Over 1 million tech questions and answers.

Intranet Sites Redirected to Other Internet Sites

Q: Intranet Sites Redirected to Other Internet Sites

Hi Guys,

Original post:

http://www.techsupportforum.com/f100...es-368470.html

Im new here. Please help me on this. Everytime I tried to browse to our intranet sites, it redirects me to some 'malicious' internet sites. I can't access all of our intranet sites now, since last week. And a lot of pop ups are showing whenever I tried to browse the web, very irritating..

Your help will be greatly appreciated..

=============== DDS.txt ===========================

DDS (Ver_09-03-16.01) - NTFSx86
Run by ADMIN at 11:31:27.28 on Mon 04/20/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.328 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Microsoft Forefront Client Security *On-access scanning enabled* (Updated)
FW: Sygate Security Agent *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Sygate\SSA\smc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\DOCUME~1\tlaparan\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\MKXBN2RY\sdsetup[1].exe
C:\DOCUME~1\tlaparan\LOCALS~1\Temp\is-5Q85O.tmp\sdsetup[1].tmp
C:\Documents and Settings\tlaparan\My Documents\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Windows Internet Explorer provided by xxxADMINxxx
uStart Page = hxxp://signals.corpnt.analog.com/default.aspx
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {91bf2057-84e7-4d2e-954a-7d2a66018904} - c:\windows\system32\jopafuyi.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Desktop Calendar] c:\program files\desktop calendar\CanDesk.exe 9
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
mRun: [SmcService] c:\progra~1\sygate\ssa\smc.exe -startgui
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [depivatuvu] Rundll32.exe "c:\windows\system32\feyumaze.dll",s
mRun: [f4ace796] rundll32.exe "c:\windows\system32\tawagifi.dll",b
mRun: [CPMf79fd40a] Rundll32.exe "c:\windows\system32\pomijowu.dll",a
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoAutoUpdate = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoOnlinePrintsWizard = 1 (0x1)
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: sumtotalsystems.com\analog
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02E09B2E-2A03-4572-9291-69900C068564} - hxxp://www.learnitcorp.com/cabs/lcsim.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211959445300
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\vizaleso.dll c:\windows\system32\kulofuvo.dll c:\windows\system32\pomijowu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pomijowu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\pomijowu.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli c:\windows\system32\vizaleso.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-20 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-16 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-16 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-16 108552]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2008-3-12 8576]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-16 298264]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2008-7-9 18704]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2007-4-6 73120]
R2 MOM;MOM;c:\program files\microsoft forefront\client security\client\microsoft operations manager 2005\MOMService.exe [2005-7-21 134656]
R2 VPCAppSv;Virtual PC Application Services;c:\windows\system32\drivers\VPCAppSv.sys [2002-5-21 10374]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2006-7-27 9433]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2006-7-27 115008]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-20 348752]
S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-20 1095560]
S3 magaService;Lan Discover Agent;c:\program files\sygate\ssa\maga\Maga.exe [2005-1-28 323658]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2009-04-20 11:19 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-04-20 11:18 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-04-20 11:18 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-20 11:17 <DIR> --d----- c:\program files\common files\PC Tools
2009-04-20 11:17 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-04-20 11:17 176 a------- c:\windows\wininit.ini
2009-04-20 11:16 <DIR> --d----- c:\program files\Spyware Doctor
2009-04-20 11:16 <DIR> --d----- c:\docume~1\tlaparan\applic~1\PC Tools
2009-04-20 11:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-04-20 10:02 <DIR> --d----- c:\program files\Trend Micro
2009-04-20 07:20 1,409,567 ---sh--- c:\windows\system32\ifigawat.ini
2009-04-16 15:21 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-16 15:09 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-16 15:09 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-16 15:09 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-16 15:09 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-16 15:09 <DIR> --d----- c:\docume~1\tlaparan\applic~1\AVGTOOLBAR
2009-04-16 15:08 <DIR> --d----- c:\program files\AVG
2009-04-16 15:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-16 08:12 1,411,370 ---sh--- c:\windows\system32\uwedevag.ini
2009-04-13 11:54 <DIR> --dsh--- c:\windows\ftpcache
2009-04-04 11:17 217,088 a------- c:\windows\system32\libmySQL.dll
2009-04-04 11:17 102,400 a------- c:\windows\system32\TrackerNET.dll
2009-04-04 11:15 86,016 a------- c:\windows\unvise32.exe
2009-04-03 07:27 231,936 a------- c:\windows\system32\SNWValid.dll
2009-04-03 07:27 1,022,976 a------- c:\windows\system32\SierraNW.dll
2009-04-03 07:27 <DIR> --d----- C:\SIERRA
2009-04-03 07:27 <DIR> --d----- c:\program files\Sierra On-Line
2009-04-02 16:33 500 a------- c:\windows\SIERRA.INI
2009-04-02 11:55 <DIR> --d----- C:\cstrike
2009-04-01 15:34 <DIR> --d----- c:\documents and settings\tlaparan\Phone Browser
2009-03-31 07:51 <DIR> --d----- C:\Files

