky connection' from windows explorer so something is still in here. my 'hosts' file is clean. would appreciate any help finding what is still in here. thank you

A:browser redirects

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_21
Run by Owner at 23:51:19 on 2011-12-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2656 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway�... Read more

Read other 16 answers
RELEVANCY SCORE 42.8

Hi guys, could someone please have a look at the HJT log, my browser keeps getting redirected and PeerGuardian is blockin an awful lot of crap trying to access my system.
Cheers

Logfile of HijackThis v1.99.1
Scan saved at 17:53:16, on 07/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\hijackthis\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Int... Read more

A:HJT log / Browser Redirects

Read other 7 answers
RELEVANCY SCORE 42.8

Since late last week most of the links that are clicked on after a Google search are redirected to random sites. The computer also freezes from time to time but I believe that is a different issue as a new video card was installed. First problem is the redirects. Here is the DDS.TXT contents.Thanks for the help.DDS (Ver_10-03-17.01) - NTFSx86 Run by jwells at 15:04:08.89 on Wed 06/02/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.862 [GMT -7:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k eapsvcssvchost.exeC:\WINDOWS\System32\svchost.exe -k dot3svcC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Intel\AMT\atchk... Read more

A:Browser redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore... Read more

Read other 17 answers
RELEVANCY SCORE 42.8

Hello,

When I use Internet Explorer and try to go to a website, it says jump and takes me to another site.

This is my logfile, thanks for the help

Logfile of HijackThis v1.99.1
Scan saved at 4:40:40 PM, on 5/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sv... Read more

Read other answers
RELEVANCY SCORE 42.8

Been having problems with removing some malware that redirects my search results and opens random pop ups. My virus programs removed AVE.exe when it showed up but the problem persisted since then. Malwarebytes, Spybot, Superantispyware, and AVG find nothing on the computer. TDDSkiller says atapi.sys gets reinfected with a rootfit everytime I try to kill it. It moves to a temp file then back. Here is the combo fix file and you can see the tmp file that gets infected with the rootkit.ComboFix 10-04-06.05 - Administrator 04/07/2010 17:50:50.3.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1599 [GMT -4:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\gotomon.log.---- Previous Run -------.c:\windows\system32\gotomon.log . . . . failed to deletec:\windows\system32\drivers\tsk7.tmp . . . is infected!!-- Previous Run --c:\windows\system32\proquota.exe . . . is missing!!--------c:\windows\system32\proquota.exe . . . is missing!!.((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 ))))))))))))))))))))))))))))))).2010-04-07 21:20 . 2010-04-07 21:20 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb2010-04-07 15:11 . 2010-04-07 15:... Read more

A:Browser Redirects

Here are the logs of DDS and GMER. I don't have time to run a full GMER scan as I am always busy at work and GMER freezes everything else up if running in the background.GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-04-09 12:15:09Windows 5.1.2600 Service Pack 3Running: bqqkui5x.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdypog.sys---- Kernel code sections - GMER 1.0.15 ----? klmdb.sys The system cannot find the file specified. !.rsrc C:\WINDOWS\system32\drivers\pciide.sys entry point in ".rsrc" section [0xBA670814]? tskB.tmp The system cannot find the file specified. !.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8B10000, 0x18FFBC, 0xE8000020]init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0x9E436A00]---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\System32\svchost.exe[1164] ntd... Read more

Read other 3 answers
RELEVANCY SCORE 42.8

I give up. I am continually getting Browser redirects in IE8 and Firefox. I have tried everything I know and still am getting popups re: Faux virus infections and redirecting when I click on links in my search results. What do I do now?Help!Hello.I am receiving browser redirects in IE and FireFox. When clicking on a link in search results I get redirected to various and sundry sites.Symptoms:1. Browser redirects in search results.2. Occasional popups warning of faux viruses.3. At one point McAfee was warning of pincav.e trojan that was quarantined.4. At one point XP Defender was running and removed file associations for *.exe.5. Cannot start in safe mode. I get BSOD.6. Cannot run a full scan in GMER - BSOD. I have included the log of the initial scan of GMER in the attach.zip.7. DDS. log follows with attach.txt and initial scan of GMER attached.I would appreciate any help/insight you can provide. Thanks advance for your assistance.DDS logDDS (Ver_10-03-17.01) - NTFSx86 Run by Joe Levitch at 14:22:58.98 on Sat 04/10/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.1099 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Pr... Read more

A:Browser Redirects

Hi,Please post a new DDS log and we can continue from there. Let me know if the redirect is still there and if you have any other problems.The initial GMER scan you took seems like you're infected with the latest TDL3 rootkit infection.

Read other 2 answers
RELEVANCY SCORE 42.8

When I use a search engine, my browsers (firefox and IE), it constantly keeps redirecting me to a www."randomsite".com, usually some random search engine, also my computer keeps opening up browsers with 3 tabs which usually leads to a 404 page. This only happens when I'm online and I get spammed with the browsers. I have a hijackthis log but don't know what to do with it and what I need to fix because I am a noob. Thanks for any help.
 

A:browser redirects

Hello there Welcome to the TSG Forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.
Please note the following:
The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.


Step 1

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Additional Scans check the following:

Reg - Desktop Components
Reg - Disabled MS Config Items
Reg - NetSvcs
Reg - Shell Spawning
Reg - Uninstall List
File - Lop Check
File - Purity Scan
Evnt - EvtViewer (last 10)
Please copy the following into the Custom Scans box at the bottom
Code:
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
v... Read more

Read other 1 answers
RELEVANCY SCORE 42.8

It seems like everytime I am on a website andtry to download something or try to go to another page I get redirected to a site that asks for all kinds of information. It is very annoying! I am posting the files requested. Please help me clean this up.

