Logs added
- Thread starter leesamac
- Start date
- Status
Bobbye
Posts: 16,313 +36
Please keep this problem together on this thread. If you are asked to attach logs or reports, please put them in a reply on this thread.
You will need to get the correct version of HijackThis- instructions below-and scan again.
But I did check the log though and note that you are running multiple antivirus programs:
Avast
Avg
One should be removed for these reasons:
Please decide which you want to keep and uninstall the other. It looks like you may have full, paid versions for both. But if one is a paid version and the other is free, you might want to consider removing the free one.
Here are removal tools for both programs. Download the tool for the AV program you are NOT going to keep. Save it to your desktop- don't run yet:
Avast Removal
OR
AVG Removal: Note: You may have to reinstall AVG to uninstall it fully.
Once you have downloaded the removal tool:
Boot into Safe Mode
Double click on the removal tool on the desktop to run. Reboot into Normal Mode when finished.
Follow instructions below for HijackThis.
You have run the wrong version of HijackThis. Step 7 specifically says: Make sure you use the version on the link HERE (and NOT a BETA version)
Can you tell me where you went for this version? Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Please delete the Beta HijackThis. Then download the correct version above and leave a new log> attach on this thread to your next reply.
You will need to get the correct version of HijackThis- instructions below-and scan again.
But I did check the log though and note that you are running multiple antivirus programs:
Avast
Avg
One should be removed for these reasons:
- Multiple antivirus programs can leave you more vulnerable.
- Multiple antivirus programs can slow the system down.
Please decide which you want to keep and uninstall the other. It looks like you may have full, paid versions for both. But if one is a paid version and the other is free, you might want to consider removing the free one.
Here are removal tools for both programs. Download the tool for the AV program you are NOT going to keep. Save it to your desktop- don't run yet:
Avast Removal
OR
AVG Removal: Note: You may have to reinstall AVG to uninstall it fully.
Once you have downloaded the removal tool:
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Double click on the removal tool on the desktop to run. Reboot into Normal Mode when finished.
Follow instructions below for HijackThis.
You have run the wrong version of HijackThis. Step 7 specifically says: Make sure you use the version on the link HERE (and NOT a BETA version)
Can you tell me where you went for this version? Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Please delete the Beta HijackThis. Then download the correct version above and leave a new log> attach on this thread to your next reply.
Bobbye
Posts: 16,313 +36
Thank you- that's the right one. Just few entries to remove:
Please reopen HijackThis to 'do system scan only.'. Check the following entries if present:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
IF you have an IE tab set to come up as a blank page, leave the following entry. If you do not, check for removal:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O1 - Hosts: ::1 localhost
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) (AVG toolbar)
Close all open Windows except HijackThis and click on "Fix Checked."
Are you still getting redirected? Can you describe as follows:
Since you question a Google Redirect, I'd like you to describe what's happening:
1. If you type a word in the Google search box, and then choose one of the sites that comes up, what happens?
2. Does a different site load?
3. Does any site load?
4. Are the sites the same/different?
5. Are you sure you're not seeing a Google page saying DNS server couldn't be contacted?
Please delete the log you have for the Eset online scanner- then rescan and attach new log. I've got to change any entry for removal.
Please reopen HijackThis to 'do system scan only.'. Check the following entries if present:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
IF you have an IE tab set to come up as a blank page, leave the following entry. If you do not, check for removal:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O1 - Hosts: ::1 localhost
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) (AVG toolbar)
Close all open Windows except HijackThis and click on "Fix Checked."
Are you still getting redirected? Can you describe as follows:
Since you question a Google Redirect, I'd like you to describe what's happening:
1. If you type a word in the Google search box, and then choose one of the sites that comes up, what happens?
2. Does a different site load?
3. Does any site load?
4. Are the sites the same/different?
5. Are you sure you're not seeing a Google page saying DNS server couldn't be contacted?
Please delete the log you have for the Eset online scanner- then rescan and attach new log. I've got to change any entry for removal.
Ok I've done that, as to what is happening...
yes still getting redirected to random sites that have nothing to do with what I'm looking for, if I type a search in google it will bring up correct sites but its when I then click on those searches that the redirection happens, the same sites don't always load and it can be anything that loads up, also I'm getting a blocked site info come up. I get a black screen with a big red box within that which says.. 'reported attack site, this website at c.ppcxml.net has been reported as an attack site and has been blocked'. at the bottom of this box there are 2 click boxes, 1 says. get me out of here! and the other says ' why was this site blocked?' I haven't clicked either of them just clicked the back button.
I'm definitely not seeing google's dns connection server.