==================== Find3M ====================

2009-04-20 07:18 89,088 a--sh--- c:\windows\system32\pomijowu.dll
2009-04-20 07:18 47,104 a--sh--- c:\windows\system32\ligamosa.exe
2009-04-20 07:18 81,408 a--sh--- c:\windows\system32\tawagifi.dll
2009-04-17 07:18 50,688 a--sh--- c:\windows\system32\tiworita.dll
2009-03-09 15:11 126,232 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-02-18 08:27 286,720 -------- c:\windows\Setup1.exe
2009-02-09 18:19 1,846,272 a------- c:\windows\system32\win32k.sys
2008-09-12 10:33 0 a------- c:\program files\net
2008-08-27 11:19 1,077,801 a------- c:\program files\TBankCE Source Code.zip
2008-06-04 12:05 872 a------- c:\program files\ZebraFile.txt
2008-04-23 11:14 1,458,176 a------- c:\program files\common files\MergeSplit.exe
2008-02-29 07:43 0 a------- c:\program files\temp01
2007-05-22 12:17 414 a------- c:\program files\common files\MergeSplit.exe.config
2007-05-21 13:49 8,144 a------- c:\program files\common files\dsReport.xsd
2007-05-11 12:07 13,927 a------- c:\program files\Text2PDF v1.pdf
2007-04-25 11:32 864,256 a------- c:\program files\common files\Rejects Barcoding.exe
2006-10-10 11:16 3,680 a------- c:\program files\common files\dsReports.xsd
2006-09-11 08:30 774,144 a------- c:\program files\RngInterstitial.dll
2006-09-01 10:31 638,976 a------- c:\program files\common files\SubConReceiving.exe
2006-09-01 10:28 189 a------- c:\program files\common files\SubConReceiving.exe.config
2006-08-30 11:57 106 a------- c:\program files\common files\Rejects Barcoding.exe.config
2006-08-23 15:18 712,704 a------- c:\program files\common files\Withdrawal.exe
2006-05-14 11:59 301 a------- c:\program files\common files\Withdrawal.exe.config
2006-05-10 04:09 64,088 a------- c:\program files\common files\Microsoft.Vbe.Interop.dll
2006-05-10 04:09 223,800 a------- c:\program files\common files\office.dll
2006-03-15 16:04 16,384 a------- c:\program files\common files\stdole.dll
2005-09-01 14:30 5,632 a------- c:\program files\common files\PlayWavFile.dll
2005-08-12 10:40 6,144 a------- c:\program files\common files\classMail.dll
2005-08-05 11:36 1,462 a------- c:\program files\common files\dsOrderDetails.xsd
2005-07-26 09:55 1,146 a------- c:\program files\common files\dsHistory.xsd
2005-07-18 10:42 1,661 a------- c:\program files\common files\DSRReport.xsd
2005-06-09 17:10 1,116 a------- c:\program files\common files\DSError.xsd
2005-05-30 12:46 24,576 a------- c:\program files\common files\classFTP.dll
2004-12-28 11:54 5,344 a------- c:\program files\TBankFTP.zip
2003-01-16 14:27 7,168 a------- c:\program files\common files\EnvironmentInfo.dll
2001-11-27 12:13 200,704 a------- c:\program files\common files\DartVt.dll
2001-11-27 12:13 36,864 a------- c:\program files\common files\Interop.DartVt.dll
2001-11-27 12:13 28,672 a------- c:\program files\common files\AxInterop.DartVt.dll
2001-11-27 12:12 114,688 a------- c:\program files\common files\DartTelnet.dll
2001-11-27 12:12 32,768 a------- c:\program files\common files\Interop.DartTelnet.dll
2001-11-27 12:12 13,312 a------- c:\program files\common files\AxInterop.DartTelnet.dll
2001-11-27 12:12 212,992 a------- c:\program files\common files\DartSock.dll
2001-11-27 12:12 45,056 a------- c:\program files\common files\Interop.DartSock.dll
2009-01-17 07:19 50,688 a--sh--- c:\windows\system32\feyumaze.dll
2009-01-17 07:19 50,688 a--sh--- c:\windows\system32\jopafuyi.dll
2009-01-17 07:19 50,688 a--sh--- c:\windows\system32\vizaleso.dll

============= FINISH: 11:32:34.54 ===============

RELEVANCY SCORE 200
Preferred Solution: Intranet Sites Redirected to Other Internet Sites

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Intranet Sites Redirected to Other Internet Sites

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, AVG and Microsoft Forefront Client Security. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the other via Add or Remove Programs in your Control Panel.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

Read other 9 answers
RELEVANCY SCORE 114.4

Hi Guys,

Im new here. Please help me on this. Everytime I tried to browse to our intranet sites, it redirects me to some 'malicious' internet sites. I can't access all of our intranet sites now, since last week. And a lot of pop ups are showing whenever I tried to browse the web, very irritating..

Your help will be greatly appreciated..

Here's my log from HijackThis. I don;t have any idea how to interpret this..
-------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:13 AM, on 4/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\Ccm... Read more

A:Please Help. :( Intranet Sites Redirected to Other Sites

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 113.2

Hello
We are testing Windows 10 1703 prior to rolling it out to our estate and have come across an issue with Internet Explorer Site Zoning and just wondering if anyone else has seen the issue.
So on Windows 7, 8.1 and Windows 10, 1511 and 1607 using IE11. We have a SharePoint intranet site setup on intranet.example.co.uk. We use a proxy so we have a list of sites that by pass the proxy so for example we have *.example.co.uk in the bypass
proxy exceptions. On the above clients OS we browse to the site in IE and it loads, checking the zone it has picked it up as 'Local Intranet' so seems to use the 'Automatic logon on in Intranet Zone' setting. - all good.
Just for clarity these settings are same in IE on all versions. as are the default security options.

