Over 1 million tech questions and answers.

Pop-ups And Banners On Random Sites

Q: Pop-ups And Banners On Random Sites

I am on a friend's computer, trying to corrct all the issues. Here is the logfile..Please HelpLogfile of HijackThis v1.99.1Scan saved at 2:33:27 PM, on 1/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\sstray.exeC:\WINDOWS\zHotkey.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Browser MOUSE\mouse32a.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exeC:\Program Files\Microsoft Office\Office\FINDFAST.EXEC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\newfrn.exeC:\Program Files\Internet Explorer\iexplore.exeC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htmO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /rO4 - HKLM\..\Run: [CHotkey] zHotkey.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [0s0s0raw.dll] RUNDLL32.EXE 0s0s0raw.dll,b 4314031O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exeO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dllO9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dllO12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dllO14 - IERESET.INF: START_PAGE_URL=http://www.emachines.comO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cabO18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dllO20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

RELEVANCY SCORE 200
Preferred Solution: Pop-ups And Banners On Random Sites

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Pop-ups And Banners On Random Sites

Hello Webguy ATL and welcome to Bleeping Computer

As its been a few days can you please show us a new hijack log and we will see what we can do with it.

Read other 1 answers
RELEVANCY SCORE 60

This virus opens new tabs for specific sites like Roblox and Habbo hotel. It also provides the Infect computer ransom message with 877 number. In addition, it overlays banners on normal pages so that it appears to be integrated into the site. I have run ComboFix, RFKill, Malwarebytes, and ADWCleaner. I think I infected the computer when I clicked on a notice to update my Flash player.
 
Thank you in advance for your help!
 
Scott

A:Ransom virus, new tabs for sites like Roblox, and phishing banners on pages.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/561653 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 10 answers
RELEVANCY SCORE 51.2

Please help me. I am having several problems that I've never had before with my computer and I am now convinced that it is hi-jacked and infected with malware.

The only protection I have used since I got the computer is avast antivirus protection and piriform ccleaner. I have had no malware, spyware or viruses on this computer in the past. I've had it for almost a year.

However my computer has since yesterday (i think) become infected. It has not slowed down much, but whenever I use Google, it redirects me to random sites. Many websites I visit regularly that have never had pop-up ads before now have pop-up ads.

When I went to check my e-mail in Hotmail, I received this message constantly:

"Please refresh your browser window. When you access your Windows Live Hotmail account from more than one computer, we ask you to sign in again to help keep your account private and secure."
At this point I decided to install Spybot, however the website was blocked. I went to download.com and downloaded it and attempted to install but I was unable to, receiving this message:

"Error sending request. The server name or address could not be resolved."

I just installed ad-aware and did a full scan and it found one malware agent and supposedly fixed it, but after rebooting all of these issues are still occuring.

So this brings me to here and now. I just downloaded Trend Micro HijackThis and here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Sca... Read more

A:Google redirects to random sites, some sites blocked, can't install spybot.

Read other 6 answers
RELEVANCY SCORE 50.8

Hello there
it satrted about 7 days ago was using the net to brows ebay , sport facebook, ect . when i started to get re-directed to random sites the ip on 1 on sites was 206.161.121.82 . At the time i was using firefox so i unistalled , and have gone back to IE8 , but still get redirected to random sites . I use Spybot and McAfee and they dont pick nothing up . Plus i used Malwearbytes , and again nothing !!!!! .
Ive got a log from hijack this , and if anybody get chance could please have alook and see if you see anything . Iam a real thick when comes to pc stuff hence why im here . Fofgot to say im using windows XP sp 3

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:35:35, on 19/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee.com\Agent\mcagen... Read more

Read other answers
RELEVANCY SCORE 50.8

I have IE(latest version) Firefox(3.07) and Google Chrome. When i go on Firefox, or IE, or GC, and go to either Yahoo or Google search engine, and search something, and CLICK the link, it redirects me to random websites, usually YellowPages. If i copy and paste the link off of Google and put it in my address bar, it takes me to the site just fine. I contacted my ISP for assistance, and they decided that it wasn't a virus. They had me Reset IE, and IE works again, with searching. Google Chrome works again. But, Mozilla doesn't They had me uninstall Mozilla, and reinstall it, and it was still the same problem. Can anyone help me? My computer HAS been going a little bit slower than usual, so i hope it isn't a virus. Any help would be appreciated, thanks.
 

A:Search Engines Redirect me to Spam Sites and Random Sites

You should take the system through the Virus and Malware Cleaning, attach the three logs and get help with the entries.

Instructions here: http://www.techspot.com/vb/topic58138.html

Redirects are usually due to malware.
 

