Over 1 million tech questions and answers.

Redirect Virus? Not sure what's wrong but something is very wrong.

Q: Redirect Virus? Not sure what's wrong but something is very wrong.

Good evening and thanks in advance for your help on this. I seem to have a virus or something that keeps redirecting my browser to a google or yahoo error message that says 'page not found', or to google images. I noticed that when I recently installed AIM toolbar it now also redirects me to an AIM page that says 'page not found'. I have also noticed other changes to my computer such as my desktop background disappearing, icons in my internet favorites changing and programs like FlashPlayer disappearing. Here is my DDS text:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Amy at 14:40:15.73 on Wed 07/01/2009
Internet Explorer: 7.0.6000.16851
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1013.215 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\analyze\HijackThis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Amy\AppData\Local\Temp\Temporary Internet Files\Content.IE5\8U02TCMR\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5465E
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5465E
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5465E
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Aim6]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2009-06-25 15:40 <DIR> --d----- c:\programdata\AIM Toolbar
2009-06-25 15:40 <DIR> --d----- c:\program files\AIM Toolbar
2009-06-25 15:40 <DIR> --d----- c:\progra~2\AIM Toolbar
2009-06-25 15:40 <DIR> --d----- c:\program files\Viewpoint
2009-06-25 15:38 <DIR> --d----- c:\programdata\AOL Downloads
2009-06-16 18:21 <DIR> --d----- c:\programdata\Yahoo! Games
2009-06-16 18:21 <DIR> --d----- c:\progra~2\Yahoo! Games
2009-06-16 18:21 <DIR> --d----- c:\programdata\Trymedia
2009-06-16 18:21 <DIR> --d----- c:\progra~2\Trymedia
2009-06-16 18:19 <DIR> --d----- c:\program files\Yahoo! Games
2009-06-13 13:18 428,032 a------- c:\windows\system32\EncDec.dll
2009-06-13 13:18 292,352 a------- c:\windows\system32\psisdecd.dll
2009-06-13 13:18 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-06-13 13:18 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-13 13:18 177,152 a------- c:\windows\system32\mpg2splt.ax
2009-06-13 13:18 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2009-06-13 13:18 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-13 13:18 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-06-11 04:15 2,028,032 a------- c:\windows\system32\win32k.sys
2009-06-07 16:35 <DIR> --d----- c:\users\amy\appdata\roaming\Malwarebytes
2009-06-07 16:35 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 16:35 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-07 16:35 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-07 16:35 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-07 16:35 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-07 16:13 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-05-25 09:45 51,200 a------- c:\windows\inf\infpub.dat
2009-05-24 21:54 20,454 a------- c:\windows\hpoins01.dat
2009-05-24 21:47 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-24 21:47 86,016 a------- c:\windows\inf\infstor.dat
2009-04-24 09:22 827,392 a------- c:\windows\system32\wininet.dll
2009-04-24 09:14 56,320 a------- c:\windows\system32\iesetup.dll
2009-04-24 09:14 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 09:14 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-24 09:11 72,704 a------- c:\windows\system32\admparse.dll
2009-04-24 06:53 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-24 05:25 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-23 06:01 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 05:56 696,832 a------- c:\windows\system32\localspl.dll
2008-12-11 04:10 174 a--sh--- c:\program files\desktop.ini
2008-12-08 19:16 70,056 a------- c:\users\amy\appdata\roaming\GDIPFONTCACHEV1.DAT
2008-09-30 13:54 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:41:31.91 ===============

Thanks again I really really appreciate any help.

RELEVANCY SCORE 200
Preferred Solution: Redirect Virus? Not sure what's wrong but something is very wrong.

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Redirect Virus? Not sure what's wrong but something is very wrong.

Hello acarlson,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

Read other 4 answers
RELEVANCY SCORE 80.4

Hi,

I'm not even sure of the rules for asking for help. I followed a link to this site from a company called Trend Micro. I used thier HiJack This tool, because that's what I seen other people do on-line. They then posted the output of this onto a help site, but if I'm reading the rules right I'm not supposed to do that.

Anyway, I think I have a re-direct virus on my internet and I have no clue how to fix it. I've tried to have a go already on my own, following what advice I could gather from on-line. I've downloaded and ran Malwarebytes and Super Anti Spyware. I also already have McAfee on my PC, which apparently didn't stop this thing getting into my PC.

I don't know much about computers either, just want to get this fixed. Every search I do on internet expolorer or firefox produces sensible results, but the links take me to dodgy sites or incorrect ones.

I would really appreciate some help. I've seen other topics on this website similar, but not sure If I'm supposed to add to those or start a new one. Is each one of these virus different?

If someone doesn't mind helping me, giving simple instructions, that would be great. If I need to put this request somewhere else please let me know too.

thanks in advance
Richard

A:Redirect Virus - Sorry if I've got this wrong!

Hello, HJT and DDS logs are not posted here but in the next ine down. Ley's try something first.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to ... Read more

Read other 5 answers
RELEVANCY SCORE 79.2

I'm a complete beginner at computers so bare with me. Yesterday, I was coping with a redirecting virus that would redirect me to stupid fake ads. I downloaded numerous programs such as TDSKiller from Kaspersky and the one from symantec(I forgot the name). In the middle of my scans, my laptop BSOD'd. I tried to start it again but once I pass my login screen, I bsod again. In every mode, including safe mode it would still bsod after 5 seconds after the login screen. I tried using system restore in safe mode with command prompt by typing rstrui.exe but it said, that my system restore has been disabled(WHAT?!). Now I'm out of ideas to help save my laptop. What should I do now to fix this?
 

A:Help! Redirect virus gone horribly wrong!

