help

hi guys have a problem for the past week or so
when i m on a page very often i get directed to another page
(a window pops up asking if i want to change page or continue bot no Mather what i do it changes) real pain any program i can use to fix the problem?
THANKS Giovanni

Hello sta_minghia

can you please post a log of hijack this Get it

“may be” your hosts file is infected or some kind of worm is doing this… post the log of hijack this.

sorry for my ignorance what do you mean(post a log of hijack this )
thanks

oki.

download “hijackthis” installer from here : http://www.filehippo.com/download_hijackthis/download/8571e06e5eb8ab03c649f3b5d647c599/

install and do a system scan only.

let it complete and you will have a option to save the log.

save it somewhere you can find on your pc.

then while posting here use the additional options and browse for the log file.

HIS IS WHAT I GET real appreciate the help thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:01 AM, on 14/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.finance.yahoo.com/investing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM..\Run: [Google Quick Search Box] “C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe” /autorun
O4 - HKLM..\Run: [ISTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM..\RunOnce: [SpybotDeletingA6108] command.com /c del “C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL”
O4 - HKLM..\RunOnce: [SpybotDeletingC2110] cmd.exe /c del “C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL”
O4 - HKLM..\RunOnce: [SpybotDeletingA1172] command.com /c del “C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL”
O4 - HKLM..\RunOnce: [SpybotDeletingC9502] cmd.exe /c del “C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL”
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU..\Run: [Google Update] “C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU..\RunOnce: [SpybotDeletingB4783] command.com /c del “C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL”
O4 - HKCU..\RunOnce: [SpybotDeletingD7864] cmd.exe /c del “C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL”
O4 - HKCU..\RunOnce: [SpybotDeletingB7096] command.com /c del “C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL”
O4 - HKCU..\RunOnce: [SpybotDeletingD5752] cmd.exe /c del “C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL”
O4 - Startup: DATEwise3.lnk = C:\Program Files\BizWare Magic DATEwise\DATEwise3.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\StreamingStar\HiDownload\hidownload.exe (HKCU)
O16 - DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} (ClientPlugin Object) - https://techinline.net/Client/TIClient.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1ca0fbdf08d2d20) (gupdate1ca0fbdf08d2d20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe


End of file - 10341 byteshi

Do you have avast installed?..

anyways,

you already have mbam, update and do full scan. post the log here.

also do a scan using superantispyware (you have it on your pc.)

after doing the above, get the avast installer from here : http://www.avast.com/eng/download-avast-home.html (get the required language installer).

download avg uninstaller : http://www.avg.com/download-tools

select the correct one : 32 bit or 64 bit.

then uninstall avg

reboot.

install avast.

reboot.

update.

do a boot time scan : www.digitalred.com/avast-boot-time.php

get safer on internet.

see ya.

how can see which is the good one 32 or 64
before i had avast then had to reinstall window and the tech installed avg
i will reinstall avast

right click on my computer > properties

Click the General tab. The operating system is displayed as follows:

 For a 64-bit version operating system: Windows XP Professional x64 Edition Version < Year> appears under System.
 For a 32-bit version operating system: Windows XP Professional Version <Year> appears under System. 

Note is a placeholder for a year.

and download the one you want.

ok i have windows xp professional version 2002 service pack 3
so is 32bit?

yes if it says so.

thank you i m scanning with malwarebytes keep you posted of outcome

this is the results of pc tools spyware doc
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@s8.shinystat[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@chitika[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clicktorrent[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.usenext[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@s7.shinystat[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@servedby.adxpower[5].txt
C:\Documents and Settings\Administrator\Cookies\administrator@servedby.adxpower[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@servedby.adxpower[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@servedby.adxpower[1].txt
malwarebites found nothing
i will reinstall avast
thanks again much appreciated

don’t worry about the cookies reported. let your scanner deal with it. are you still getting redirected?.

edit : give a try by resetting the hosts file. get the microsoft host reset application from here : http://go.microsoft.com/?linkid=9668866

you have so many toolbars installed. did you really install it?.. (some applications does it while installing). please remove those toolbars, if you don’t need it…

@sta_minghia: Take care about having both avast! and PC Tools Spyware Doctor installed, they may conflict and freeze your system. Shutdown or uninstall it before installing avast!.
Since you use Malwarebyts Antimalware you don’t need PC tools Spyware Doctor, also if you want a second Antispyware use Spyware terminator as scanner only (not real time protection).
removing PC tools spyware doctor would speed up your computer for sure :slight_smile:

also, another way it reset and immunize your hosts file by this way:
Download and install HostsMan.
after install run it, click on “update Hosts”, choose “MVPS Hosts” and in below options choose “Overwrite Current” hosts.
this step would immunize your Hosts File and would prevent any internet traffic to malware sites and also would fix Windows Hosts File if it has been HiJacked by malwares.

the other thing is SUPERAntiSpyware running which I’ve removed from my real time protection (even removed from startup) because of poor detection rate and also having impact on my system performance during running multiple program in same time.

Agree :slight_smile: having too many toolbars running in same time would make your browser unstable, launch it slowly and also fewer space to see the site you are visiting :slight_smile:

The problem is spyware doctor (SD) can conflict with avast as it also monitors the avast4 temporary folder and that is where avast unpacks files to be scanned of scans web content from the web shield. This can cause conflict as both are trying to lock the file so it can be scanned, so users of SD should exclude the avast4 folder from the resident scanner.