Read other 3 answers
RELEVANCY SCORE 50.8

In addition to the browser redirects. Boot up time has become extremely long. Often when boot up is complete Macaffee and wireless network adapter are not working. Thanks much for any support you can provide.
RSL
DDS (Ver_09-07-30.01) - NTFSx86
Run by Family at 17:13:11.14 on Tue 09/22/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.133 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Aventail\Connect\as32svc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched... Read more

A:IE Browser Hijacked... Redirects to random sites/search sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner o... Read more

Read other 2 answers
RELEVANCY SCORE 50.4

Quite often when I click a link in a returned search result from a website like www.whitepages.com it takes me to an unwanted and unrelated site. I have read somethings online about a Google redirect virus but I am not seeing this happen while doing a Google search. It seems to happen when doing a search or sort on a website and then the results are returned and when I go to click on one of the results I get sent to a page I do not want. I read on a forum that DDS, Gmer, and Attach.txt files can be helpful to someone who reads this. Another site this happens regularly on is www.adam4adam.com
Thank you for your help.

A:Redirected to unwanted/random sites from good sites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 3 answers
RELEVANCY SCORE 47.6

Hello,

I'm having an issue where when I click on the result of an internet search, I am redirected to a non-related advertising type site. Also occasionally I will have the browser directed at some website and then all of the sudden a random window pops up with the same type of advertising type site as above.

It used to happen in both IE and firefox on both google and yahoo (possibly others, I only tried those 2). I have tried running Antivirus scans, malwarebytes and SAS. They found and removed a couple things, but no help. I then tried a system restore back to 2 weeks ago before I had any issues, but that also did not help. I've noticed now that it is only when I search using the integrated search area in the top right corner of IE (which is set to google). If I type in www.google.com in the address window, and then search from there, it does not redirect when I click on the results.

Thanks so much in advance!

Win XP Pro SP3, IE8

A:Random pop-ups and Search Result redirects to random sites.

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Read other 1 answers
RELEVANCY SCORE 45.2

Ok, so i had a virus on my computer a couple of days ago, " XP anti malware 2010 " !! i got rid of the virus. I used Malwarebytes anti' malware and SuperAnti spyware, spybot, AVG, Advanced system care and got rid of the virus !! so i used my computer regularyly now, and for some reason when im just using my internet ( Firefox ) i keep getting pop ups to random sites. some of them with viruses, and some prompting to download smthing with viruses. and also when i use google or any search enjine and i click on some link it takes me to the wrong siite, smthing really random, usually another search enjine that ive never heard of. the pop ups and the google redirects usually take me to the same site .

im about, to pull out my hair with this problem. when i scan with anything, im clean. so i really dont know whats going on. SOME ONE PLZZ HELP ME !!
I'm using a windows xp desktop,if that helps. and i also cant reinstall XP becase i dont have the CD, i dont have any cd's for my computer .

PLZZZZ HELP ME , THXXX !!

A:HELP!? I keep getting random pop-ups leading me to random sites!!

Also, just a few mins ago i got that nasty " blue screen of death " thing. it said a whole bunch of stuff but i just wrote down this :
:: _PAGE_FAULT_IN_NONPAGED_AREA
Technical Inforamtion:
:: -STOP: 0x00000050 (OXFBA8E4ED, 0X00000001, OX8O54BO4B, 0X00000000)

by the way i dont know if the zero or O's are zeros or O's srry ; )

Read other 11 answers
RELEVANCY SCORE 42.8

I'm having a very odd problem and was hoping someone could at least point me in the right direction. About a month ago, I lost the ability to log onto the Chase.com website. I can get to the homepage, but when I enter my username and password and hit submit, the page just times out. I have experienced the same issue with both IE9 and Google Chrome - both on the same PC and running under Win7 Professional 64 bit. What is interesting is that about a week ago, I lost the ability to log on with my Android Tablet.

My initial thought is that it was the router as both computers utilize the same router and cable modem, but my wife's laptop and my laptop both can still log onto the Chase.com website through the same router.

I have disabled both virus and firewall protection and still have the problem. I also noticed yesterday that another site had a similar issue when submitting a payment form. So, my thoughts went to it's an https: problem, but other secure sites work just fine.

I have VIPRE anti-virus (so does my laptop that works just fine) and I did a deep scan with no problems detected. I also ran Spy-Bot Search and Destroy with negative results.

Has anyone run across this before?

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz, Intel64 Family 6 Model 23 Stepping 7
Processor Count: 4
RAM: 8191 Mb
Graphics Card: NVIDIA GeForce GT 120,... Read more

Read other answers
RELEVANCY SCORE 42.4

Hi,

I've been having a problem whilst browsing. Any site I browse to or open from a link, loads a random site instead. And if I am lucky it will open the site I want, plus a random ASK.com search.