Read other 10 answers
RELEVANCY SCORE 78.4

Hi there,
sorry if I've come to the wrong forum but I seem to have some redirect spyware on my laptop that keeps sending me to sites I really don't want to be going too!
Would it be possible for me to post the log file from HiJackThis here and perhaps someone with more of a clue about these things could tell me which items I need to 'fix'??
thanks in advance

A:Redirect Virus Thingummy (sorry If This Is In The Wrong Place)

Click on this link to post your HJT log:http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/Mention in the title that it's Vista . Give as much information about the redirection as you can.

Read other 1 answers
RELEVANCY SCORE 69.2

With Windows 8.1, I am now having problems displaying and importing jpegs.   They show in odd colors, with a lot of black in them.    This wasn't the case early on, but now jpegs are impossible to work with for me.   I
only use -- Windows Photo Viewer, and place them in WORD documents.  Nothing fancy.   I cannot find a resolution here or anywhere.  Can you help?
.....
This is crazy.  When I try to save the BAD image, it looks horrible (blue, purple, heavy black frame) on my screen in PHoto Viewer, but I import it here and it looks fine.  Please, help.

Read other answers
RELEVANCY SCORE 69.2

To all -

My first post in this forum, but I've been around the block a few times building my own machines (and for others), but a month ago i ended up springing for a dell xps 8300 desktop b.c i got a great deal on a scratch and dent system with an i7-2600 processor, 1.5tb drive, and an ATI 5770 1gb graphics card.
So long story short I've added one component and upgraded one existing component. The first was adding an SSD drive to the mix, which worked out wonderfully (i boot from power off to desktop in 13 seconds). Very pleased.
The second seemed to be just as successful...I replaced the stock PSU (460watts) with an Antec 650watt continuous power PSU (certified and all). Reconnected all the cables, crossed my fingers, turned on the power supply...got the green light on the motherboard so turned on the computer and all was fantastic!!!
The catch is..........I didn't notice until hours later i'd not heard a sound from the computer in quite some time. Tested by playing a few songs and nothing.

Here's where i got lost. In the "playback devices" (right clicking on the audio icon in the task manager tray) it shows the music playing (as in the levels are bouncing up and down). First thought - i'm an idiot and plugged my speakers into the wrong hole.....not the case. Second thought - speakers could be toast - not the case. Tested speakers on mp3 player and tested the audio cable by plugging headphones in the front audio ports (th... Read more

A:Dell XPS 8300 desktop PSU upgrade gone wrong, horrible wrong....no audio!!

Read other 6 answers
RELEVANCY SCORE 68.4

Last night, My MS Paint GUI went screwy.

It looks like it is out of Aero mode or something, but Aero troubleshooter found no problem & everything else is fine. I was having an issue with a video game for PC (full screen) which normally fiddles with the Windows theme, but I honestly dont know.

I dont like the adjusted look, and fear this is one of those simple problems with a insanely complex solution.

Thanks in advance, back later

:3

This image shows what it should look like (Top) and what mine now looks like (Bottom).

A:MS Paint GUI wrong- Perhaps stuck in wrong mode- Example shown

I don't mean to insult your intelligence, but I have to ask because it's not mentioned: have you rebooted?

Read other 8 answers
RELEVANCY SCORE 67.2

Times past, I used to take care of viruses and spyware on my own. But this thing is out of control.
So, it started when I installed Gimp 2 on my system - there may have been other spywares present before, but something was definitely unleashed at this time, probably because I wasn't careful about the download site I used.
It started with a redirect in firefox: after a google search, I'd click on a link and a little greenish swirly icon would appear in the tab and it would be redirected to random sites about house cleaning and weddings and lame-o search engines. This only happened with less common sites (especially spyware forum sites...grr).
Well, perhaps foolishly, I set about installing various spyware and virus killers (malware bytes, spybot, windows defender, Avira, etc). They found all manner of things. The system seemed pretty clean. But the problem was still there. After running the Eset online scanner, the redirect actually stopped for a few minutes...then came back. Now, though, that computer can't access the internet anymore. I booted with the Hiren boot disk, and was able to go online. I installed an ethernet card and that worked for a little while, then stopped. But when I log in to the current OS, I cannot go online. The connection is there, but it is bad. I tried doing a repair install of Windows, but that didn't help. I also uninstalled all malware killers besides Avira.
These logs are a little out of date, but I am wary of running scans on my poor system ... Read more

A:Gah. Help. Redirect Bug gone wrong.

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see fresh logs from dds and gmer in order to help you.

------------------------------------------------------

Read other 12 answers
RELEVANCY SCORE 66.8

Hi everybody,
since friday we have a strange problem with some clients and ARP answers. We notice that our switch recognize wrong MAC addresses on some ports.
We use wireshark to see what happens and we get the following:
5 clients:

172.30.71.6 (XX:XX:XX:F7:52:75)172.30.41.1 (XX:XX:XX:38:d1:a8)172.30.63.1 (XX:XX:XX:c2:b0:b9)172.30.14.1 (XX:XX:XX:88:c7:4f)172.30.59.1 (XX:XX:XX:7b:67:4d)
Wireshark runs on client 1 (172.30.71.6, promiscuous mod off)
Client 5 (172.30.59.1) send a broadcast arp question (who has 172.30.41.1 - tell 172.30.59.1) and client 1 (172.30.71.6) is sending ARP replies with src = XX:XX:XX: 38:d1:a8.

172.30.41.1 (XX:XX:XX:38:d1:a8) is offline (network cable removed) and 172.30.71.6 has no entry of 172.30.41.1 (XX:XX:XX:38:d1:a8) in his arp cache.
The clients run Windows 7, Windows 8 and Windows 8.1
Why we get these phenomenon and how can we solve it? Is there maybe a problem with some updates of the last patchday? 