When we do the same thing on Windows 10 1703 it results in the user being prompted for credentials. the same proxy exceptions settings are applied as above. Entering the username/password allows access to the site. Checking the zone and the site is
being seen as an 'internet site'. This issue also appears in Chrome and Edge and only on Windows 10 1703
Adding intranet.example.co.uk to the bypass list makes no difference either, the only thing that does work is by adding intranet.example.co.uk into the Local Intranet Zone sites list - again all other settings are the same as above and work on
previous versions of Windows.
So the question is has Microsoft changed something in IE o... Read more

Read other answers
RELEVANCY SCORE 100.8

IE11 tel: Link does not work in trusted sites or intranet sites
If the site is in internet zone the link does work.

Any hints for a fix?

Read other answers
RELEVANCY SCORE 91.6

Hello,
Is there Registry key to uncheck Display intranet sites in Compatibility View from Internet Explorer ?

-Subramani

Read other answers
RELEVANCY SCORE 89.6

Quite often when I click a link in a returned search result from a website like www.whitepages.com it takes me to an unwanted and unrelated site. I have read somethings online about a Google redirect virus but I am not seeing this happen while doing a Google search. It seems to happen when doing a search or sort on a website and then the results are returned and when I go to click on one of the results I get sent to a page I do not want. I read on a forum that DDS, Gmer, and Attach.txt files can be helpful to someone who reads this. Another site this happens regularly on is www.adam4adam.com
Thank you for your help.

A:Redirected to unwanted/random sites from good sites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 3 answers
RELEVANCY SCORE 87.6

I have a virus on my computer that is blocking access to all antivirus web sites and is also redirecting other sites to other sites such as Shopica or Find Stuff. I ran MalwareBytes, which removed a number of bad registry keys and files, but the problem persists. I also have Norton Internet Security installed. Here is my HiJackThis log. Your help is much appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:16:30 PM, on 1/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Maxtor\Sync\SyncServices.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\BCMSMMSG.exeC:\WINDOWS\system32\dla�... Read more

A:Can't access anitvirus sites and other sites are redirected

Hi, veganrich Welcome. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
... Read more

Read other 2 answers
RELEVANCY SCORE 84.8

I keep clicking on links and getting sent to places like icityfind.com or clickbattery.org. I've tried running all kinds of malware removal software, but to no avail. At a loss as to where I should go from here.

Read other answers
RELEVANCY SCORE 84.8

I keep getting redirected from links I click on and I can't access gmail. I have run Avira Antivirus software which says I'm clean, and then I've run SuperantiSpyware Free which says I have 4 infections but once I quarantine them the problem still comes back. Here's the log I have from the SuperAntiSpyware Free:SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 08/25/2010 at 06:30 AMApplication Version : 4.41.1000Core Rules Database Version : 5402Trace Rules Database Version: 3214Scan type : Quick ScanTotal Scan Time : 00:06:24Memory items scanned : 674Memory threats detected : 0Registry items scanned : 2780Registry threats detected : 4File items scanned : 186File threats detected : 0Rogue.AntivirusSoft (x86) HKU\S-1-5-21-199889619-651628080-74377490-1000\Software\avsoftMalware.Trace (x86) HKU\S-1-5-21-199889619-651628080-74377490-1000\SOFTWARE\AVSUITESecurity.HiJack[ImageFileExecutionOptions] (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CTFMON.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CTFMON.EXE#DebuggerI get this message from firefox when I try to go to gmail:www.google.com uses an invalid security certificate.The certificate is not trusted because it is self-signed.The certificate is only valid for 78-159-121-201.local(Error code: sec_error... Read more

A:Redirected from internet sites/searches

Hi dhwood83,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will re... Read more

Read other 19 answers
RELEVANCY SCORE 84.8

I have been dealing with this issue for a few months and I just did some checking on the internet and it looks like it might be a virus. When I do a google search and then click on a link, it redirects me to another website. Also on occasion when I am on a site such as facebook and click a link a new tab opens up and a website for work at home moms opens up which is very hard to close. I did have the windows 7 security warning virus right before this happened, but I thought I got rid of it with rkill and malwarebytes anti malware which I still have running on my computer. I am afraid to do anything else to my computer without some advice. I am running Windows 7 professional and I use mozilla firefox. Please let me know what other information you will need.

A:Internet sites redirected - virus?

Hi MAMABOST, and welcome to the forums!! My name is bloopie and I'll be helping you for now.Let's try to get some logs from your computer:First please post the last log from MBAM that you ran. The file can be located by opening MBAM and clicking the "Logs" tab at the top and double-clicking the most recent scan. Copy and past that scan here.Please re-run Rkill, and without rebooting:Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList DevicesList Users, Partitions and Memory size.List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.============================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randoml... Read more

Read other 11 answers
RELEVANCY SCORE 84.8

Doing google searches and trying to click on the link of a site choice...we're getting redirected to odd sites - like a search for med centers, I click on the med center in our area that comes up in the google search and it took me to a site called searchfindsite! hXXp://www.searchfindsite.com/6952/search....69b&cid=BPO.I choose a google search for Petsmart, click on one of the choices which shows a web address of training.petsmart.com/. But what comes up is hXXp://www.allgive.com/alt/results.php?sea...a87&cid=BPO. NOTHING related to petsmart.We run firefox only and have Windows XP Professional and have symantec endpointe and a firewall. I ran the scans, nothing came up. Any ideas? This started this morning after paying a bill at a secure connection online.Thanks,Marg

A:Internet Searches being redirected to odd sites

Hello,welcome... Let's do these next.Please download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an u... Read more

Read other 4 answers
RELEVANCY SCORE 84.8

Please Help me, Everytime I surf the internet and try to visit certain websites I am redirected to a site named wellaction and also when searching on google I am redirected to other websites after clicking links. I've read a little on this forum about "wellaction" and it seems like it can be removed with some help. Please can anyone help me???