I have downloads and installed Adaware and Super Antispyware, but they come back clean. I've stopped what processes I dont recognise, clean out any startup items and emptied temp folders.

Any help will be greatly appreciated.

P.S. I also have Firefox installed and the same thing happens.

Deej
 

A:IE loads random sites

Download ComboFix here :

Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

Click me
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
 

Read other 3 answers
RELEVANCY SCORE 42.4

ANY HELP APPRECIATED IN DECIPHERING WHAT MIGHT BE CAUSING BOTH MY IE AND FIREFOX BROWSERS FROM REDIRECTING TO RANDOM SITES AND SOMETIMES THE TASK ENDS WITH AN ERROR. ALSO UNABLE TO ACCESS "REGEDIT," BLEEPINGCOMPUTER.COM, MBAM UPDATES, ETC. THANKS! HIJACKTHIS LOG BELOW: -----------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:00:16 PM, on 4/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\ehome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\System32\svchost.exeC: ... Read more

A:IE & FF Redirecting to Random Sites, etc.

Hi,Please download DaonolFix from the link below and save it to your DesktopDownload Mirror #1Double-click DaonolFix.exe to run it. Select 1. Find Daonol (no fix) by typing 1 and pressing Enter. You will see a lot of files being listed - don't worry, they are just being scanned.A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called DaonolFix.txt).Download ComboFix by sUBs from here or hereNote: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.**Save it to your desktop**We need to disable one or more of your security programs so that they do not interfere with ComboFix.Right click on the icon in the taskbar notification area & select "Disable Symantec EndPoint Protection".Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT logNotes:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know. ComboFix disconnects your... Read more

Read other 8 answers
RELEVANCY SCORE 42.4

Hi, I'm getting redirected to random websites when I click on a link in google. Also the websites that it gets redirected to are mostly bogus search engines. I was using a P2P program and shortly after i noticed i had this redirecting problem so I'm pretty sure I got it from using that. I'd appreciate any help you can give me as I really don't know how to fix this issue.

Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:53 PM, on 8/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\sy... Read more

Read other answers
RELEVANCY SCORE 42.4

A few days ago I got the windows xp 2010 mal ware. I followed some of the instructions i found on here to get rid of it. im not sure if something i did in that process was wrong, or if i ran into a completely different problem. Basically, the windows xp 2010 mal ware stuff stopped popping up. everything ran fine for like 30 minutes. then i noticed a started randomly getting those "wanring your system is infected please click here to complete scan" with a fake scanning looking pop up, it didnt look the same as the windows xp 2010 malware did either. it woudl let me exit out and it wouldnt pop up anymore so id run Malware bytes and everything would be fine. then a few time i got redirected to random sites.
Then yesterday I noticed everytime im online im constantly getting redirected. it started with clicking on links and also random new tabs would open and goto some site. (belgiumpersonals.com or yellowpages.com or weird ad sites). Now its like new browsers pop up, tabs open up, and almost every link i click on redirects in both firefox and IE.
I keep running malware bytes but the problem doesnt stop. im running an avg scan now.
what is happening and what do i do to fix it?
thanks to anyone who can help in advance

Read other answers
RELEVANCY SCORE 42.4

Every time I search for different things on google or yahoo, and I click onto the link it sends me to another random site. The site is rated as being bad, so I know I have some form of malware/virus. The only way to get to the site that I actually am trying to go to is by copying and pasting. And also sometimes on the little tab, a random site will just pop up into that whenever I never tried going to a site.

I have used Spybot S&D, Malwarebytes, SuperAntiSpyware. I also have scanned many times with Avira. Any advice?
If you still didn't understand, let's say I searched wikipedia in the search bar. Whenever the links pop up I can choose to click on, and I click on one of the links... It instead sends me to a random website.

Note: Also whenever I would shut down the computer, it would be stuck on the screen saying "Saving your settings". The only way I could actually shut it down is by holding the actual power button.

A:redirected to random sites?

Any kind of help would be greatly appreciated.