Thanks for the reply and kind regards

Bernd

Read other answers
RELEVANCY SCORE 66.4

Hello, My problem is that I am redirected occasionally to wrong websites when I search in google or yahoo and click on the results. I tried several anti-malware programs but couldnt find anything. I'm also using Mcafee internet security. Here I put the log file from hijackthis.Any suggestions?Thanx.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:18:00 PM, on 1/10/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\WINDOWS\Explorer.EXEC:\Program Files\McAfee\MPF\MPFSrv.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDO... Read more

A:url redirect to wrong website

Hi,Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTDownload GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable. Double click the exe file. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Read other 8 answers
RELEVANCY SCORE 66.4

hello all;
my dad told me about the problem he was having on this computer and the first thing that came to mind was come here!! He has McAfee security and its apparently not catching what is wrong with his computer.
i just downloaded HJT v2.0.2 hopefully this is the newest version out to date. the log is posted below.

thank you,
M.A.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:54 AM, on 7/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Write DVD!\saimon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iT... Read more

A:Google redirect and anything else you see wrong.

buMP! thanks = )
 

Read other 3 answers
RELEVANCY SCORE 66.4

I was infected with the Security Tool malware last night. I was browsing the web using Firefox version 3, which crashed just before the infection began. (It is a rogue antivirus software that brings up false infection alarms. It also hijacked my web browsers and blocked all virus/malware removal applications from running.)I successfully killed Security Tool as follows:- Downloaded and ran the Sysinternals Process Explorer (procexp.exe). I needed to rename "procexp.exe" to a random name so Security Tool would not recognize it. Used procexp.exe to kill the Security Tool process.- Downloaded and ran Malwarebytes' Anti-Malware to remove the Security Tool FilesNow I seem to be having a residual problem whenever I do a internet search using a search engine (have tried both Google and Bing). When I click on any of the search results, I am redirected to a complete unrelated site (which is different every time). What is consistent though is that the page icon always resembles either a blue squiggle or a green globe. I tried searches in both Firefox and IE - the problem occurs in both browsers. I am able to type or copy/paste a URL directly into the browser and get to the correct page.I have cleaned out all cookies/temporary internet files/etc and I have run both AVG and AdAware to try to clean-up the problem. I also tried to use StopZilla last night to fix the Security Tool program, but I did not want to pay for the software so I have since uninstalled it.I have do... Read more

A:Browser Redirect to Wrong URL

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab and then scan.Don't check
Show All
box while scanning in progress!When scanning is ready, click Copy.This copies log to clipboardPost log in your reply.

Read other 3 answers
RELEVANCY SCORE 66.4

I hope i am folling rules right way. i have small repair shop and it seems to have got hjacked. when i hit ie type in addresws it goes but if i click on a link say in google after doing a seaerch it goes where it like and sae for FF. i have norton 360 running also now have triel of avg and i have tried this kaspersky 911 removal tool and it works the first time i click a search link then after that it hjacks it agin. i have ran scans all day othing works. i have my log so it qwill be posted below. its just a bestbuy compaq nothing fancey but i need it bad. any help would be thankfull very much so....

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Ultimate , 32 bit
Processor: AMD Athlon(tm) 7550 Dual-Core Processor, x64 Family 16 Model 2 Stepping 3
Processor Count: 2
RAM: 2942 Mb
Graphics Card: LogMeIn Mirror Driver, 3 Mb
Hard Drives: C: Total - 293688 MB, Free - 236605 MB; D: Total - 11554 MB, Free - 1629 MB;
Motherboard: PEGATRON CORPORATION, NARRA5, 5.00, MB-1234567890
Antivirus: AVG Anti-Virus Free, Updated and Enabled

hj log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:38 AM, on 4/20/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\vVX3000.exe
C:\Program Files\Common Files\Java\Java Update\jusche... Read more

Read other answers
RELEVANCY SCORE 65.6

Hello,

My ISP is SBC/Yahoo. I have a SBC email account & a Yahoo web base email account. However, when I set up to use the SBC configuration on my MS Outlook to retrieve email, it get redirect to the my Yahoo web base account.

If anyone out there has the same problem, please let me know how I can resolve the problem.

Thanks in advance.

Charlton
 

Read other answers
RELEVANCY SCORE 65.6

Is it just me or is everyone getting this virus all of a sudden? But fear not, I have nothing like it....well. Okay I DID but I read through countless posts by the dude with Barney Stinson/Neil Patrick for his avatar, and he helped me out MAJORLY with his posts on CF, RIFS (or w/e it is...random/random), Smithfraudfix, etc.Either way..as a lot of people report..I too am one that have been rid of this "Virtumonde" virus...it took 15 straight hours until the last 6 hours I came to these boards and found my solution. Thankfully.But I have another problem: Google STILL redirects wrong going through : v1.adwarefeed.com. No matter whatHere's the catch..I turn off "Javascript" and it never does it again..but...I NEED javascript! >_< Help! Either way, I have the log below>:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:31:55 AM, on 2/9/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\... Read more

A:Google Wrong Redirect? Weird

RISIT LOG:Logfile of random's system information tool 1.05 (written by random/random)Run by Michael at 2009-02-09 10:42:19Microsoft Windows XP Professional Service Pack 2Total RAM: 8067 MB (29% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:42:22 AM, on 2/9/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\DRIVERS\CDANTSRV.EXEC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exec:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\WINDOWS\vVX3000.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\... Read more

Read other 6 answers
RELEVANCY SCORE 65.6

Help I have been working on this for three days!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:51:59, on 8/20/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16711)Boot mode: NormalRunning processes:C:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\WTablet\Pen_TabletUser.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Apoint\ApMsgFwd.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Sony\VAIO Camera Utility\VCUServe.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Babylon\Babylon-Pro\Babylon.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Windows\System32\mobsync.exeC:\Windows\System32\hkcmd.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrot... Read more

A:Firefox And Ie Redirect To Wrong Site

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

Read other 2 answers
RELEVANCY SCORE 65.6

Folks,

I'm having a strange problem, and I am unable to find anything in my Hijack This log, nor is SpyBot able to locate anything.