A:being redirected to wellaction and other sites on the internet.

I'm not an official helper here but I have just cured this problem by resetting my router to factory defaults. I think the "use this DNS address" had been selected and set to do this. I reset to "use ISP's DNS".
Thanks to all the full time helpers I have learned a lot reading your replies.
Hope I'm not out of order for jumping in here.

Read other 1 answers
RELEVANCY SCORE 84.8

I can not consistently load pages using IE8 on my local intranet. I never receive a "page not found" error. You just get a "wait for..." message in the progress bar and nothing ever happens.

This only affects my PC. All other PCs in the network load the pages without issue.

I do develop web applications on this PC, so not sure it software or settings on my PC are preventing a consistent load.

Any help is appreciated.
 

A:IE and Intranet sites

Read other 7 answers
RELEVANCY SCORE 84

Hello Everyone!I am a novice when it comes to Computers and need help cleaning up my computer.Here is my problem. I had a virus on my computer that I believed was the S.M.A.R.T. HDD. It would show a realistic scan that said I had hard-drive problems. After doing some research, I found my fix on bleeping computer. I used RKill and malwarebytes and eliminated the virus. My computer no longer shows the previously explained problem.My current issue is that my files still appear to be hidden. Also, when in Internet Explorer 9, some of my searches are redirected to wierd websites. I am hoping that there is still lingering elements of a virus, I would like help treading through that process.Thank you in advance,jpeadon16Edit: Moved topic from Introductions to the more appropriate forum. ~ Animal

A:Internet Explorer is redirected to wierd sites

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 29 answers
RELEVANCY SCORE 84

Did a google search, when I clicked on the link, I was redirected to a link that was not the one I clicked on. I went back to google search and tried another link and the same issue. I keep getting redirected to other sites. I also tried to use bing, ask, and yahoo and the same problem. I have ran malwarebyte's anti-malware and super antispyware and didn't found anything. Please help.DDS (Ver_10-03-17.01) - NTFSx86 Run by Tanya Vaughn at 16:41:40.47 on Fri 06/11/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.66 [GMT -4:00]AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Exp... Read more

A:Internet search links redirected to different sites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

Read other 22 answers
RELEVANCY SCORE 84

Hi, I have a real issue with malware and viruses that most of the scans I have run cannot clean. My internet sites frequently get redirected to varoius malware sites and generally, my system is very very slow. Please help before I wantonly destruct my PC.

My hijackthis log is posted below... Thanks for looking into this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:26 PM, on 19/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\On Screen Display\Hotkey.exe
C:\Program Files\Battery miser\batterymiser.exe
C:\Program Files\Bi... Read more

Read other answers
RELEVANCY SCORE 84

I am unable to activate any antivirus or antispyware programs. When searching the net I am constantly redirected to strange sites, some may be lamp searches of all things. This computer is an Acer Aspire M1100 with an AMD Athlon X2 Dual Core Processor NE-2350 2.10 GHz. It is a 32 bit operating system with 2 gb of ram runnings windows vista. Any help would be greatly appreciated.
Thanks
Shannon
 

A:Internet connection is redirected to unwanted sites

Hello there Welcome to the TSG Forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.
Please note the following:

The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please refrain from doing any fixing of your own while I am assisting you with this problem. I need to keep track of what is going on as the order in which we do things can often be important.
If this is a company owned system or a work computer let me know.
Please reply to this thread. Do not start a new topic.

Step 1

Download OTS to your Desktop
Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Basic Scans please change the radio button under Registry from Safe List to All.
Under Additional Scans check the following:
Reg - Desktop Components
Reg - Disabled MS Config Items
Reg - NetSvcs
Reg - Shell Spawning
Reg - Unin... Read more

Read other 1 answers
RELEVANCY SCORE 82.8

trying to fix my sisters netbook that she's been unable to use for months. I removed trojan viruses from it in december with my paid version of webroot anit-virus. It's no longer on the computer (guessing my sis or brother in law deleted it) .. I can get to google on it but that is about all, every other site gets redirected to random add sites. it's been pretty much unusable.

hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:19:17 AM, on 2/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Pro... Read more

Read other answers
RELEVANCY SCORE 82.8

Hi

I'm not sure that anyone can help me with this problem but I'd like to ask.

DETAILS:

IBM Thinkpad T22 Laptop
Windows 2000 Professional

A user at our company connects to an internal intranet website. The web server is located in the US (we are in the UK) and so its a bit slow but ok.

When he gets to a certain site he clicks a link that should open an Excel document. He clicks the link and his pc appears to freeze up. I checked task manager and IE is still running, cpu usage is around 3%. If you wait for 8 minutes (timed it a few times) the document opens up fine.

I logged the user off and logged on as myself. I accessed the link and the document opend up with 10 seconds!

Things I have tried:

1. Ran an IE browser repair.
2. Rebuilt the users Windows 2000 Profile.
3. Deleted Temp Internet Files including Index.dat
4. Detect and Reapir in Excel (just in case!)

Its not a major problem but the document should open up in about 10-15 seconds instead of 8 minutes.

Does anyone have any suggestions for me?

Regards

Pileyrei
 

A:Problems accessing intranet sites

Anyone?
 