Thank You

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8 Pro with Media Center, 64 bit
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz, Intel64 Family 6 Model 15 Stepping 11
Processor Count: 4
RAM: 8191 Mb
Graphics Card: NVIDIA GeForce 9500 GT, 1024 Mb
Hard Drives: C: Total - 953766 MB, Free - 752106 MB; F: Total - 476890 MB, Free - 334128 MB;
Motherboard: Dell Inc., 0M017G
Antivirus: Windows Defender, Disabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:06:04 PM, on 7/5/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Users\Lester\AppData\Local\Akamai\netsession_win.exe
C:\Users\Lester\AppData\Local\Akamai\netsession... Read more

A:Browser redirects

Read other 16 answers
RELEVANCY SCORE 42.8

After downloading Mozilla and accessing megavideo.com, hulu, and surf the channel, I started getting security pop-ups from PC extra protection (I think that was the name.) I have Trend Micro PC cillin anti-spyware which came with the PC and the Windows XP operating system, but that did not take care of it. So I bought Spyhunter and ran that. That worked for the pop-ups, but then I got browser redirects on EVERYTHING that I tried to google. It goes to Shopica, Toseeka nad/or antivirusmorro. Neither the Trend Micro PC cillin nor the Spyhunter worked on that. I read through the forum and tried GooredFix although that didn't look like described. So when it asked me if I wanted it to wipe out the infection, I said yes. (I also saved it on the desktop along with its clipboard). That worked for one time. But now the redirects are back. Can you help?

A:Browser Redirects

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

Read other 1 answers
RELEVANCY SCORE 42.8

As per previous post my son ran combo fix before I knew, my browser goes to sites on it's own or says it cannot load URL. Logs are attached.
DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 15:36:53.29 on Mon 08/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.304 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\HP\Dig... Read more

A:Browser redirects

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see the ComboFix log.

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\ComboFix.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 42.8

Somehow picked something up recently, haven't been anywhere out of the ordinary. Anyway, if anyone has any help on how to start, thanks for the help. Also, not sure if this is related, but when transferring large files to external hard drive, the transfer will freeze and not finish, just started happening pretty recently. Thanks.

Read other answers
RELEVANCY SCORE 42.8

Hello,

Need some help w/ removing a redirect virus. Everything else seems to running fine after using anti-malwarebytes and superantispyware but the redirect still happens. Both IE and Mozilla, all search engines. Thanks in advance for your help.

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz, x86 Family 15 Model 3 Stepping 4
Processor Count: 2
RAM: 382 Mb
Graphics Card: ATI MOBILITY RADEON 9000/9100 IGP, 128 Mb
Hard Drives: C: Total - 57223 MB, Free - 18353 MB;
Motherboard: Hewlett-Packard , 089C, 31.43, CND5110N2MABCDEF
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:08:43 PM, on 6/18/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbar... Read more

Read other answers
RELEVANCY SCORE 42.8

I've got some kind of malware I can't get rid of that causes pop-ups in my browser and occasionally redirects when I click on a link. This happens in both Firefox and Chrome. The pop-ups sometimes resemble this:Other times it'll be a smaller, non-iPhone-looking box; when you click the "X" it just minimizes into a smaller box that says "Recommended for You". They don't show up on certain websites including Google, Facebook and Twitter. Eventually, I'll click on some link and my browser will get redirected to a different site, and after that the pop-ups will stop appearing until the next time I close my laptop and reopen it, or restart it. I've had a couple of other, nastier malware infections (Internet Security and SmartHDD) appear since this started happening; I managed to kill those but it seems like this is what's allowing them to get in. I've run MBAM, SuperAntiSpyware, Ad-Aware, Spybot, TDSSKiller and RKill and nothing seems to be able to find this thing. TDSSKiller turns up a few things when I click both of the Additional Options boxes, but they seem to be legit files and not threats, although I could be wrong. I've run HijackThis as well, but I'm not really sure what to do with the results; it gives me a message about not being able to write to the Hosts file, and that's something I'm afraid to mess with without guidance. I'm running Windows 7 on an ASUS G60V laptop.

A:Browser pop-ups and redirects

This may possibly be a hosts hijack but lets make sure PC is cleanDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Please download GMER from here(doesnot work on 64 bit OS)http://www2.gmer.net/download.phpTemporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply. DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here

Read other 13 answers
RELEVANCY SCORE 42.8

ebcfb535117f9904a1616c4de8ab7af800c91e3a
 

A:Browser Redirects

You'll have to be a bit more specific if you want help, that doesn't mean anything to me!
 

Read other 3 answers
RELEVANCY SCORE 42.8

Logfile of HijackThis v1.99.1Scan saved at 10:34:59 PM, on 3/28/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\WINDOWS\system32\LxrJD31s.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\System32\tcpsvcs.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exeC:\Program Files\ViRobotXP\vrmonsvc.exe... Read more

A:Ie Browser Redirects

Hi there and welcome to Bleeping Computer ! As you may have noticed already, the forums are very busy at the moment and i have noticed your log has gone unanswered so far!We look at the oldest logs first, and we were wondering that if you still need help, please start by posting a new HijackThis log in this topic and i will then be able to take a look!Thanks very much David

Read other 16 answers