Does any of you see anything amiss in here?

Here's the problem:

i) When I type in a page in IE that does not exist,
instead of getting the default DNS error page
I get directed instead to the following page:

"www. <typed URL>.org"

and a search page http://www.your.com/index.php?nf=1
pops-up!!

This is highly, highly exasperating. Just when I thought I'd cleaned out the last of the viruses, worms, and other garbage
plagueing my computer for the last few weeks!

Will the head honchos on this site provide some insights please!

Thanks much.
-Vishal

######################################
Logfile of HijackThis v1.96.0
Scan saved at 11:30:08 PM, on 8/29/2003
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\syste... Read more

A:IE Redirect on typing wrong URL: I'm stumped!

Wish I knew how this happens.

www.msn.com www.msn.com.org
www.microsoft.com www.microsoft.com.org
www.hotmail.com www.hotmail.com.org
 

Read other 1 answers
RELEVANCY SCORE 64.8

Hello there!The past couple days I've started to notice strange goings-on when I've been using Internet browsers (Firefox and IE).When I do a Google search, it will bring up the search results as normal.But most of the time, when I click on the links, I will be redirected to pages from websites such as:info.co.ukofficialmed.orgmorphinkids.comdrcody.cometc. the list goes on!I've ran Malwarebytes' Anti Malware and it says I have no infections.AVG scans show no unusual behaviours.Heres the Hijack This log;Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:18:52, on 29/04/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSSystem32wltrysvc.exeC:WINDOWSsystem32Ati2evxx.exeC:Program FilesAVGAVG9avgchsvx.exeC:Program FilesAVGAVG9avgrsx.exeC:WINDOWSSystem32bcmwltry.exeC:Program FilesAVGAVG9avgcsrvx.exeC:WINDOWSsystem32spoolsv.exeC:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exeC:Program FilesAVGAVG9avgwdsvc.exeC:Program FilesBonjourmDNSResponder.exeC:WINDOWSsystem32cisvc.exeC:Program FilesDigidesignDriversMMERefresh.exeC:Program FilesAVGAVG9avgnsx.exeC:Program FilesJavajre6binjqs.exeC:Program FilesMediafourMacDrive 8MacDrive8Service.exeC:Program Fil... Read more

A:Google links redirect to wrong websites

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%appdata%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exenetsvcsmsconfig/md5startproquota.exesfcfiles.dlleventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dllbeep.sysiaStor.sysnvstor.sysatapi.sysnvatabus.sysviamraid.sysnvata.sysiastorv.sys/md5stopCREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

Read other 12 answers
RELEVANCY SCORE 64.8

I dont know what is going on with my computer, whenever i try to click on a google link, it will frequently go to a different page.



Logfile of HijackThis v1.99.1
Scan saved at 11:28:06 AM, on 10/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\calc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:... Read more

A:Search links redirect me to wrong page

Duplicate....Yodaddykg, do not create more than one thread for the same topic.

Your active thread is here:

http://www.techsupportforum.com/showthread.php?t=122203

Read other 1 answers
RELEVANCY SCORE 64.8

Awhile back I was on a university network and the sysadmins booted me saying my computer was contacting a known malicious server adn was infected and controlled remotely. I downloaded AVG and it found a virus but I've suspected that it didn't get everything. I believe google has been redirecting me to the wrong websites occasionally (not consistently) because I will click on something and the URL will not match when I arrive there and the site doesn't represent what I expected to see. DDS log is below and I would appreciate your help!.DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_18Run by DB at 22:07:26 on 2011-07-21Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2037.1059 [GMT -5:00].AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Apps\AVG\avgchsvx.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows�... Read more

A:Google links redirect to wrong site

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 16 answers
RELEVANCY SCORE 64.4

My ISP (windstream) is claiming nothing is wrong when my town is having trouble connect to internet itself. I don't know about other towns, never go there. I am suppose to have 12 Mb and The most I have had in the past 2 weeks is 3. Friends have even less somehow. Usually 10AM-10PM the average is 300 Kb. I have to pause a video for 10 minutes to load a minute sometimes.

They claim nothing is wrong. Anyone translate that into something that can be wrong?
 

A:ISP is claiming nothing is wrong when there is, any ideas on what's wrong?

Read other 16 answers
RELEVANCY SCORE 64.4

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 8
RAM: 12240 Mb
Graphics Card: NVIDIA GeForce GTX 670M, -1024 Mb
Hard Drives: C: Total - 190425 MB, Free - 10048 MB; D: Total - 264644 MB, Free - 20230 MB;
Motherboard: ASUSTeK COMPUTER INC., G75VW
Antivirus: Windows Defender, Disabled

for the graphics card it says 1024 mb, but the sticker on my laptop says 3 gigabytes.... ik i had the 3 before i reset to factory...
is there just a way it doesnt detect right or what
 

A:The sysinfo tool is wrong or my pc wrong?