Read other 1 answers
RELEVANCY SCORE 82.8

I am using the browser Internet Explorer7 . I am trying to open the 'Local Intranet' sites but i am unable to open the local sites. Please any one help me to open the local intranet sites using IE7 browser.

Thank You,
Jug

A:Can't Open Local Intranet sites Using IE7

what happens when you try and open them

Read other 2 answers
RELEVANCY SCORE 82

I have, what seems to me, a strange problem. The company I work for uses sharepoint for our intranet sites (no, this is not a sharepoint question) and we have recently upgraded to a new version. When we upgraded, the site now needs to be added to the local
intranet site list in order for it to automatically receive windows log in credentials and log users in to SharePoint. This is a simple fix, I have done it on dozens of machines, but on a select few the fix doesn't seem to work. Whenever I add a website to
the intranet sites list, it acts as if it was added... then as soon as I close the dialog box that is used to enter and display this info, it's gone, and by gone I mean I open back up the box and it has disappeared from the list. There is no trace of me ever
having changed a setting. There are currently no GPOs active that would cause these to be taken out of the list, I have tried adding the sites directly into the registry and they disappear there too, I'm not sure if this is the right place for my question
but I figure it's a start. So again:
Problem: Sites do not stay in proper security zone, all traces of them existing are erased on closing of dialog box.

Troubleshooting Done so Far: Tried directly placing in registry, no fix. No GPO's are active to remove said sites from zones.

A:IE 11 - Intranet sites added to list do not stay

Hi,
"but on a select few the fix doesn't seem to work"
Confused with this sentence, does this issue only occur in a specific PC\user account?
Have you tried the suggestion mentioned in the your original thread to reset IE, test the result?
What about other security zones, like Internet or trusted zone? Are there any other websites under the Intranet zone? Though you mentioned that these's no GPO applied to control this, I still recommend you run cmd rsop to check the settings applied
on this machine and user account.
Yolanda Zhu
TechNet Community Support

Read other 4 answers
RELEVANCY SCORE 81.6

I have a problem.....I have go-back drive available on my computer....but I do not want it to revert any of the internet sites or chats from the past. What can I do to make sure that no recovery of these sites/chats can be restored at a later date (either from Wildfire or any other recovery disc)? Thanks Dana Potter
 

A:eliminating access of recovery/go-back drives to all internet sites and chat sites vi

Hiya and Welcome

I assume these chats are done via web sites. The best way to safeguard yourself if you don't want these ever to be recovered is to Wipe them.

You won't be able to wipe direct from your Temperory Internet Folder. What you need to do, is go to Find Files and ensure that the Look In is set to your Tempory Internet Folders.

Then type in *.jpg, *.gif, *.bmp, *.html, and anything else that is in there. Once they come up, you will be able to wipe. Use a 7DoD wipe.

Best product is BCWipe from www.jetico.sci.fi/bcwipe.htm

Regards

eddie
 

Read other 1 answers
RELEVANCY SCORE 81.2

hi ,i have a dell inspiron 5160 with windows xp,panda titainium 2007 antivirus and firewall , its regulary updated and level is high . when on internet using search engines (google + ask ) say i look for mechanics and i get a list as normal, if i click on one i then get redirected and jumped to specific random sites . i managed to catch web address,s when jumping, www.aut.com/.1php?qq=mad search and 64.28.189.50/click?c= . also smartbizsearch.com/search.php?q=media&sa=.... i get spyware alerts and hacking tools which panda titainium blocks and neutralizes . Exploit/iframe periodically rears its ugly head also.i had a page pop up from panda stating it deleted Exploit/iframe from computer when i tried to use your scan on your home page ???.
I have tried to download and use lavasoft,s pc doc and panda security,s activescan 2.0 to scan for malware , they download but encounter problems when trying to update , I foolishly tried another site which looked like a microsoft site ( antivirus 2009) with the shield ,it scanned computer and alledged it found 36 virus,trogens, malware and it lodged itself in laptop with pop ups appearing constantly ,i managed to delete all but one file it downloaded , it being a write protected file it seems to have gone dorment .the laptop as a whole has slowed . i have included the log file from "hijack this" to the paperclip attachments section , hope you can help . many thanks ian
 

A:internet explorer, redirected to sites,spyware and hacking tool alarms

Read other 12 answers
RELEVANCY SCORE 81.2

Good morning. Have been having lots - and I mean lots - of problems with computer booting up and shutting down. Have had to shut down from tower more times than I like to think about. My computer is a Penium III and I am using Windows 98. I read in one of the threads here about the restricted and trusted sites listed in the "tools internet options". When I went there and looked at the restricted sites listed I was amazed. There are things there that I have no idea what they are or where they come from. I did find "coolwwwsearch" listed there several times (and I have been trying to find this forever!) My question is: Do I have to have any of these things listed there? and Is there someway to keep them from coming back if they are deleted? I made a list of some of the things listed there but there are many many more: *Blazefind.com, Kliksearch.com, *zoofil.com; *cameup.com; www. gohip.com, *search.rub.to, *duolaime.net, revolto3.da.ru - and the list goes on an on. I also found numerous sites which appeared to be porn sites and I have already deleted those (at least I hope I got them deleted). Any ideas? Will be leaving for work shortly but will be back after 6:00 p.m (EST) and will check back for any ideas or help. Thanks so much for all your valuable anticipated help.
 

A:sites lissted as restricted sites in Internet Options Security??