I'm sorry I don't understand what you mean with the Eset online scanner? Could you explain a bit more?
Thanks again for your help with this
regards
leesa
yes still getting redirected to random sites that have nothing to do with what I'm looking for, if I type a search in google it will bring up correct sites but its when I then click on those searches that the redirection happens, the same sites don't always load and it can be anything that loads up, also I'm getting a blocked site info come up. I get a black screen with a big red box within that which says.. 'reported attack site, this website at c.ppcxml.net has been reported as an attack site and has been blocked'. at the bottom of this box there are 2 click boxes, 1 says. get me out of here! and the other says ' why was this site blocked?' I haven't clicked either of them just clicked the back button.
I'm definitely not seeing google's dns connection server.
I'm sorry I don't understand what you mean with the Eset online scanner? Could you explain a bit more?
Thanks again for your help with this
regards
leesa
Bobbye
Posts: 16,313 +36
This is Firefox security protecting you. I get this occasionally also. Clicking on "why was this site blocked?" will take you here to read "why." It's a Safe Browsing feature built in to Firefox:
http://safebrowsing.clients.google....nt=Firefox&hl=en-US&site=http://c.ppcxml.net/
I always say "thank you"!
Sorry about not leaving instructions for the Eset scanner. For some reason, I thought you have previously run it. Maybe it was on one of the other threads you started about this.
You have only left a small part of the HijackThis log. I need to see the entire log. The log from the Beta version of HijackThis was 9.1 KB. Your current log is only: 1.6KB. Even though the first was Beta, the size is more realistic than the current one.
Run Eset NOD32 Online AntiVirus Scanner HERE
Note: You will need to use Internet Explorer for this scan.
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Bobbye
Posts: 16,313 +36
I can't tell you why Firefox was protecting you for the 2 sites. There may be some script entry that is a vulnerability. And time you want to know the specifics, click on "why was this site blocked." you will then see what went up against the Firefox security.
The Eset log only has the first 2 lines- no information about the scan results. Did you run the scan? Please repeat and include entire log.
Boot into Safe Mode
Use Windows Explorer: Follow path in Windows Explorer to My computer> Local Drive (C)> Windows> System 32> click on the + sign to expand the section> find FsUsbExService.Exe
C:\WINDOWS\system32\FsUsbExService.Exe<--Delete this file
Now go to Start> Run> type services.msc> scroll down to and double click on the following:
The Eset log only has the first 2 lines- no information about the scan results. Did you run the scan? Please repeat and include entire log.
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Use Windows Explorer: Follow path in Windows Explorer to My computer> Local Drive (C)> Windows> System 32> click on the + sign to expand the section> find FsUsbExService.Exe
C:\WINDOWS\system32\FsUsbExService.Exe<--Delete this file
Now go to Start> Run> type services.msc> scroll down to and double click on the following:
[*]FsUsbExService- Click on Stop Service.
- When it shows that it is stopped> next please reset the Start-up Type to 'Disabled'.
- Close the Services.
Bobbye
Posts: 16,313 +36
Why are you downloading from Limewire while I'm trying to clean the system?!
C:\Users\Leesa\Documents\LimeWire\Incomplete\T-5187322-im in miami girl top #1 hit.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan
P2P or 'file sharing Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall LimeWire for the following reasons:
Please read the information on P2P Warning to help you better understand these dangers.
C:\Users\Leesa\Documents\LimeWire\Incomplete\T-5187322-im in miami girl top #1 hit.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan
P2P or 'file sharing Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall LimeWire for the following reasons:
- As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
- Malware writers use these program to include malicious content.
- Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
- The 'sharing' also includes malware that the shared system has on it.
- Files that are illegal can be spread through file sharing.
Please read the information on P2P Warning to help you better understand these dangers.
Bobbye
Posts: 16,313 +36
Please download OTMovit by Old Timer and save to your desktop.
---------------------------------------
Can you catch me up on your current status? Are you still getting any redirects?
- Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code::Processes :Services :Reg :Files C:\Users\Leesa\Documents\LimeWire\Incomplete\T-5187322-im in miami girl top #1 hit.au C:\Users\Leesa\Downloads\ms2200fr.exe :Commands [purity] [emptytemp] [start explorer] [Reboot] - Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
- Click the red Moveit! button.
- A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
- Close OTMoveIt3
---------------------------------------
Can you catch me up on your current status? Are you still getting any redirects?
- Status
Similar threads
Latest posts
-
How to build a Wii the size of a deck of cards- Daniel Sims replied
-
Sony's Ghost of Tsushima brings familiar PlayStation features to PC- WhiteLeaff replied
