Multiple issues including redirect from google

Status
Not open for further replies.

bjenk

Posts: 11   +0
1st and foremost, thank you. I hate that I do not know how to fix my own stuff and I love that there are guys out there to help.

Issues:
1. redirecting from google site, not everytime
2. when I open Windows Internet Explorer a couple senerios occur A. it opens and runs, but then opens another window that is "not responding" or B it opens and "not responding" the only way is to close it and try to open again or C while I have been on the interenet a another WIE will open and open some homepage up

What I have done:
1. read a lot of these threads
2. did the eight step process

attached is my logs, I was not able to find the malwarebytes log, I had to pull it up and save it in a seperate folder. I did not have the Application Data folder under my user name
 

Attachments

  • SUPERAntiSpyware Scan Log - 02-09-2010 - 22-23-39.log
    6.6 KB · Views: 1
  • hijackthis.log
    8.7 KB · Views: 1
  • mbam-log-2010-02-09 (21-45-18).txt
    1.3 KB · Views: 1
Please download ComboFix from Here or Here to your Desktop.


**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Combofix ran attached is the log. Question: I now have superantispyware running in the bottom right corner along with the mcafee. Should both be running at the same time or just one. If just one which would you recommend.
 

Attachments

  • log.txt
    16.9 KB · Views: 1
I now have superantispyware running in the bottom right corner along with the mcafee. Should both be running at the same time or just one. If just one which would you recommend.
No harm done here. Free version of Superantispyware doesn't work in real time, so it's just unnecessary startup. We'll eliminate it later. For now, leave it alone.


How is redirection issue?
 
I have sat here and typed everything I can think of and it seems to be working great.

I still have the Internet Explorer opening up and not responding, it seems after I close it and restart it, it works fine.

Is mcafee slowing my system down, I get is free through comcast, and at time i wonder if i am better off with something different.

Once again
thanks
 
I have sat here and typed everything I can think of and it seems to be working great.
Very good :)

As for IE, we'll see, when we're totally done with cleaning.

As for McAfee, yes, it's pretty lousy program.
If you want to switch to something better, now it's time to do it.
Uninstall McAfee through Add\Remove and after that download and run McAfee Consumer Product Removal Tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

Then, download and install one of these:

- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

After installation, update the program and run full scan.


When done....


1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.


2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

  • Spyware, Adware, Dialers, and other potentially dangerous programs
    [*] Archives
    [*] Mail databases
6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.
 
ok installed avast av and comodo firewall...

I am getting a lot of alerts
1. New private network detected
step 1. give a name to this network
step 2 decide if you want to trust the other pcs in this network
2. svchost.exe is trying to access internet connection.
allow or dismiss

I have a wireless network set up from this computer, is that the network it is asking about.
thanks
 
Yeah, you'll have to get used to Comodo's questions.
It'll learn, so over time, it'll bother you less and less.
It's an excellent program though.

1. Cancel those questions
2. Your computer should be pretty clean by now, so you should allow svchost access.
 
Scanned using avast found one trojan and removed.
went to kaspersky website via the link and it froze my computer up. I had to use task manager to close it. I tried three time and same thing happen. I was not even able to scroll through the privacy and usage on the web site. The first time I waited and the CPU said 100% in lower right task bar. I have avast av disable each time.
attached is a current hijack log
 

Attachments

  • hijackthis.log
    7.5 KB · Views: 1
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8eb71fee55aadb4a860e29a36324ca1e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-12 03:51:13
# local_time=2010-02-11 08:51:13 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777191 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 89 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=92813
# found=0
# cleaned=0
# scan_time=5540
 
Verify your Java version here: http://www.java.com/en/download/installed.jsp
Update, if necessary.
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista).

==========================================================================

Uninstall AskBarDis through Add\Remove.

========================================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
- O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
- O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MT...equoia/key_features/int360.html?noreloadredir


4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
- O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
- O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [unless you have paid version]
- O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [unless you have paid version]


5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.
 
Did as follows:
1.updated java-checked in add/remove and there was only one java that matched what was downloaded
2.could not find AskBarDis in add/remove (there was an Ask Toolbar, which I removed I do not use that)
3.opened hijack could not find:
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
- O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

fix checked all others

after doing this the computer locked up bad...I had to restart...superantispy was running and had to end the task for it to restart

attached is a new hijack log
 

Attachments

  • hijackthis.log
    6.6 KB · Views: 1
Very good :)


Your computer is clean

1. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.
 
Status
Not open for further replies.
Back