Check your drivers http://www.geforce.co.uk/drivers/results/70187
 

Read other 2 answers
RELEVANCY SCORE 64

First I had some Google redirect programs and anything on fullscreen was minimized whenever it wanted to be minimized. I cleaned up and got rid of a few things, solved the minimizing problem, then started to delve into the redirect problem. Typically I don't have issues figuring things out like this, just follow a few steps, and off I go. However, this one I tried some things- Spybot, Lavasoft, Eset, MBAM, Hitman Pro- and after Hitman my computer stopped letting me use the task manager and the dock (on Vista) won't load when the computer reboots. Additionally, the Google problem still exists (I noticed that Google itself will work on any link except the top link, but the mozilla/google homepage combo automatically redirects to .ca site). As I write Esets is running and finding a butt load of stuff that nothing else was finding, I'm going to save the archives, but in the mean time I have DDS logs I can share with you.DDS: DDS (Ver_10-10-10.03) - NTFSx86 Run by LuvBug at 21:17:29.81 on Fri 10/15/2010Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.2012.902 [GMT -5:00]AV: Smart Engine *On-access scanning enabled* (Updated) {61F6ED74-5D78-448E-9987-E484D320C0B8}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}FW: Smart Engine *enabled* {44249C2C-9647-4B99-80F8-C731FA2CB206}============== Running Processes ===============C:\Windows\system32\wi... Read more

A:7 million things wrong with Google redirect and Hitman.

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 64

Hi
The family laptop (mainly used by my teenage daughter for MSN) has developed an issue whereby when Google is used to search for a topic then any resultant links clicked upon redirect to a completely different site (usually advertising but not always). This doesn't seem to happen with a different search engine I tried - dogpile

I used MalwareBytes to scan the computer and it reported one virus which I deleted successfully (no longer shown on subsequent scans). However, the redirection is still happening.

On searching the web (via another (hopefully uninfected) computer) I saw suggestions of downloading/running hijackthis and posting the output on a clever forum such as this one. Log output below.

Other info: After running MalwareBytes Chrome no longer opened successfully so I have uninstalled this for the time being.
Currently no viruses.malware being shown in MalwareBytes or ParetoLogic PC Health Advisor
Hoping someone on this forum can suggest how to proceed from here:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:58:48, on 12/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS&... Read more

A:Google links redirect to wrong page when clicked

Apologies for posting in the wrong forum.
Once in the correct forum I read the pre-post instructions and am using this reply to add the DDS and GMER logs

Read other 5 answers
RELEVANCY SCORE 63.6

Can someone please help, I did a dumb thing.
I tried to move the folder 'Contacts' from my User Files folder into the C:/ drive and it turned into the Program Files folder.

Now I see 'Program Files' in my User Files folder. If I try to restore the programs files folder, it tells me the default location is:
C:\Users\MyComputerName\Contacts

Program Files should not be Contacts! How do I get the Program Files back into the C;/ folder without having reference to Contacts? Thanks so much in advance.

Oh, and if I tell it to 'Find Target', it tells me that the Contacts folder doesn't exist. How do I restore my Program Files folder??

A:Help! Folder Redirect moved my Program Files to wrong spot

After over an hour of searching, I finally found a thread that solved my problem. Thanks!
User Folders - Restore Default Location - Windows 7 Help Forums

Read other 1 answers
RELEVANCY SCORE 63.6

My computer has been infected with malware which redirects search engine searches to random sites, including other search engines.

I tried to run Malwarebytes but I could not connect to the internet to get updates. I uninstalled MBAM and tried to reinstall it but could not connect to the website. I downloaded a copy onto a memory stick and tried to run it from there but I get error messages (I have screen shots but can't work out how to attach them to this post).

I have tried to run multiple different versions of rkill but it only seems to block itself. One version identified some other files which it blocked (I've also got screen shots of the reports) but I still can't get MBAB to run. I also tried to download the SUPERAntiSpyware Free mentioned in one of the threads but again got an error message from iExplorer when I clicked the download button.

I also notice that the Windows button has changed from grey with black writing to a big green button with white writing.

I have followed the steps in Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help. Various reports attached.
Thank you in advance for your help.
 DDS.txt   15.53KB
  1 downloads
 malware_removal_log.txt   1.03KB
  0 downloads
 ark.txt   104.07KB
  0 downloads
 defogger_disable.log   484bytes
  0 downloads
 Attach.txt   14.35KB
  0 downloads

A:Browser redirect malware & wrong 'Windows' button displayed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

Read other 2 answers
RELEVANCY SCORE 63.6

Title says it all. No idea how I got it but a 1 week old system restore did not fix the issue. Also used AV (avast), Ad-aware and Advanced system care to no good results (nor detected anything wrong).

I also need history on this crap since I am very frustrated and want to know how to avoid...
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Jason at 21:38:26.37 on 05/08/11
Internet Explorer: 9.0.8112.16421
Microsoft Windows?7 ?dition Familiale Premium 6.1.7601.1.1252.2.1036.18.3758.1314 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows&#... Read more

A:Google results redirect to other (wrong/adult/spam) sites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 16 answers
RELEVANCY SCORE 62.8

Hi

This had been bugging me for a while, so i'll appreciate any help i can get on the matter

when searching on google, clicking a link will often bring up an incorrect website, usually another search site or ebay.

when trying to connect to the windows update service, i am unable to download any updates and get the error code 80244019 (any ideas what that means?)

i have downloaded malwarebytes anit malware and ad-aware, but neither will connect to update.

im running vista 32-bit premium with mcafee virus scan (doesnt turn up anything in a scan)
the problem is in internet explorer 7, tho i havent used firefox in a while so it may be present there too
anyone got a clue what to do?

cheers
chris

A:Google searches redirect to wrong site / windows update not connecting

ok, mbam has found and deleted something called 'dnschanger', and it appears that my searches will work properly now

windows update is now also updating.

anything i need to do, or do you think this problem is fixed?

cheers

Read other 1 answers
RELEVANCY SCORE 61.6

Hi,

For the past two days my PC has been acting up, and despite Norton not detecting any virus I'm wondering if my PC has "caught" something, or what else could cause the problem.