Read other 2 answers
RELEVANCY SCORE 42.4

Hey all,
I am having a nasty issue with my Laptop. Everytime I click on a search in Google it takes me to some Random sites. I have run Malwarebytes, SuperAnti Spyware, and Avg 9.0. Noneof them seem to find anything. I even downloaded and ran Panda Rootkit Remover and it found nothing. I just ran Hijack this and wondered if someone could look at the log and tell me if they see something. I really appreciate it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:40 AM, on 5/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\BisonC07\BisonM07.exe
C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\InstallShield\U... Read more

A:Random sites in google

Hello there Welcome to the TSG Forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.
Please note the following:

The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Step 1

Download OTS to your Desktop
Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Basic Scans please change the radio button under Registry from Safe List to All.
Under Additional Scans check the following:
Reg - Desktop Components
Reg - Disabled MS Config Items
Reg - NetSvcs
Reg - Shell Spawning
Reg - Uninstall List
File - Lop Check
File - Purity Scan
Evnt - EvtViewer (last 10)

Please paste the contents of the following codebox into the Custom Scans box at the bottom
Code:
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
scec... Read more

Read other 1 answers
RELEVANCY SCORE 42.4

Hello, I have tried going on forums and other things on google and it keeps redirecting me. I've already scanned with Search and destroy, malware bytes, and they say i have NO viruses. then i used CCleaner to clean my cache and it still didn't work. I used a proxy site and im able to use Google and it doesnt redirect me. Also im able to use Google's Cached Sites. Please help. -Sauvus
 

A:Redirecting me to random sites

Bump..
 

Read other 1 answers
RELEVANCY SCORE 42.4

It appears I am one of the unsophisticated users plaqued by this neferious affliction....
Thanks in advance....
DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/20/2006 4:01:02 PM
System Uptime: 4/24/2009 11:45:38 AM (4 hours ago)

Motherboard: Dell Inc. | | 0M3849
Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 48.661 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP587: 1/23/2009 7:21:14 AM - System Checkpoint
RP588: 1/25/2009 1:25:52 PM - System Checkpoint
RP589: 1/27/2009 10:31:46 AM - Installed Belkin 54Mbps Wireless Network Adapter
RP590: 1/27/2009 10:36:49 AM - Removed Belkin 54Mbps Wireless Network Adapter
RP591: 1/28/2009 10:55:06 AM - System Checkpoint
RP592: 1/29/2009 7:12:24 PM - System Checkpoint
RP593: 1/31/2009 10:42:12 AM - System Checkpoint
RP594: 2/1/2009 10:53:50 AM - System Checkpoint
RP595: 2/2/2009 6:14:21 PM - System Checkpoint
RP596: 2/3/2009 6:59:03 PM - System Checkpoint
RP597: 2/5/2009 6:42:06 AM - System Checkpoint
RP598: 2/7/2009 8:50:04 PM - System Checkpoint
RP599: 2/8/2009 9:08:41 PM - System Checkpoint
RP600: 2/9/2009 9:26:49 PM - System Checkpoint
RP601: 2/10/2009 10:19:34 PM - System Checkpoint
RP602: 2/10/2009 11:15:00 PM - S... Read more

A:Redirect to random sites

Hello komboking54,Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thankstea,

Read other 2 answers
RELEVANCY SCORE 42.4

I've been getting redirected to random sites when doing searches especially when using GOOGLE - but the same thing happens with any search engine. Sometimes I'll actually be on a page - and suddenly a random page opens up. I'm using IE8 - Windows XP SP3 - with all the automatic updates. I've use Maleware and spyware and virus software and nothing seems to find the little bugger that is causing this. I've attached a Hijack log file to this questions.
 

A:IE redirects to random sites

Read other 9 answers
RELEVANCY SCORE 42.4

I was infected with Antisyware Soft. I believe Combofix got rid of that. Then I got this redirect virus and the time on my computer is now in military time. It redirects every search I make. I have to operate it in safe mode now. Could you please help?DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by chris at 21:53:41.03 on Tue 05/18/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.190 [GMT -4:00]AV: avast! antivirus 4.8.1368 [VPS 100518-1] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\chris\Desktop\dds.scr============== Pseudo HJT Report ===============uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptopuInternet Settings,ProxyOverride = <local>uInternet Settings,ProxyServer = http=127.0.0.1:5555uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0 ... Read more

A:IE redirects to random sites

Hello slowhand361, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please Delete any previous copy of [b[Combofix[/b] from your desktop.2.Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4 Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) A black screen will appear and then disappear. Please do not worry, that is... Read more

Read other 12 answers
RELEVANCY SCORE 42.4

Hi, over the past couple of days I've noticed that whenever I click on a link from the list of a given search site that I get redirected to different websites that has anything to do what I actually clicked on. I tried using the GMER but system, sections, IAT/EAT, etc. everything below that to libraries is greyed out. The only options that are available to check/un-check are services, registry, files, C:\, ADS. I do have the DDS and Attach files just let me know what you will need me to do next.