Read other 6 answers
RELEVANCY SCORE 81.2

how can I enable this option ( display intranet sites in compatibility view ) in IE 11

Read other answers
RELEVANCY SCORE 81.2

Hello,

My computer is automatically redirecting me searchalligator.com for either single word address bar searches or when looking up intranet sites (but not connected to my intranet via vpn).
This line item pops up every few seconds in my TCP view and the IP address resolves to searchalligator.com. Please help.

I am on a wireless network, if that makes any difference.

Here's my tcpview:
AppleMobileDeviceService.exe 268 TCP 127.0.0.1 27015 0.0.0.0 0 LISTENING
CcmExec.exe 3800 UDP 127.0.0.1 2553 * *
cvpnd.exe 680 TCP 127.0.0.1 62514 127.0.0.1 2487 ESTABLISHED 488 24,400 488 7,808
cvpnd.exe 680 UDP 127.0.0.1 62514 * *
iexplore.exe 1016 UDP 127.0.0.1 1522 * * 1,334 1,334 1,335 1,335
iexplore.exe 3020 UDP 127.0.0.1 1873 * * 20 20 21 21
iexplore.exe 3020 TCP 192.168.0.100 3220 204.2.187.17 80 ESTABLISHED
iexplore.exe 3020 TCP 192.168.0.100 3221 204.2.187.17 80 ESTABLISHED
iexplore.exe 3020 TCP 192.168.0.100 3222 204.2.187.17 80 ESTABLISHED
iexplore.exe 3020 TCP 192.168.0.100 3223 204.2.187.17 80 ESTABLISHED
iexplore.exe 3020 TCP 192.168.0.100 3225 204.2.187.17 80 ESTABLISHED
iexplore.exe 928 TCP 127.0.0.1 3231 127.0.0.1 5152 FIN_WAIT2
jqs.exe 1692 TCP 127.0.0.1 5152 127.0.0.1 2938 CLOSE_WAIT
jqs.exe 1692 TCP 127.0.0.1 5152 0.0.0.0 0 LISTENING
lsass.exe 1728 UDP 0.0.0.0 500 * *
lsass.exe 1728 UDP 127.0.0.1 2500 * *
lsass.e... Read more

Read other answers
RELEVANCY SCORE 80.4

Hello, i'm really clueless as to my next, step possibly a re-install of windows if no one here can help.

i have a laptop and another PC both networked to my PC using crossover cables. 2 network cards in my computer bridged and ICS shared over the bridge. Both can access the internet with no problems using internet explorer, MSN etc.

My PC however will only do the following:

Ping IP addresses/domain names
allow a bit torrent client to download files
allow a poker program to run online
update ad-aware definitions

It will not:

open web pages using Internet Explorer or Firefox
sign into msn (has once or twice since this problem started)

I have scanned with ad-aware and norton 2007 both up to date, found some things and fixed them but still not working.

HijackThis log....

Logfile of HijackThis v1.99.1
Scan saved at 01:19:23, on 06/04/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\... Read more

A:connected to the internet, can ping sites, but can't open sites in IE/FF

Read other 9 answers
RELEVANCY SCORE 80.4

I can't call up any sites with Internet Explorer. I don't know whether this is a blessing or a curse. I have tried all of the pinned suggestions. I have a linksys router which I've bypassed and I've turned off my ZoneAlarm Internet Security; heck, I've even uninstalled it. Reiinstalled when discovered that that wasn't the problem. My uber-geek bud, 'SoundBlister,' wonders what is my problem. My Firefox, Opera, and K-meleon work fine. Automatic Updates works fine. I have even uninstalled and reinstalled the OS, XP Professional SP2, and still obtain the same results. I have tried it without selected programs installed. I have had the hardware and software environment checked by an ex-employee of Microsoft. He couldn't find anything wrong, except IE can't raise any sites. I live in Huntsville, AL and in a rural setting without any profound radiation sources. None of my neighbors have this problem. I figured that I must be doing something during setup or configuration (like turning off the wrong service), so I got a friend to install XP the last time. Nope. I forgot about the problem for a few months because it doesn't really bother me. I can download from the Microsoft sites with Firefox; Microsoft provides a plugin for that. It is the mystery that bothers me. Any theories welcome. I don't have this problem on my other Windows computer, just my main one. I don't use IE on my Mac.Any information needed beyond what I given?

A:I Can't Access Any Sites With Internet Explorer, Not Even Microsoft Sites

Hello,This is just a suggestion you may consider trying, not a fix or workaround. Maybe downloading and installing IE7 beta is worth a shot. Just some food for thought.Hope this helps,nos

Read other 3 answers
RELEVANCY SCORE 79.2

Hi,

When i am opening my intranet websites which have security prompts
from IE11 in windows server 2016 as shown below and passing the credential,its not responding after clicking OK button.


Request advise on the same.



Thank you.

Regards,
Prashant

Read other answers
RELEVANCY SCORE 78.4

Hi, i am looking for a policy that will allow me to uncheck 'display intranet sites in compatibility view' without graying out the option to recheck it if a user needs the option in the future. So far the only option i found under Computer
Configuration/Administrative Templates/Windows Components/Internet Explorer/Compatibility View/Turn on Internet Explorer Standards Mode for Local Intranet would gray out the option to recheck the box.

Read other answers
RELEVANCY SCORE 78.4

Hi,

We have an odd issue. IE11 is running all sites in compatibility mode. This appears to be because it is treating all sites as being in the Intranet Zone. This is:
a) breaks many websites that require modern browsers 
b) is a huge security issue as many protections are disabled by default on the intranet zone.