The first problem is, that it takes about 2-3 tries to start my PC, as it always shuts itself down again for protection. I get a blue screen, which tells me that there has been a problem and it's shutting down now. I think this is caused because relevant updates for the PC (especially for Outlook Express, as trying to open it always causes problems) havent been done. This leads to the next problem, as I can't do any updates at them moment. Whenever I try to download anything (I tried downloading some free Anti-Virus software as an addition to Norton), once the file is downloaded and I try to extract it I receive the error message "The states modul cannot be found" (This might not be the correct wording, as I use the German version of Windows Vista). This also happens with a number of other programmes/ files on my PC, for example when I try to defragment or do a live update for Norton.
Another problem I have is that I can't uninstall any software. I get a message stating that an error occured and the programme might have already been uninstalled, which is not the case.

Does anyone have an idea if this could be a virus that Norton just can't detect and if yes how it can be fixed and if not, what else could cause the problem.

I would really appreciate a... Read more

A:Can anyone tell me if my PC has a virus, or what else could be wrong with it?

Hi,

It seems that the problem is caused by what is described in these two links:

http://www.spywareremove.com/removedfrguiexe.html
http://www.spywareremove.com/removeDeskBar.html

It doesnt work for me to fix it that way, maybe because I use Vista or because it's a mutated form of the problem or maybe because I just dont know about computers, but I thought I post the links anyway, maybe they can help someone else.
 

Read other 1 answers
RELEVANCY SCORE 61.6

Something is wrong with my computer and I can't figure out what.

It's an older computer, a Dell, running XP. I usually use Firefox as a browser. I keep the windows updates updated.

Initially, the computer refused to update Malwarebytes, which is what tipped me off there was a problem. When I tried uninstalling and reinstalling it, it said the file was corrupted. Using advice posted somewhere here, I downloaded Malwarebytes on another computer, renamed it, put it on a zip drive, and was able to then install it on my own computer successfully.

Full scans last night with Malwarebytes and with Superantispyware turned up nothing wrong. I run AVG (free) and in the past two weeks its resident shield has caught three trojan downloaders, one that says "backdoor." Two of these were automatically moved to the AVG virus vault; one wasn't, and once I spotted it I deleted it, but I don't know if AVG had stopped it from running or not.

So these programs are telling me there's nothing wrong (an AVG scan also said everything was fine). But then I tried today to run Autorun, and the computer says the zip file is corrupted. I tried Unhack me and it said that zip file was corrupted too. I tried the ESET program but it didn't work properly (numerous times), because it never gave me the Active-X installation option -- in the window I just see a little tiny box, and clicking it does nothing.

So I'm assuming there's still something nasty on my comp... Read more

Read other answers
RELEVANCY SCORE 61.6

Hello guys, the problem is this:

My computer is running very slow, specially when using Internet, also when I use a USB memory my folders appear as if the were shortcuts, I can still open them though.

Also, someone hacked my hotmail account, so Im very worried about my computer. Here are the files.

I cant seem to upload my ark file, everytime I try to do it, it says the website is having a delay. I tried uploading it in another post but I had the same results...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:15:56 p.m., on 11/10/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19120)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Windows\Windo... Read more

A:Something is wrong, possible virus?

I am double posting because if I post everything at once it wont load, I dont know why.

Here is the ark file.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-11 11:40:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542525K9SA00 rev.BBFOC33P
Running: 7p3leqxh.exe; Driver: C:\Users\Saul\AppData\Local\Temp\pwtdypod.sys
---- System - GMER 1.0.15 ----

INT 0x62 ? 86E3DF00
INT 0x62 ? 86E3DF00
INT 0x72 ? 86E3DF00
INT 0x72 ? 86E3DF00
INT 0x81 ? 852AEBF8
INT 0x82 ? 86E3DF00
INT 0x91 ? 852AEBF8
INT 0x92 ? 86E3DF00
INT 0xA1 ? 852AEBF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spyz.sys The system cannot find the path specified. !
PAGE ataport.SYS!DllUnload 82A8DB2E 5 Bytes JMP 852AE1D8
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A75B000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A7A4000, 0x510, 0x40000040]
.text USBPORT.SYS!DllUnload 8ED0441B 5 Bytes JMP 86E3D4E0
? C:\Users\Saul\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Last.fm\LastFM.exe[124] ntdll.dll!LdrLoadDll 771893A8 5 Bytes JMP 00165300
.text C:\Program Files\Last.fm\LastFM.exe[124] ntdll.dll!NtEnumerateValueKey 771C46E4 5 Bytes JMP 00166390
.text C:\Program Files\Last.fm\LastFM.exe[124] ntdll.dll!NtQueryDirectoryFile 771C4C04 5 Bytes JMP 00166640
.text C:\Progr... Read more

Read other 1 answers
RELEVANCY SCORE 61.6

Hello,I'm not sure if I even have a virus or malaware, etc., but my computer "seems" to be running all wrong, and as such I will post a Hijack This Log here. If some one who is more knowledgeable than myself--and that's pretty much anyone here; but, if some one would take a look at this I would be quite grateful. If you need anything else, let me know. Joe[[BEGIN: Hijack This Log]]Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:39:26 PM, on 9/1/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\services.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Windows\system32\Dwm.exeC:\P... Read more

A:Something Seems Wrong, But Not Sure About A Virus; Any Help?