A:Redirected to random sites

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 42.4

When I click on a link on google it takes me to a different site. I ran combofix and still have the problem.
Attached is combo fix log. I ran High Jack this but didnt see anything fishy.
Please HELP!!!!
John
 

Read other answers
RELEVANCY SCORE 42.4

I picked up a virus which totally paralysed my computer, however a local computer guy did what he does and removed it, however now i seem to have a redirect virus, and my guy is away for a while!

When i try to access a site that may contain help to get rid of it i get redirected, my email also wont open - clever really.

I have to go home download the program, then bring it back to work and so on.

I have got to the point where i now have a log file and was hoping someone can help.

I am on xp.

Logfile of HijackThis v1.99.1
Scan saved at 10:10:46, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\MessageStop\MessageStop.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Digimax Viewer ... Read more

Read other answers
RELEVANCY SCORE 42.4

For awhile now, periodically I will try to go to a normal site .. i.e. paypal, or even my bank, or my own website .. basically it is very random, and sometimes I will even be in the site and click on another link in the site to take me somewhere else in the site and all of a sudden i get an SSL Error message like this:

Sometimes I can google the site I want and find a different link to the site I want and it works, but mostly I have to reboot and sometimes that fixes that particular site and sometimes it doesn't, sometimes I have to clear the cache & cookies and still reboot, and sometimes I just have to wait a day or a few hours and all of a sudden I'll try and it works. I don't ever proceed anyway, I always go back to safety or close the window and try something else. It doesn't always take me to the same place either, it's different url's that it's redirecting to, but they all have this similar message.

I've tried as I said, clearing all of my history, cache, cookies etc. Someone told me to delete some of my certificates, and I did that, but I wasn't sure which one's to do, so I just picked some random ones that I had never heard of.

I've run my antivirus, I've run Spyware Doctor, and just the other day I did something called Hitman Pro and I think something called TDSS Killer. But, I got this one when going to godaddy today and I just finally am at wits end and every time I come here for a problem, you g... Read more

A:SSL Error on random sites? can't get rid of it

Is there anyone who can help with this?????? Or should this be posted in a different forum????? It's driving me crazy. Here's my latest error that I get when trying to login to my comcast account.
 

Read other 2 answers
RELEVANCY SCORE 42.4

Hi, I would aprpeciate any help you can give. When using Firefox, I keep getting redirected to random sites every once in a while,
the one recurring most often is Skype. I've run AdAware, Spybot and yahoo anti spy, but the problem persists.
DDS (Ver_09-03-16.01) - NTFSx86
Run by Laily at 15:40:40.41 on 17/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.2812.1074 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WacomTouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Fi... Read more

A:I'm being redirected to random sites...

all three of those products are anti-spy/adware...do you have an actual Anti VIRUS that you could run?MBAM (http://www.malwarebytes.org/) is quick and simple and is my first pick for a diagnostic, but there's plenty of others available too. using yahoo anti-spy: http://help.yahoo.com/tutorials/yop/olp2/antispy1.htmlListing of Anti-malware products: http://www.bleepingcomputer.com/forums/t/405/antivirus-antimalware-and-antispyware-resources/someone else will have to do the actual log reviews as I am slammed right now, but this shoud get you started. Good Luck.

Read other 5 answers
RELEVANCY SCORE 42.4

When I visit random sites my IE shuts down, no error message or anything, it just closes. If I have more than one window open they all shut down. This will happen every time I try to visit the same pages. My husband needs to get to his Yahoo NFL page and is beside himself, lol.

I've run Ad-Aware and Spy sweeper and then done my Hijack This. I was wondering if I should run CW Shredder, but I wanted to wait till you took a look. Also, I was the idiot who downloaded Error Guard after coming to the computer and seeing it on the screen after an unsuccessful Scan Disk. I assumed it was an actual warning from my computer, not realizing my daughter had been on the computer and taken the Popup Stopper off. Dumb me.

I did a search here and someone mentioned installing a newer version of Java. What do you think?

Thanks for looking!
Logfile of HijackThis v1.93.0
Scan saved at 1:38:13 AM, on 12/27/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb... Read more

A:IE shuts down at random sites

Read other 9 answers
RELEVANCY SCORE 42.4

i cant seem to get to some random sites, google, cnn for instance all do not connect, i've asked other people online and the sites seem to be up, i have no idea why this would start happening randomly
 

A:random sites not connecting

Please go to http://www.majorgeeks.com/HijackThis_d3155.html

Please note: When you download HijackThis put it in its own permanent folder like My Documents for example. DO NOT download to a temp folder or the desktop.

Launch program and click on the SCAN button. After scan click on Save Log . It should save to Notepad.

Click on Edit, then Select All. Then click Edit again then Copy. Then paste log back here in a reply.

