Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Lately when I use google and click the links I get redirected to different sites. Not only that but when I try to go to sites for removing addware and viruses they keep coming up as "Page Cannot be Displayed" even though I know they are still running. It even happends when I try to go to windows update.
I've tried going into my startup and removed everything that wasn't essencial for running my computer and it is still happening.
In another thread about a similar problem I got HijackThis, but I'm not sure what is good or bad so here's the log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:17 AM, on 1/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\GrabIt\GrabIt.exe
C:\Program Files\QuickPar\QuickPar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe--
End of file - 4377 bytes
Also I've tried running Ad-Aware to find anything but it hasn't, but when I try to update ad-aware it says that it can't connect to the server. So whatever this is it's designed to keep you from updating anything that could remove it.
Report Offensive Follow Up For Removal
Please download and install Superantispyware from http://www.download.com/SUPERAntiSp... and Malwarebytes Antimalware from http://www.download.com/Malwarebyte... Next do a scan with both. This should get you fixed up. Please let me know how it goes.
Thanks,
Chris
Report Offensive Follow Up For Removal
Well Chris they didn't work.
When I ran mbam-setup.exe I got the usual firewall alert asking if I want to run it. So I hit run and nothing happend. I waited for over 10 minutes for an install window or something to happen and nothing.
When I ran SUPERAntiSpyware.exe and got the same firewall alert and as soon as I hit Run I got a windows error saying that it had to be closed. Tried it again and got the same thing.
I even tried going into safe mode and run them there but got the exact same results.
Any other ideas?
Report Offensive Follow Up For Removal
Please download smitfraudfix http://siri.geekstogo.com/Smitfraud... and see if that will get you going. Also you may be able to change the names for SAS and malware bytes and see if they will run then. Please let me know how it goes.
Thanks,
Chris
Report Offensive Follow Up For Removal
Well Chris geekstogo.com is one of those places this thing isn't letting me go to. I click your link and all I get is "Page Cannot Be Displayed". And when I went to download.com to search for smitfraudfix they don't seem to have it. Do you know of any other third party download site I could get this from?
Report Offensive Follow Up For Removal
Any chance someone can spot something wrong in that log I posted that I can get rid of with HijackThis?
Report Offensive Follow Up For Removal
Hi There,
I am having exactly the same problem, Google is redirecting and i can't go to any websites (other than this one) that might help and I cant download or update any new software to remove this.
Has anyone had any luck with this yet?
thanks,
mclittle
Report Offensive Follow Up For Removal
Well chris no dice with bleepingcomputer.com. Like the other sites all I get is "Page cannot be Displayed".
Its looking like I might have to reformat and reinstall Windows.
Report Offensive Follow Up For Removal
 |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