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

Read other 2 answers
RELEVANCY SCORE 61.6

My desktop at home has been running slow the last week (my laptop at work, too)... I ran Superantivirus, adaware and spy-bot and both machines... found a few malware items on them... still, running slow. I then found a virus message on my laptop at work today (indicating a cleaned file that needed to be deleted; it was a corrupted file within my Killbox folder!)... anyway, it seems best to post a log. The desktop log follows. Can anyone help me with any potential problems?

*********
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:54 AM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\BroadJump\Client ... Read more

A:HJT Log... anything wrong (virus?)

Any help?? (Is anything wrong from the log info?)
 

Read other 1 answers
RELEVANCY SCORE 60.8

Early this year 1/1/09, I had the help of another forum (Internet Inspiration - They were great) and I thought I was clean, but I had a few indications that maybe I still had a remnant.
- When I open word docs I get a warning that the file is already in use by another user (I did set up another user at one point but have since deleted it)
- I hear that windows "thud" every so often (a search on this site lead to that exact thread (http://www.bleepingcomputer.com/forums/index.php?showtopic=212192&hl=background%20processes&st=45) which lead me to register and ask your help. I am trying to attaching a .bmp of my task manager as there are 2 tasks that do not belong.

One is related to a user profile that has been deleted and the other is linked to "owner"

I still have several of the programs from my previous battle loaded on the computer. MBAM, Combofix, Killbox, and am using the f-secure product for protection from my Cable ISP.

I ran adaware and removed a piece of malware it found, but It will likely be back. I ran simple scans for malware after that using f-secure, as well as a rootkit scan and at that time both came up with nothing.

Thanks for reading this.
PS - I'll need a brief lesson in attaching images. I tried to link to my picasa album but that was a no go. If the thread I added a link for was followed you would see the same 2 tasks (different letters hvvxvijy for example) as that person had.

Again, thank you.

A:Had Virus once thought it was gone..wrong?

Hi,First, delete ComboFix and Killbox immediately.This, because those tools can damage your computer when you don't use them the right way (with a supervising person of the HJT-group).After this, do the following:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed ... Read more

Read other 10 answers
RELEVANCY SCORE 60.8

A couple of weeks ago, I turned on my computer and a message popped up that a new network was allowed into my trusted zone. I hadn't changed any settings or connections before, so I found that suspicious. Then, I started getting messages asking to accept or deny access to the internet. Now, I have to click multiple times on program icons on my desktop in order to open them, and I am getting randomly booted from the internet. My Norton scans say nothing, but my HijackThis log is below. If anybody can help, I would greatly appreciate it.

Thank you,
Shawn

Logfile of HijackThis v1.99.1
Scan saved at 2:11:18 PM, on 12/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program ... Read more

A:Virus scans say nothing, but something's wrong

Read other 6 answers
RELEVANCY SCORE 60.8

I just found out today that my sis visited a site and now I have some spyware. I removed the spyware using malwarebytes. But when I visit google.com, it redirects me to google.de and then when I try to login it says something about invalid security certificate and then 5 minutes ago while online, another virus pop up popped up and I exited the browser. Ive scanned with avir antivirus, malware bytes, super antispyware, and it still cant find it. Can anyone help me? Ive checked date and time and they are correct, cleared cookies, and I even downloaded spybot but it wont run for some reason just like my antivirus did a while ago until I ran malware bytes and got some of the malware off my computer.

I have a hijackthis log and I think a malware bytes log if I can find it. Let me know what I need to do. Thanks

A:Somethings Wrong, Virus - Help?

Hello ....please post the MBAM (MalwareBytes) logThe log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Post the SAS logTo retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Read other 3 answers
RELEVANCY SCORE 60.8

Hello,
I have a Dell desktop computer with Windows XP. Everything had been working fine, up until 2 days ago. On Tuesday, I turned on my computer like usual and I noticed that my monitor was not normal. I could not see anything on my desktop. It was black. And also, the power button was blinking green every 3 seconds and would not stop, until I actually removed the plug from the surge protector.

Yesterday the same thing happened when I turned on my computer, but today, when I turned it on, I could see my desktop and the power button was normal green and not blinking. I was happy, until I moved the mouse and the cursor was frozen. Now, it seems like my desktop monitor is fine, but my mouse isn't normal? I unplugged the mouse from the tower and plugged it back in, cleaned out the mouse, and it's still frozen.

Does this sound like a virus or could there be something wrong with my mouse, monitor, or something internally?
 

A:Virus or something else wrong with computer?

Read other 6 answers
RELEVANCY SCORE 60.8

Hello , this is my first post . I have a Laptop for my Job and use wireless Internet. Recently I was deceived and run an unknown .exe file. Although my PandaAntivirous said it was a clean file , unfortunatelly it wasn't. Since then my computer is slower and very often open sites with games and advertisments. Very often i see that the % use of cpu of the computer goes up to 100% and tha pc stalls for a few minutes.

Can you please help me clean my computer?

Sincerely,
Boubalos Christos

ps. logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:32 &#960;&#956;, on 17/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\P... Read more

A:Downloaded wrong .exe & now I have ad virus

Read other 16 answers
RELEVANCY SCORE 60.8

i just bought this computer in January 2011 and had a lot of problems w/ it.

1) At first it wouldn't go on certain webpages. (for example I could get on gmail not yahoo). The help screen said it was the router or there were no issues. i had to look online (on a different computer) and find out i had to turn off all my plug in to get it to work.

NOW
i keep getting an RUNDLL error message every time I turn it on. Can someone tell me what that is?
it says specified module could not be found: C:\user\[my name]\appdata\local\upifitizoyiziyem.dll

The internet and all offline programs are running really slow and they keeps freezing or shutting down on their own or won't come up at all.