DO NOT have HijackThis fix anything yet. Most of what it shows will be harmless / needed stuff. Wait for an expert to review it and advise you.
 

Read other 2 answers
RELEVANCY SCORE 42.4

Recently my laptop started opening IE itself.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:43 PM, on 8/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VB4tFPUl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\... Read more

A:IE opening itself and going to random sites

Anyone? It's not as bad as it was but is still happening.
 

Read other 2 answers
RELEVANCY SCORE 42.4

When I click on a link in Google it will open up the link, but also a new tab with some random site. Sometimes the site is sort of related to the links I'm clicking. Also new tabs will open up randomly without ever clicking a link, like a pop-up, always with a random site. I've run Malwarebytes free, IObit Advanced System Care free sometimes finding malware and removing it, but I still experience the random sites. Seems to happen less in Opera, more in Firefox and IE. I've looked at processes and can't seem to find any blatant offenders. I would totally read the forum tuts on how to remove it, but I don't know what "it" is. Thanks in advance, I really admire your guys' hard work.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 21:29:57.53 on Tue 05/17/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.339 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS�... Read more

A:I'm being taken to random sites, randomly

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 26 answers
RELEVANCY SCORE 42

I have a virus that keeps sending me to random sites. I ran hijack this and came up with this list. Any help would be muchappreciated, Thanks.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 3:14:54 PM, on 5/3/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\bgsvcgen.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\FolderSize\FolderSizeSvc.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program F... Read more

A:Virus sending me to random sites

Hello, TheDarnold.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksShould you still require assistance, please take note of the points below:Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad. The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.Please do not install, update, or run any programs for the duration of the fix.If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.If you are running Vista, please run all the fixes as an administrator. This is done by ... Read more

Read other 3 answers
RELEVANCY SCORE 42

Hello - When I search on google using either Firefox or IE, the results redirect me to seemingly random sites. I've tried disabling any add-ons that I think are running, scanned my computer a bunch with MSSE, but none of that helped. My friends have tried their magic (malwarebytes scans, avast scans, even combofix I guess) - but they don't seem to have the fu you guys do. Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by amlive at 3:09:57 on 2012-04-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2371 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe ... Read more

A:Google redirects to random sites

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

Read other 21 answers
RELEVANCY SCORE 42

DDS (Version 1.1.0) - NTFSx86
Run by Robert Henderson at 18:37:17.95 on Sun 01/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.520 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1&... Read more

A:seach links take me to random sites

I solved this problem by formatting the boot drive reinstalling the OS.

Not only would it misdirect search links, but it wouldn't allow me to get to the McAfee update link or install download link. Bad juju. Drastic measures were called for.

Thanks, anyway.

Read other 2 answers
RELEVANCY SCORE 42

I'm using Windows 8.1. The problems I'm having occur in Google Chrome.
 
I have no idea what happened, I didn't download or install anything, but since yesterday I get redirected to weird sites. It doesn't occur very often, but I don't trust it. I've been redirected 4 times now. In my history I see that I first get redirected to a youradexchange.com related website, and then to:
 
- ajyzz.promorewards.roadspace.biz
- 0vin60f6.com
 
When being redirected to 0vin60f6.com, AVG security popped up an alert about: "Exploit fake video player type 1750".
 
Of course I ran a full scan after this happened using AVG and MBAM, but they both found nothing. Then I ran AdwCleaner, which deleted some stuff, but this was not related to the problem I'm having now (I think). After that the redirecting occurred again, so I'm wondering what to do.
 
Thanks in advance for your time and help!

A:Redirect to random sites via youradexchange.com

I got the exact same thing yesterday, but I only ever got redirected once.

Read other 13 answers
RELEVANCY SCORE 42

Hi, Whenever I click on any link provided by any search engine in either Firefox or IE a new ta is opened and directed to any one of a number of random ad sites. Sometimes I can get around this by copying a web address and pasting it into the address bar, but often when I do this the site simply will not load. Spybot will no longer run, and AVG cannot connect to the update server. You will see on my DDS log that various proccesses have been "unexpectedly terminated." That's just me trying to fix my problem by blindly swinging a hammer (metaphorically).Here's the DDS log. Thank you and Good Luck. **Edit** Forgot to attach Attach.txt, here it is. **Edit**
 Attach.txt   13.04KB
  2 downloadsDDS (Version 1.1.0) - NTFSx86 Run by Drake at 15:13:13.30 on Fri 01/02/2009Internet Explorer: 7.0.6000.16643 BrowserJavaVersion: 1.6.0_03Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2047.1279 [GMT -8:00]AV: AVG 7.5.488 *On-access scanning disabled* (Outdated)============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\nvvsvc.exeC:\Windows\System32\svchost.exe -k secsvcsC:\... Read more

A:Constant Redirection to Random Ad Sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 42

Hi

I've had a problem for about 5 days now where every time i click on a search link in any browser and any search engine i get redirected to random websites.