Has anyone else seen this or have ideas on what we can do to solve it.

I will add that we have autodetect proxy settings enabled, and wpad hosts a proxy.pac that instructs browsers to go direct to all websites. 

Thanks

Nick

Read other answers
RELEVANCY SCORE 77.2

My google start page keeps coming up in German. I set the home page to google.com/ncr, but I know there's still a problem. Also, I get redirected sometimes to sites that are NOT what I know the end result page is supposed to be - but rather to a site displaying shopping sites as a search return. This is being posted by a friend using my comp via logmein...

A:google redirected to german version, searches redirected to shopping sites

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.Please describe the issues you are experiencing with your computer.

Read other 5 answers
RELEVANCY SCORE 74.8

When I am on various web sites, I frequently get "bounced" out of the site and over to a site with the "Gateway" logo and "powered by Google" search box at the top. Then there will be a message such as the following:

"Sorry, we couldn't find http://ad.doubleclick.net/adi/N4359.Comcast/B2201030.14;sz.
Here are some related links: "

And then a bunch of "sponsored links" and "Web search results" are listed.

I've noticed that the bounce is triggered by ads that emerge on the websites. (Not pop-up ads, but ad space that is built into the actual page of the website.) I use Comcast for my e-mail, and when I open the comcast page, I frequently get the "bounce" to the Gateway site when the ad begins to load on the screen.

However, it seems that not all types of ads trigger the bounce. Sometimes the ad appears and I can continute on to the sign-in process.

On the Comast site, I have also been able to foil the bounce by clicking on the scroll bar as fast as I can and scrolling down to the bottom of the screen, holding onto the mouse button the whole time. I wait past the point where the ad typically loads, then scroll back up to the sign-in box. (although, perhaps I am not really foiling it; rather its just an ad that does not bounce me out of the Comcast site. I'll never know!)

On the sign in screen, there are built in ads also. I am sometimes "bounced" from this screen. Once I get i... Read more

A:Redirected to "Gateway powered by Google" from various Internet sites

Read other 10 answers
RELEVANCY SCORE 72.4

Hi this help request is started as a result of the problem discussed at this forum thread http://www.bleepingcomputer.com/forums/t/489575/ie8-address-redirectfail-virus/page-2
 
XP Pro 32 SP3 and all updates, IE8 and Mozilla Firefox ("MzF"), Windows Firewall and MS Security Essentials running. MzF was uninstalled after sensing the problem and works properly.  I orginally thought this was a search engine redirect problem, but the problem is present at the IE8 address bar. 
 
IE8 works okay on some websites such as www.cbc.ca/news and all resulting page links, but others like www.dailymotion.com open up and then give a "You are about to leave a secure internet connection.  It will be possible for others to view information you send.  Do you wish to continue?" error popup.  When I answer no, the proper webpage remains and works (is viewable), except the same security warning error reoccurs whenever any page navigation link is selected.
 
The above link shows how the problem started and was worked.  Some progress and improvement was made, however the problem still exists.  But at least it is now being contained (controlled).  I Hope.
 
Thanking you for any help that can be offered.  Here's the DDS log.  The Attach.txt file here
 attach.zip   3.31KB
  0 downloads
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 13:27:33 on 2013-0... Read more

A:IE8 being redirected only on some sites

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from one of these locations:Link 1Link 2IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recov... Read more

Read other 17 answers
RELEVANCY SCORE 72.4

I keep getting redirected to other sites while I'm online and pop-ups are are coming up on my screen when I'm not even on the computer. I keep running spybot and adaware and "Roings" keeps showing up, even though I keep deleting it. Could someone please help? Here's my Hijack This log. Thanks.

Logfile of HijackThis v1.97.7
Scan saved at 3:21:14 PM, on 6/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PROMon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\npqmbcfx.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Documents and S... Read more

A:I'm being redirected to other sites--Please help!

First you need to unzip (extract) Hijack This and move it to a permanent folder. It will not function properly when run from the zip folder or the Temp folder.

You need to create a new folder in My Documents and name it Hijack This. Right click on the HijackThis.zip file and choose "Extract all" and extract it to the Hijack This folder you created. That way it can create and restore backups if needed. HJT will store the backups in the same location that it is run from.

Go to Add/Remove programs and uninstall Broadjump.

Aslo uninstall SpyKiller if you have not paid for it. It isn't worth having. Adaware and Spybot are better for free.

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - C:\WINDOWS\System32\Zedd4.dll

O2 - BHO: (no name) - {09B45AF3-F08B-474B-9CF3-598FFACA2C7F} - C:\WINDOWS\xlkoizt.dll

O2 - BHO: (no name) - {D7D3B75B-1BB1-4315-91BA-127820EEABB4} - C:\WINDOWS\glicvz.dll

O2 - BHO: (no name) - {EFF80427-F837-4B74-8834-BAF18E0553FD} - c:\PROGRA~1\System\Misc\mbh19.dll

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [tgcmd] "C:\Progr... Read more

Read other 2 answers
RELEVANCY SCORE 72.4

Hi
Just wondered if you could give me some guidance???
I am using Windows Vista and every time I go to a website via a search engine, I click on the website and get redirected to sites such as bing and ad sites.
I ran a sytsen scan and nothing has been picked up so am at a bit of a standstill....not sure what to do and have limited knowledge regarding pc's.
Many thanks