Every time I try to shut down my computer, I have to force close Toshiba bulletin board (which I never used) and a program that is running in the background and I have no idea what it is or why canít I find it

Windows media player is completely messed up. my downloaded music won't go into the library. i have to make a playlist and put my songs in that. but yesterday i got some error message and half of my songs disappeared. i can't export the songs from the windows player either. i looked online and it all says the player is corrupted due to installation error when upgrading to windows 7. but i never upgraded to windows 7. It came with the computer. I tried some of the solutions anyway but I canít delete wmdb file because windows said the media center was open, even though ... Read more

A:i don't know what's wrong? windows 7 or virus

Read other 6 answers
RELEVANCY SCORE 60.8

Hi,
I went out of town for almost a month. My dad and husband used the computer while I was gone. I don't know that they did anything but since I have been back I have noticed when trying to go to a link in my Favorites menu, it will take me to a completely different website, one that I don't even have in my favorites, nor have ever visited. Also, I have Norton Internet Security which also has pop up block and ad blocker on it. Before I left I never got pop ups or had ads, but now I get several. I have run Trend Micro virus scan and Norton virus scan and nothing has come up. I have run Spybot and Adware 6 and deleted everything that came up. I have run cwshredder and nothing. I don't see anything in my Hijack Log but I'll post it on here anyway. If someone can help me or if anyone else knows what it could be, I would really really appreciate it. Thanks so much.
Here's my HJ log:
Logfile of HijackThis v1.97.7
Scan saved at 11:50:33 AM, on 6/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EX... Read more

A:Virus?? Worm?? What's wrong?

Hi

The only thing is "WeatherBug"....not a very nice program.
http://www.pchell.com/support/weatherbug.shtml
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
If you choose to remove it,fix its o4 line in HijackThis and delete the folder in safe mode.
 

Read other 1 answers
RELEVANCY SCORE 60.8

Situation 1
-------------
Hello. I had &#8220;music store card&#8221; [gift card] that I received as a birthday gift lying around so I figured let me it out. Anyway, I purchased 3 songs from iTunes.com. Attempted to burn them. It didn&#8217;t work I got some sort of write error on the CD.

While in main screen I clicked Edit > Preferences > Advance > Burning: Discovered that the settings were set to burn an Audio CD. However, I was using a Data CD. Is this why it didn&#8217;t work? Last I read up it should have worked. The disk was a CD-R Memorex Cool Color CD-R. This shouldn&#8217;t have proven to be a problem right?

This disk can&#8217;t be played in Xbox (original not Xbox 360).

Situation 2
-------------
In another situation I tried burning a copy of and an mp3-to-Audio-CD.

When copying the Audio-CD I was using Nero Burn Ultra Edition 6.6.1.4. Got the error message saying along the lines of &#8220;write fail, unable to finish end session.&#8221; Same thing happened when I was trying to make an mp3-to-Audio-CD, except I was using Microsoft Windows Media Player Version 10.0.

This disk can&#8217;t be played in Xbox (original not Xbox 360).

So what am I doing wrong? Here are my objectives:

1) Want to burn audio CDs that will play in cars, stereo systems, DVD players, Xbox, and Xbox360 &#8211; when I get it . If I keep purchasing music from iTunes.com, this may prove difficult?

2) What media should I use for what ty... Read more

A:Burn Audio CD Wrong and Having Probs. What am I doing wrong? "What is the right Way?"

Read other 8 answers
RELEVANCY SCORE 60.4

My explorer keeps getting error reports and shutting down the window. I don't know why, is it possible i have a virus?
 

A:Solved: Something is wrong with my explorer, i think i have a virus

Read other 16 answers
RELEVANCY SCORE 60.4

So... I had that mllmn.exe or whatever problem. Saw someone else had it fixed and thought I had it.... Then... blammo! All these pop-ups keep appearing on the internet, I lose my start bar... all sorts of wrong. I'm just wondering if you have had this one before.

Here's my log for reference fyi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:27 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.ex... Read more

A:Virus Removal Gone Horribly Wrong!!

Read other 7 answers
RELEVANCY SCORE 60.4

Hi, need your help, please.
Was working online while travelling and hit by something called windows xp recovery .
Had to try a system restore in order to get my work finished in time. My document - folders - disappeared after the restore but found them hidden.
Now my internet is redirecting to odd sites. Also have a pop up from something else called xpnetdiag.exe showing up, that I haven't seen before. It actually popped up during dds scan.

I had to turn on most filters again, ie pop up blocker ie. Maybe due to restore?
But noticing that Default IE browser does not hold at times if I restart system.
Ran Symantec and malwarebytes, but found nothing, ughh:(
here are my logs, and thanks, SS.
----

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Administrator at 16:56:39 on 2011-07-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1368 [GMT -6:00]
.
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WI... Read more

A:Hit by virus now IE opening wrong sites

Hi sspring,

Welcome to TSF.

1. Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place combofix.exe on your Desktop
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here

3. Double click on combofix.exe & follow the prompts.
Note: Windows Vista users will have to right-click on the file and select "Run as Administrator"

4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show ... Read more

Read other 19 answers
RELEVANCY SCORE 60.4

I would really appreciate the help!

Here is my hijack this log:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:50 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Prog... Read more

A:So many things going wrong with my computer, I think I have a virus. Please help!

Hello and welcome to TSF.
Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please post a fresh HijackThis log and I?ll be happy to help you.

Thanks for your patience.

Read other 1 answers
RELEVANCY SCORE 60.4

I just got Starcraft 2 and it continues to tell me it needs to connect to the internet to patch and to check to make sure I am. I am currently posting on the same computer and all other internet seems to work fine. I am wondering if something possibly has set up a proxy and is messing with the connection.

HjT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:17:34 AM, on 7/27/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Jeb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR46... Read more

Read other answers