I've ran sophos anti virus, malwarebytes and antispyware but nothing seems to fix this error. I've also uninstalled and reinstalled the different browsers to see if this makes a difference.

All 3rd party toolbars have also been removed from my browsers.

Can anyone please help me because i'm at breaking point!

A:Browsers keep redirecting to random sites

Hi snopake. Welcome to EightForums.

Try www.eightforums.com/showthread.php?t=3047

Read other 1 answers
RELEVANCY SCORE 42

Hello - first time post here.

I am working on my wife's computer which is running Vista Home Premium.

The machine had a nasty virus that pretended to be a antivirus program (called antivirus soft). I removed the virus or at least the main symptom of the virus (which was that it would not allow programs other than Internet Explorer to run) by running Malwarebytes and SuperAntiSpyware, both are the free editions. I scanned several times after removing infected files and both programs showed the computer as free from infection.

It is a week later and although there is no sign of the original virus, but Internet Explorer and Firefox are now redirecting me to junk websites when I click links from google searches. I have scanned the machine again using Malwarebytes, but the logs are showing the computer as clean.

Thanks in advance for any and all assistance.

A:IE and Firefox redirecting to random(?) sites

Hello and to BleepingComputer!GMER-------Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Make sure only the Sections option is checked, leave everything else unchecked!Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

Read other 8 answers
RELEVANCY SCORE 42

Certain sites wont load or I have to open a link in a new window to get it to load. Also, I get random pop-ups, even when I'm not online.
Please help me.

--

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:00 AM, on 6/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_06\bin\ju... Read more

A:Random Pop-ups and Sites Wont load

Quote:




Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.





Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

You are running HJT from a temp folder
C:\Documents and Settings\Kitti\Local Settings\Temporary Internet Files\Content.IE5\G48NFR7D\HijackThis[1].exe

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. For this reason it cannot be run from a Zip file or from Temporary folders because the backups will be deleted. Having the backups could be VITAL to restorin... Read more

Read other 1 answers
RELEVANCY SCORE 42

Well, I've been virus free for quite a while. However, I'm now getting some google redirects when doing searches, and some new tab popups in Firefox to advertising sites. Nothing malicious yet, but I'd like to nip this in the bud sooner rather than later. I did have a problem with not getting on the internet with my firefox or IE, but I've solved that, thanks to a pinned post on this site.

I would feel more confident having someone walk me through the steps to fix the redirection rather than try to copy someone else's posting.

A:Google redirect, some random sites pop up

Hello and welcome back.Please run these and post back the logs for review.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the to... Read more

Read other 9 answers
RELEVANCY SCORE 42

Hello, how are you doing. Lately I've been getting these popups that either lead me to these ambiguous websites or to well known sites like JCpenny's website. I think its because I watch TV series through surfthechannel.com because my AVG antivirus goes crazy when I go to these sites. I think it's caused by something related to digeste.dll because thats the name I keep seeing thats popping up. Also I might have something called virtumonde. I also sometimes get a random download to this pdf file out of nowhere. Thank you in advance.

Attached is my Attach.txt and gmer.txt

Here's my DDS:

DDS (Version 1.0) - NTFSx86
Run by WinXP at 15:11:29.04 on Sun 12/07/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.96 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRA... Read more

A:popups that lead to random sites

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 3 answers
RELEVANCY SCORE 42

If my computer is idle or if I am using it, a blogger page tries to load up and a host-domain site. The pages never load and is a different blog page each time. i have ran spyware doctor and bitdefender and nothing. please
help. Also the pages try to load every half hour. I am running firefox. Here is my log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:29 PM, on 10/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Windows\system32\isys32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Commo... Read more

A:random internet sites popping up

Hi and welcome to TSF.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------
Download combofix.exe to your desktop.
Disconnect from the internet....pull the plug!
Disable your real time protection of your Anti-Virus. Exit the program via the SystemTray icon.
Double click on combofix.exe & follow the prompts. Type "1" and press Enter to begin the scan.
When finished, it shall produce a log for you ( C:\ComboFix.txt ). Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------
Re-enable your Anti-Virus if it is not active...a reboot should have re-activated it.
Re-establish an internet connection.
Open HijackThis ... Read more

Read other 13 answers
RELEVANCY SCORE 42

Hello,
here's my problem, When doing google searches sometimes I will click on a link and get redirected to a totally different page. system is slow and sometimes freezes. My avg antivirus scan does not find anything. I followed the instructions prior to posting and I've attached the dds and gmer scans. I also have an error popping up at startup saying "rundll C:\windows\ujeledunmulo.dll cannot find the specified module" but this was happening before I was getting the google issue. Thank you very much for any help.

