geordie_aaron Posted July 19, 2009 Share Posted July 19, 2009 can tell the mrs has been on my laptop......its broke (kinda). whenever i search ANY search engine and click any link from the results - it redirects to a webaddress, something like missinpages.com or something like that...then redirects again to a typical advertising webpage... it first started in IE 8 so i uninstalled and reinstalled......still happened, so i installed firefux....same thing....uninstall both run antivirus ETC install both.... still happening. any help? i'm Shite with regedit Link to comment Share on other sites More sharing options...
MCCORNY11 Posted July 19, 2009 Share Posted July 19, 2009 i would say spyware/malware try ad aware i would also check your host file! found at the following location C:\Windows\System32\drivers\etc your should look like this # Copyright © 1993-2006 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost::1 localhost have a look at this website will help block most spyware and malware http://www.mvps.org/winhelp2002/hosts.htm Link to comment Share on other sites More sharing options...
mykez69 Posted July 19, 2009 Share Posted July 19, 2009 yeah you have been hijacked! malware bytes antimalware sometimes shifts it, lavasoft ad-aware sometimes works get CCleaner, clean all rubbish out the sytem Link to comment Share on other sites More sharing options...
JC Posted July 19, 2009 Share Posted July 19, 2009 Funily enough I've got this problem too :-( Link to comment Share on other sites More sharing options...
geordie_aaron Posted July 19, 2009 Author Share Posted July 19, 2009 http://101.123bounce.com/xtr_new?q=ccleane...YXM1uN6HqmurA== thats the bastad address. Link to comment Share on other sites More sharing options...
geordie_aaron Posted July 19, 2009 Author Share Posted July 19, 2009 just installed/ran CCleaner (managed to freee up 2GB.....holy shat) but problem is still here?!!? next.... Link to comment Share on other sites More sharing options...
JC Posted July 19, 2009 Share Posted July 19, 2009 or http://www.search.pro/results.php?q=powerf...amp;sx_v=0.1146 is the evil one i'm getting! Link to comment Share on other sites More sharing options...
mykez69 Posted July 19, 2009 Share Posted July 19, 2009 have you tried malwarebytes anti malware? try and find the name of the thing that keep redirecting you, it will show one link in the adress bar for about a second, then the link will change and redirect you to some random site find the name that comes up for a second, and google it eg '<name of redirector> removal' try soyware search and destroy as well also give hijackthis a try, see if anything dodgy is shown in the hijackthis log Link to comment Share on other sites More sharing options...
geordie_aaron Posted July 19, 2009 Author Share Posted July 19, 2009 it wont let me on the site for malwarebytes LOL this is the hijackthis file...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:43:48, on 19/07/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Normal Running processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\taskeng.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\SearchProtocolHost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeO4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.htmlO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cabO16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/...NPUplden-gb.cabO16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0355B561-978B-4EF6-AF45-5A794E1B4D54}: NameServer = 85.255.112.125,85.255.112.159O17 - HKLM\System\CCS\Services\Tcpip\..\{E63B81BA-7516-4DA9-9A8E-76C80059ABE0}: NameServer = 85.255.112.125,85.255.112.159O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.125,85.255.112.159O17 - HKLM\System\CS1\Services\Tcpip\..\{0355B561-978B-4EF6-AF45-5A794E1B4D54}: NameServer = 85.255.112.125,85.255.112.159O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.125,85.255.112.159O17 - HKLM\System\CS2\Services\Tcpip\..\{0355B561-978B-4EF6-AF45-5A794E1B4D54}: NameServer = 85.255.112.125,85.255.112.159O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.125,85.255.112.159O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeO23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe --End of file - 8702 bytes wont let me on spyware search and destroy site either haha snorter lil virus this aint it.......i've not had any mal/ad/virus/hacks ETC ETC since i was about 16!!! Link to comment Share on other sites More sharing options...
geordie_aaron Posted July 19, 2009 Author Share Posted July 19, 2009 anyone? Link to comment Share on other sites More sharing options...
duffa Posted July 19, 2009 Share Posted July 19, 2009 you tried housetrend?...free online scan Link to comment Share on other sites More sharing options...
mykez69 Posted July 19, 2009 Share Posted July 19, 2009 searchfilterhost looks suspecious trying closing the process ctrl + alt + del then do a search see if still redirects Link to comment Share on other sites More sharing options...
MCCORNY11 Posted July 19, 2009 Share Posted July 19, 2009 did you look at your msconfig start up items? i would recommend the host file mod will help in the future but i can supply you links to software to get rid of it Link to comment Share on other sites More sharing options...
geordie_aaron Posted July 19, 2009 Author Share Posted July 19, 2009 yup 100% sure there is NOTHING in startup/msconfig what is interesting though.... i've just noticed there is two IEXPLORER.EXE running, can't 'end process' either, but can 'end process tree'...one uses a load of 29k other uses 4 Link to comment Share on other sites More sharing options...
MCCORNY11 Posted July 19, 2009 Share Posted July 19, 2009 direct links for the software try this link for adaware http://dw.com.com/redir?edId=3&siteId=...t%3Ddl-ad-aware spybot search and destroy http://projects.securitywonks.net/projects...load.php?file=2 if it cant be done in normal try safe mode Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now