Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected by Overclick.cn [Moved]


  • Please log in to reply
7 replies to this topic

#1 gdm27

gdm27

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 12 July 2009 - 12:53 PM

I have previously had a problem with malware redirecting my browser searches, but never before has it been this severe. About 90 percent of the time I click on a link provided by Google, I am redirected to an ad page by overclick.cn, handyseek.com, monstermarketplace.com, blinkx.com, lowpriceshopper.com or some other such ad site. Around this same time, I encountered a second problem:
Problem #2: I stopped being able to get any sound over my PC speakers. My PC is a Sony PCV-RS630G. My sound device is SoundMAX Integrated Digital Audio and the error message I get (for instance when I try to use the volume control) is this: "Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)" When I try to open Windows Media Player, it says "Windows Media Player cannot play the file because there is a problem with your sound device. There may not be a sound device installed on your computer, it may be in use by another program, or it may not be functioning properly." In the Computer Management window, under "Sound, video and game controllers," there is a yellow exclamation mark next to SoundMAX Integrated Digital Audio.
I thought it might help if I restored my PC to an earlier point, that is, some date before I started encountering these problems. However, that is when I encounered Problem #3: When I tried to open VAIO System Restore, it told me it was unable to find a restore point. When I tried to open the VAIO Recovery Wizard, it would not open. Instead, I got an error message that read something like "VAIO Recovery Wizard cannot find recovery partition."
Starting to get frantic, I came across this forum and read up a bit on Combo Fix. I mulled it over for a week before getting up the nerve to download and run it last night, careful to heed all of the warnings, and aware of the risk. At the end of the process I saved the log, which I will only post after being asked to do so.
So far, it seems like my overclick.cn problem is gone. And now, at least VAIO Recovery Wizard and System Restore open, but I am not sure they work properly. I tried to create a restore point after Combo-Fix had finished and closed. I was told a restore point had been created for that date (yesterday), with the name I had given it, which made me very happy, but today when I opened the "Wizard" there were no restore points AT ALL, not even the one I created last night. So that is a disappointment. I should add that also to test if the Recovery Wizard was working, I created a set of recovery discs. I don't know if that really worked - - if valid recovery discs really were made - - because I hestiate to put the discs in my disc drive for fear of starting a complete windows recovery process that I am not sure I really want to engage in. Would making the recovery discs change or interfere with the restore points? As for the sound, it is still completely gone. So the bottom line to date is it seems like I have solved about one and a half of my three problems.

I will be forever grateful for any help you can provide in solving these problems. Please let me know if you want me to post my Combo-Fix log.

Thanks in advance.

Edited by gdm27, 12 July 2009 - 12:54 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,989 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:13 AM

Posted 12 July 2009 - 02:57 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 gdm27

gdm27
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 12 July 2009 - 05:54 PM

I will also add that the sound probelm is not likely to be the speakers themselves, because I took another set of speakers that work from another PC and plugged them into my problem Sony PC. Still no sound.

Thanks.

#4 gdm27

gdm27
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 13 July 2009 - 06:31 PM

A quick update. Last night I reinstalled Norton Internet Security and went onlline for updates of the program. I received what must have been a substantial amount of updates, because when I did a scan afterward, a fair number of infected files were found, that had not been found by a half dozen other anti-spyware/malware programs. After deleting the infected files this morning, my sound returned, much to my surprise. Previous quarantining of malware/spyware had not brought back my sound. My fingers are crossed that this is not temporary. Counting the apparent elimination of the overclick.cn redirect, this might mean I have solved 2 out of my three problems. I have still lost all of my restore points, including the one I made after running Combo-Fix, and I have no idea if the recovery discs I made with VAIO Recovery Wizard are any good.

Edited by gdm27, 13 July 2009 - 10:37 PM.


#5 gdm27

gdm27
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 15 July 2009 - 07:07 AM

I don't know, maybe I am still infected with something. Opening any application seems to take longer than it used to, with more than occasional screen freezes or else the PC just hangs there with the hour glass while the processor sounds like it is chugging away.

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:13 AM

Posted 15 July 2009 - 07:15 AM

Hello gdm27 and :thumbsup: to BleepingComputer.

Since we're in the Am I Infected forum, we will first run some scans to check that you are free of malware.

This scan may take several hours to complete.

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

***************************************************

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (uncheck all others):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
~Blade

In your next reply, please include the following:
SUPERAntiSpyware Log

Edited by Blade Zephon, 15 July 2009 - 07:16 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 gdm27

gdm27
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 15 July 2009 - 08:30 AM

Thanks very much Blade. Is it OK to leave Norton Internet Security and/or Registry Mechanic running at the same time I am running the SUPERAntiSpyware scan, or should I close/disable them?

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:13 AM

Posted 15 July 2009 - 09:43 AM

Neither of those programs should be running when you boot into Safe Mode.

A warning regarding Registry Mechanic:

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Edited by Blade Zephon, 15 July 2009 - 09:46 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users