Daniel

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Daniele at 10.05.06,64 on 03/05/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1014.382 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Programmi\... Read more

A:Google redirecting to random sites

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 19 answers
RELEVANCY SCORE 42

My landlord switched routers last week, and now my internet is driving me crazy. Sites open very slowly, if at all(usualy i have to open the site several times before it loads), then i check the router log it says: Unrecognized attempt blocked from 153.5.48.231:34239 to 86.58.13.130 TCP:46451
The thing is, that if i download anything it works at normal speed, the problem is only when opening sites.
The router is a Level One FBR-1413TX and firmware version is R1.96j34

I'm fairly sure it's the router causing the problem, but i may be mistaken.

Any suggestions for a solution?
 

A:Router blocking random sites

Well, if the router changed and at the same time you started having this issue, I'd say you have diagnosed it correctly.
 

Read other 1 answers
RELEVANCY SCORE 42

hiya, i have got a big problem with me pc.... everytime i click on a link off google (eg. an article of wikipedia).. it forwards me to some random virus check websites which i kno it is not right... anyway here is the log

Thanks!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:46, on 02/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Aaron Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceSer... Read more

A:Spyware - Forward Me To Random Sites

anyone
 

Read other 1 answers
RELEVANCY SCORE 42

For the last week or so, I've had this problem where anytime I click on a site I want to visit from from a Google search, I get redirected to another website. Usually it's some advertisement or gimmick type thing related to my search, and occasionally it's a malicious site that tries to give me a virus. Sometimes, a new tab randomly opens by itself with the same websites too. If you look up at the search tab where there's a logo of the website you're on, it's always a blue squiggly line or a green globe looking logo.The problem seemingly originated when I got some malware trying to sell some fake anti-virus product. I've had that problem multiple times and I've been able to get rid of it with a combination of MalwareBytes, Spybot S&D, rkill, combofix, you name it. The search redirecting always seems to be associated with the fake anti-virus malware, and in times past, as soon as I've gotten rid of the fake anti-virus messages, the search redirecting problem is also fixed. I wasn't so lucky this time.I'm running Zone Alarm Security for both firewall and anti-virus. I've tried endless combinations of uninstalling Firefox, uninstalling MalwareBytes, re-installing MalwareBytes, and the same with Spybot. I've also used combofix with my anti-virus and firewall turned off. I read maybe it was a problem with my hosts file, with extra IP addresses or something, but I checked and there was only my 127.0.0.1 local host.I've bee... Read more

A:Firefox keeps redirecting to random sites

Hello I see you are new so welcome!! I also see you are having a tough time posting to get help.We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Include the ComboFix log you have and the DDS and GMER logs you will create in the Prep guide..Let me know if that went well.

Read other 1 answers
RELEVANCY SCORE 42

Hi,
I just got this computer& usred. The cursour jumps around, won't let me tyrpe. I was told to scan it fist with malware bytes. tred to. didn't remove the problem. Please help.
Not sure how to be clearer. it's hard to ty pe this with this jumping around thing.

th
anks
,
Jenn

A:Cursor jumping around. Was going to random sites.

Are you saying that you got used computer?

Read other 3 answers
RELEVANCY SCORE 42

While doing research on lighthouses googled images and clicked on thumbnail which redirected to search site. Then all browser searches will redirect to random site. Bing, Google, Yahoo, MSN it does not matter which search engine. If you click on a result you will be redirected. You can however, cut and paste the item or highlight the webpage information and tell it to open in a new tab or window and it will go to the correct site. The redirect is different each time and it does not matter which browser is being used Firefox 4.0 or IE 8.

I have scanned with Trendmicro, Spybot, Malwarebytes, Trojan Remover, Browser highjack remover and nothing can find anything. They find a few cookies and that's all. I can not put a name to the maleware, I have looked in the registry as noted in various forums and do not see what others have found and fixed. Very perplexing problem that I seem to have picked up which is driving me crazy.

I noticed that it always changes addresses to the below after clicking on a search result in this case hilton:

hxxp://www.gnnrtoehigoa.com/search.php?q=hilton%2Bhonors&n=1303736867

then it goes to a random site, when I did web search for gnnrtoehigoa it returns sites with gonorrhea. It seems my PC has an affliction that is a code word for an STD.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Me at 8:34:29.62 on Mon 04/25/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Enterprise 6.1.7600.0.1252... Read more

A:All browsers being redirected to random sites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 13 answers