Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search results redirected occasionally


  • Please log in to reply
9 replies to this topic

#1 urnme

urnme

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 07 July 2011 - 12:41 AM

Hi All,

I have a PC here at work connected to our domain, vista business 32 sp2, patched and upto date.

Running eset Antivirus which is upto date.

User is logged in as a standard user.

Using Internet Explorer 8.

When clicking on search results from google, the user is redirected to other pages. Not every time they use it though.

I've run malware-bytes a few times over the last week with no results.

There are no extra entries in hosts.

What do I do?

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:09 PM

Posted 07 July 2011 - 10:39 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 urnme

urnme
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 11 July 2011 - 06:44 PM

Ok, here we go...



# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : DT032
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.local
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-1A-A0-AD-D3-1B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::251b:9d78:cf2a:cc6d%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.16.60(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, 1 July 2011 3:17:32 AM
Lease Expires . . . . . . . . . . : Monday, 25 July 2011 3:17:35 AM
Default Gateway . . . . . . . . . : 192.168.16.253
DHCP Server . . . . . . . . . . . : 192.168.16.3
DHCPv6 IAID . . . . . . . . . . . : 201333408
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-32-75-FB-00-1A-A0-AD-D3-1B
DNS Servers . . . . . . . . . . . : 192.168.16.3
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain.local
Description . . . . . . . . . . . : isatap.domain.local
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: domain-sbs.domain.local
Address: 192.168.16.3

Name: google.com
Addresses: 74.125.153.147
74.125.153.106
74.125.153.99
74.125.153.105
74.125.153.103
74.125.153.104



Pinging google.com [74.125.153.147] with 32 bytes of data:

Reply from 74.125.153.147: bytes=32 time=154ms TTL=53

Reply from 74.125.153.147: bytes=32 time=153ms TTL=53



Ping statistics for 74.125.153.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 153ms, Maximum = 154ms, Average = 153ms

Server: domain-sbs.domain.local
Address: 192.168.16.3

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=229ms TTL=51

Reply from 209.191.122.70: bytes=32 time=227ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 227ms, Maximum = 229ms, Average = 228ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 1a a0 ad d3 1b ...... Broadcom NetXtreme 57xx Gigabit Controller
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
12 ...00 00 00 00 00 00 00 e0 isatap.domain.local
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.16.253 192.168.16.60 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.16.0 255.255.255.0 On-link 192.168.16.60 276
192.168.16.60 255.255.255.255 On-link 192.168.16.60 276
192.168.16.255 255.255.255.255 On-link 192.168.16.60 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.16.60 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.16.60 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 276 fe80::/64 On-link
9 276 fe80::251b:9d78:cf2a:cc6d/128
On-link
1 306 ff00::/8 On-link
9 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

User accounts for \\DT032

-------------------------------------------------------------------------------
Administrator Guest domain
The command completed successfully.




MiniToolBox...


MiniToolBox by Farbar
Ran by support (administrator) on 12-07-2011 at 09:00:28
Windows Vista ™ Business Service Pack 2 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host


::1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================
================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/11/2011 03:54:50 PM) (Source: Folder Redirection) (User: support)support
Description: Failed to apply policy and redirect folder "Links" to "C:\Users\support\Links".
Redirection options=1201.
The following error occurred: "Can not create folder "C:\Users\support\Links"".
Error details: "This security ID may not be assigned as the owner of this object.
".

Error: (07/07/2011 04:01:27 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{FE294BC3-E7A4-4841-B5EE-A4BC94F094AC}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (07/07/2011 03:54:20 PM) (Source: Application Error) (User: )
Description: Faulting application Skype.exe, version 5.3.32.108, time stamp 0x4d95feec, faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd, exception code 0xe0fafafa, fault offset 0x0003fbae,
process id 0x1760, application start time 0xSkype.exe0.

Error: (07/07/2011 03:24:52 PM) (Source: Folder Redirection) (User: support)support
Description: Failed to apply policy and redirect folder "Links" to "C:\Users\support\Links".
Redirection options=1201.
The following error occurred: "Can not create folder "C:\Users\support\Links"".
Error details: "This security ID may not be assigned as the owner of this object.
".

Error: (07/07/2011 11:44:09 AM) (Source: Application Error) (User: )
Description: Faulting application AcroRd32.exe, version 10.0.0.396, time stamp 0x4cc5e97b, faulting module AcroRd32.dll, version 10.0.0.407, time stamp 0x4cdafb9a, exception code 0xc0000005, fault offset 0x0005834a,
process id 0x134c, application start time 0xAcroRd32.exe0.

