Computer Hope

Software => Internet browsers => Topic started by: stevengerrard on March 04, 2007, 09:05:08 PM

Title: Wierd thing
Post by: stevengerrard on March 04, 2007, 09:05:08 PM

When I try to open a few sites, I automatically get re-directed to other sites. For example, when I try to open http://bloomingdales.com, I get taken to something completely different. This works with a couple of other sites. I know I am spelling everything correctly and accessing their proper site. Also, I have tried from a different computer almost at the same time, and it accesses those sites. What could be wrong?

Title: Re: Wierd thing
Post by: lordoftheplat on March 04, 2007, 10:54:27 PM

maybe its a spyware?

Title: Re: Wierd thing
Post by: HollywdTM on March 04, 2007, 11:13:58 PM

If it is Spyware run these programs

Spybot Search & Destroy
http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1

Ad-aware
http://fileforum.betanews.com/detail/Adaware_SE_Personal/965718306/1

If these programs detects any  spyware or Data-mining, aggressive advertising, Parasites, Scumware, selected traditional Trojans, Dialers, Malware, Browser hijackers, and tracking components. It will removed them that should help!!!

Title: Re: Wierd thing
Post by: GX1_Man on March 05, 2007, 04:18:26 AM

You didn't bother to mention what virus and spyware protection you have, but you obviously have malware.

Have a read here:

http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1149948530

Title: Re: Wierd thing
Post by: stevengerrard on March 08, 2007, 01:02:42 PM

I have AVG Internet Security 7.5. It found nothing.  :-?

Also, won't anything happen to my computer If I install that adware program but already have AVG? I thought having two Anti virus programs is bad for a computer. :-?

Title: Re: Wierd thing
Post by: patio on March 08, 2007, 01:26:39 PM

There are many different programs that do different things in regards to malware.
What GX was referring to is running 2 anti virus apps such as AVG and Norton...or Avast and MacAffee.
To clarify here is what you might want to have as none of these programs bang heads or clash:
An Anti Virus program.
You stated you have AVG, great. One of the best if updated and ran regularly.

To this you can add the following...all FREE.

AdAware____searches for and gets rid of adware

Spybot____searches for and gets rid of spyware.

AVG Anti-Spyware___searches for and gets rid of trojans, backdoors and keyloggers.

CCleaner___removes histories, old cookies especially the trackers and does a general cleanup.

Along with what i have suggested you should dload and run Hijack This after running/updating all of the above programs and post a log here and we can have a look.

Isn't staying safe fun ? ?

Seriously the above should get you pretty clean and we can go from there.

p.s. Remember to always update before scanning and never run more than one scan at a time.

patio.    8-)

Title: Re: Wierd thing
Post by: stevengerrard on March 08, 2007, 09:29:42 PM

All right so I ran the Adware program and my anti virus and removed everything, but I am stuck with the same error.  :-?

Title: Re: Wierd thing
Post by: GX1_Man on March 09, 2007, 04:16:20 AM

And did you do all of these scans in safe mode with system restore turned off?

Maybe you should re-read the link I posted and then have a read here:

http://www.pcstats.com/articleview.cfm?articleID=1579

Title: Re: Wierd thing
Post by: vinhboy on March 09, 2007, 03:47:47 PM

this might seems obvious and gimmicky, but have you tried FireFox?
if not, try it.
if yes, then it sounds like you have a spyware. if you tell me what verions of IE you are running I can help you further.

Title: Re: Wierd thing
Post by: patio on March 09, 2007, 05:40:40 PM

Quote

this might seems obvious and gimmicky, but have you tried FireFox?
if not, try it.
if yes, then it sounds like you have a spyware. if you tell me what verions of IE you are running I can help you further.

The browser is not the issue here....

Title: Re: Wierd thing
Post by: stevengerrard on March 09, 2007, 07:12:24 PM

Where do I download Hijack this and how do I run it?

Title: Re: Wierd thing
Post by: GX1_Man on March 09, 2007, 08:25:26 PM

Quote

And did you do all of these scans in safe mode with system restore turned off?

Maybe you should re-read the link I posted and then have a read here:

http://www.pcstats.com/articleview.cfm?articleID=1579

This is the place to start. What did you learn when you did the above and read the link? Did you run spybot?

Title: Re: Wierd thing
Post by: stevengerrard on March 10, 2007, 06:07:41 PM

Here is my hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 8:06:12 PM, on 3/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Smart Protector Pro\SmartProtector-Pro.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Smart Protector Pro\SmartProtector-Pro.exe" /stealt
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1CE92AF-B2E6-46C9-9D70-2487DCD8B7C6}: NameServer = 85.255.116.42,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{B40B3415-BBCE-435B-85C7-42CE45786D64}: NameServer = 85.255.116.42,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5B37524-11E8-49CB-8CBD-545B5E1EBE2A}: NameServer = 85.255.116.42,85.255.112.135
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.42 85.255.112.135
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.42 85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.42 85.255.112.135
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

Title: Re: Wierd thing
Post by: stevengerrard on March 13, 2007, 06:27:09 PM

I ran the Adware program and deleted everything. I also ran AVG, CCleaner, and Spybot and again deleted everything that was detected. I am still not able to visit those sites and I think this may be spreading. Any ideas?!

Also, can someone help with my log?