redirects, pop ups

This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.


Thread Starter
Jan 10, 2011
Tech Support Guy System Info Utility version
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz, x86 Family 15 Model 2 Stepping 9
Processor Count: 1
RAM: 991 Mb
Graphics Card: SiS 650_651_M650_M652_740, 32 Mb
Hard Drives: C: Total - 305234 MB, Free - 252779 MB;
Motherboard: ASUSTeK Computer INC., P4S533MX, REV 1.xx, xxxxxxxxxxx
Antivirus: AVG Internet Security 2011, Updated: Yes, On-Demand Scanner: Enabled
i get pop ups every so often- on both mozilla-firefox and internet
explorer. i get redirected even when that site hase no relation to the site i may be veiwing also when i attempt to access a site upon start up or change when on another site


Thread Starter
Jan 10, 2011
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:38:53 PM, on 1/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

End of file - 8078 bytes


DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/15/2010 1:00:54 PM
System Uptime: 1/12/2011 4:00:33 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4S533MX
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | PGA 478 | 2394/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 246.774 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart 2600 series
Manufacturer: HP
Name: Photosmart 2600 series

==== System Restore Points ===================

RP72: 11/4/2010 1:57:09 PM - System Checkpoint
RP73: 11/5/2010 2:22:01 PM - System Checkpoint
RP74: 11/6/2010 2:59:51 PM - System Checkpoint
RP75: 11/7/2010 2:04:30 PM - System Checkpoint
RP76: 11/8/2010 4:59:29 PM - System Checkpoint
RP77: 11/9/2010 5:58:54 PM - System Checkpoint
RP78: 11/10/2010 6:50:06 PM - System Checkpoint
RP79: 11/11/2010 3:02:07 AM - Software Distribution Service 3.0
RP80: 11/12/2010 3:58:10 AM - System Checkpoint
RP81: 11/13/2010 11:55:53 AM - System Checkpoint
RP82: 11/14/2010 6:20:41 PM - System Checkpoint
RP83: 11/16/2010 8:13:07 PM - System Checkpoint
RP84: 11/18/2010 12:42:56 AM - System Checkpoint
RP85: 11/19/2010 4:38:27 PM - System Checkpoint
RP86: 11/22/2010 3:03:22 PM - System Checkpoint
RP87: 11/23/2010 6:42:09 PM - System Checkpoint
RP88: 11/24/2010 7:15:48 PM - System Checkpoint
RP89: 11/26/2010 12:25:04 PM - System Checkpoint
RP90: 11/27/2010 1:03:22 PM - System Checkpoint
RP91: 11/28/2010 3:26:16 PM - Installed SUPERAntiSpyware Professional
RP92: 11/28/2010 5:06:04 PM - Removed SUPERAntiSpyware Professional
RP93: 12/1/2010 8:39:52 AM - System Checkpoint
RP94: 12/5/2010 6:43:26 PM - System Checkpoint
RP95: 12/8/2010 9:04:10 AM - System Checkpoint
RP96: 12/9/2010 6:48:39 PM - System Checkpoint
RP97: 12/10/2010 2:12:06 PM - Removed Windows 7 Upgrade Advisor
RP98: 12/12/2010 3:28:13 PM - System Checkpoint
RP99: 12/14/2010 4:00:32 PM - System Checkpoint
RP100: 12/15/2010 5:47:00 PM - System Checkpoint
RP101: 12/17/2010 2:22:25 PM - System Checkpoint
RP102: 12/19/2010 2:06:40 PM - Installed Windows Media Player 11
RP103: 12/19/2010 2:09:06 PM - Installed Windows XP MSCompPackV1.
RP104: 12/19/2010 2:16:53 PM - Installed Windows Media Player 11
RP105: 12/19/2010 2:35:08 PM - Installed Windows XP KB2440591.
RP106: 12/19/2010 2:40:42 PM - Installed Windows Defender
RP107: 12/20/2010 7:12:44 PM - System Checkpoint
RP108: 12/21/2010 8:22:35 PM - System Checkpoint
RP109: 12/22/2010 10:48:25 PM - System Checkpoint
RP110: 12/24/2010 12:57:45 PM - System Checkpoint
RP111: 12/25/2010 7:09:05 PM - System Checkpoint
RP112: 12/26/2010 10:27:57 PM - System Checkpoint
RP113: 12/27/2010 10:57:27 PM - System Checkpoint
RP114: 12/29/2010 9:31:07 PM - System Checkpoint
RP115: 12/30/2010 9:53:09 PM - System Checkpoint
RP116: 1/1/2011 6:56:09 PM - System Checkpoint
RP117: 1/4/2011 5:11:59 PM - Installed HiJackThis
RP118: 1/5/2011 8:17:12 PM - System Checkpoint
RP119: 1/6/2011 8:47:19 PM - System Checkpoint
RP120: 1/8/2011 10:07:55 AM - System Checkpoint
RP121: 1/9/2011 10:21:18 AM - System Checkpoint
RP122: 1/9/2011 11:22:40 PM - Installed EmoDio
RP123: 1/10/2011 11:47:17 PM - System Checkpoint
RP124: 1/12/2011 2:57:09 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0
Adobe Photoshop Elements 2.0
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
AVG 2011
ContentSAFER for Wizmax
DAO 3.5
Destination Component
DivX Setup
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Photo Printing Software
HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
HP Photosmart Essential 3.5
hp psc 900 series
HP Share-to-Web
HP Smart Web Printing
HP Solution Center 13.0
HP Update
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
MapSource - Americas BlueChart v6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Excel 97
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 97
Microsoft XML Parser
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OCR Software by I.R.I.S. 12.0
PCI Soft Voice SoftRing Modem with SmartCP
Quicken Deluxe 99
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealUpgrade 1.0
Screen Shot 2.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB923789)
SiS 650_651_M650_M652_740
SiS 900 PCI Fast Ethernet Adapter Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Defender
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11

==== Event Viewer Messages From Past Week ========

1/7/2011 12:55:30 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde sisperf
1/7/2011 10:39:39 AM, error: Dhcp [1002] - The IP address lease for the Network Card with network address 000C6ECC4AC5 has been denied by the DHCP server (The DHCP Server sent a DHCPNACK message).
1/12/2011 12:35:26 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
1/12/2011 12:32:31 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

==== End Of File ===========================
i have ran this three times, once successful and twice not successful.

on the gmer program twice dialog box pop up says program has encountered a problem and needs to close. twice i was able to run the program upon completion statement; gmer has found system modification caused by rootkit activity. the program then freezes up the computer. only able to use by shutting down and re-starting.then i lost everything i had in previous message. sorry for the problems. computer ran ok prior to starting this thanks bigbird 42


Malware Specialist
Feb 24, 2009

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online