A:Keep getting redirected to other sites

Hello and welcome. Let's start here. Reboot into Safe Mode with Networking How to enter safe modeUsing the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links

below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as

malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As

Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the... Read more

Read other 11 answers
RELEVANCY SCORE 72.4

Hello,When i hit some links, i get redirected and a pop-up window appears when it shouldn't, but when i run avast and norton antivirus they detect nothing, so I made a log and I'm posting it here to see if anyone can tell me what to fix. I'm running windows 7 64 bit. And it happens in google chrome, internet explorer, and firefox.Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 2:17:05 AM, on 3/31/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exeC:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exeC:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exeC:\Program Files\Alwil Software\Avast5\avastUI.exeC:\Users\n.5\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exeC:\Program Files (x86)\Hewlett-Packard\HP D... Read more

A:Being redirected to other sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 72.4

I'm new to this forum and site and have little pc knowledge. Whenever if try to go to a website, i get re-directed all over the place. I'm not certain what other information to provide to you or what i need to run for help. I appreciate anything that you can do for me. I'm completely stuck and unable to get to any site; even to search for help. thanks
 

A:redirected sites

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:32 PM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\StacSV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\System32\svchost.ex... Read more

Read other 1 answers
RELEVANCY SCORE 72.4

hey,
sometimes, when i click on a website on google, i get redirected to some random ad website. It is extremely annoying. Help!?

HJT log
Logfile of HijackThis v1.99.1
Scan saved at 9:14:12 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\urooj\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0... Read more

A:redirected to add sites

You have been offered help here: http://forums.techguy.org/security/551944-weird-happenings.html and you still have no active AntiVirus!
I'm closing this thread. Continue in your other thread until the problem(s) are resolved.
 

Read other 1 answers
RELEVANCY SCORE 72.4

Hey whenever I goto google or something and click on a result that comes up when I search for something, it redirects me to all these random sites. One that I can remember is like btcar.com.. Anyone know why it's doing this? I dont have much installed on my comp.. tried removing spyware with adaware and it did nothing.

thanks in advance
 

A:Help please, being redirected to other sites

here's my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 4:57:09 PM, on 27/05/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\trayit!\trayit!.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\Program Files\PokerRoom.com\PokerRoom.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.1... Read more

Read other 2 answers
RELEVANCY SCORE 72.4

Everytime I click a link when i search for something, i get redirected to other sites. Please advise!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:08 PM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Allume\StuffIt\MXTask.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Allume\StuffIt\mxtask.exe
C:\P... Read more

A:Keep Getting Redirected to other sites

Read other 6 answers
RELEVANCY SCORE 72.4

Hi, and thanks for your interest. I have been researching as much as I can about this, because I know how frustrating it can be having to deal with some people on here. I bought this computer from my fiancee's friend. Come to find out, he'd had like 4 viruses and many other problems. I have eliminated almost all of the threats I've found on my computer, but I am still having trouble. Every now and then, I have websites being redirected (especially when clicking on ads on Google, and ALSO anytime I try and download ANYTHING from Microsoft.com's download center- you can imagine the problems there).Just wondering what these lines are in the 017 section of my log and if this is what is causing these problems. Here is the last (and hopefully final) HijackThis log from my computer, posted on networktechs.com : http://hjt.networktechs.com/parse.php?log=554347 . Any further assistance would be GREATLY appreciated! Thanks!PS: The R3 line has been removed already, sorry for that still being on there.

A:017 help- sites being redirected.

xThe use of auto-HJT analyzers is not recommended by BC.Please follow the instructions here and post anew.This thread is closed.

Read other 1 answers
RELEVANCY SCORE 72.4

Hello to all. I also am experiencing my IE8 being redirected to many sites over and over. My main form of defence has been McAfee and Windows Defender. Somehow a little bugger has gotten into my computer and I've been unable to find it. I have run numerous scans with many programs and the only thing that has come up is ALUREON.H trogan. Programs say that it has been fixed and McAfee can't find it with a full scan, but I still keep getting redirected constantly. I have a program showing up in my task manager called BSVFQ1ND.EXE which I've traced and deleted over and over, but still comes back. Your help will be much appreciated. Here is my HIJACKthis log for your review. Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:14:32 AM, on 6/10/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS&#... Read more

A:IE being redirected to many different sites

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 2 answers
RELEVANCY SCORE 72.4

Hello, my browser constantly redirects me to other sites and I'm not sure how to fix this. I've done scans using Spybot Search and Destroy, Malwarebytes Ant-Malware, and Spyware Doctor. Even after completing all these scans, the problem still persist...can anyone tell me what I should do next? Thanks for your help!

A:Keeps getting redirected to other sites...

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 72.4

Hi,
Firefox browser has been redirecting me to other sites while browsing lately. The ad-sites that I get redirected to open up a new tab and are completely unrelated to the sites which i am surfing on. Some of the sites that have been popping up randomly are

craveonline.com
savecompare.com

I've ran Combofix, AVG, Ad-Aware, and I'm running Spybot Search and Destroy right now. Nothing has fixed it so far. I've tried doing a clean re-install of firefox and I even system restored it to a week ago. Please help me! Thanks!

A:Being redirected to ad sites

Here is my HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:23 PM, on 4/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Micro... Read more

Read other 2 answers
RELEVANCY SCORE 72.4

Help me enlightened tech guys:

Logfile of HijackThis v1.99.1
Scan saved at 7:20:55 PM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\AOL\1143407860\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WIN... Read more

A:redirected to sites/pop ups

Read other 7 answers