Error: (07/01/2011 08:56:24 AM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.51.0.1074 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 8b8
Start Time: 01cc3776e250699c
Termination Time: 16

Error: (07/01/2011 08:26:14 AM) (Source: Application Error) (User: )
Description: Faulting application OUTLOOK.EXE, version 12.0.6557.5001, time stamp 0x4db1d555, faulting module ntdll.dll, version 6.0.6002.22505, time stamp 0x4cb74794, exception code 0xc0000005, fault offset 0x0003de6d,
process id 0xf2c, application start time 0xOUTLOOK.EXE0.

Error: (07/01/2011 03:18:56 AM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (06/27/2011 03:52:05 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19088, time stamp 0x4de07b1b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x20296425,
process id 0x1dbc, application start time 0xiexplore.exe0.

Error: (06/21/2011 03:43:13 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog


System errors:
=============
Error: (07/11/2011 04:01:34 PM) (Source: UmrdpService) (User: )
Description: Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (07/11/2011 04:01:33 PM) (Source: UmrdpService) (User: )
Description: Driver KONICA MINOLTA C353 Series PS required for printer KONICA MINOLTA C353 Series PS is unknown. Contact the administrator to install the driver before you log in again.

Error: (07/11/2011 03:56:52 PM) (Source: Microsoft-Windows-Service Pack Installer) (User: support)
Description: 0x800f0a04

Error: (07/11/2011 03:55:02 PM) (Source: UmrdpService) (User: )
Description: Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (07/11/2011 03:55:00 PM) (Source: UmrdpService) (User: )
Description: Driver KONICA MINOLTA C353 Series PS required for printer KONICA MINOLTA C353 Series PS is unknown. Contact the administrator to install the driver before you log in again.

Error: (07/07/2011 04:01:31 PM) (Source: UmrdpService) (User: )
Description: Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (07/07/2011 04:01:28 PM) (Source: UmrdpService) (User: )
Description: Driver KONICA MINOLTA C353 Series PS required for printer KONICA MINOLTA C353 Series PS is unknown. Contact the administrator to install the driver before you log in again.

Error: (07/07/2011 03:25:12 PM) (Source: UmrdpService) (User: )
Description: Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (07/07/2011 03:25:10 PM) (Source: UmrdpService) (User: )
Description: Driver KONICA MINOLTA C353 Series PS required for printer KONICA MINOLTA C353 Series PS is unknown. Contact the administrator to install the driver before you log in again.

Error: (07/01/2011 03:18:57 AM) (Source: Service Control Manager) (User: )
Description: SQL Server VSS Writer1


Microsoft Office Sessions:
=========================
Error: (07/01/2011 08:26:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 99 seconds with 60 seconds of active time. This session ended with a crash.

Error: (03/28/2011 07:53:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 236 seconds with 60 seconds of active time. This session ended with a crash.

Error: (02/10/2011 09:50:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 36 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/22/2010 02:37:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1765 seconds with 900 seconds of active time. This session ended with a crash.

Error: (08/13/2010 10:25:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1750 seconds with 180 seconds of active time. This session ended with a crash.

Error: (07/23/2010 00:15:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/28/2010 10:24:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 259 seconds with 240 seconds of active time. This session ended with a crash.

Error: (10/22/2009 05:31:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/28/2009 06:48:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 55016 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/29/2009 09:49:52 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11576 seconds with 240 seconds of active time. This session ended with a crash.


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 60%
Total physical RAM: 2036.88 MB
Available physical RAM: 812.89 MB
Total Pagefile: 4325.04 MB
Available Pagefile: 2327.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.43 MB

======================= Partitions: =======================================

1 Drive c: (OS) (Fixed) (Total:64.46 GB) (Free:25.38 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.29 GB) NTFS

================= Users: ==================================================
================= End of Users ============================================




Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7082

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

12/07/2011 9:06:52 AM
mbam-log-2011-07-12 (09-06-52).txt

Scan type: Quick scan
Objects scanned: 207304
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)









GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-12 09:39:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST380815AS rev.3.ADA
Running: 6lpz5srv.exe; Driver: C:\Users\support\AppData\Local\Temp\fxlyqpob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1896] kernel32.dll!SetUnhandledExceptionFilter 774BA84F 4 Bytes [C2, 04, 00, 00]
.text C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE[8136] kernel32.dll!SetUnhandledExceptionFilter 774BA84F 5 Bytes JMP 62EB5B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE[8136] ole32.dll!OleLoadFromStream 779D1E80 5 Bytes JMP 631D0DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\domain.local\it$\Client_Apps\MyDefrag\MyDefrag.exe (*** hidden *** ) @ \\domain.local\it$\Client_Apps\MyDefrag\MyDefrag.exe [7464] 0x00D90000

---- EOF - GMER 1.0.15 ----

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:09 PM

Posted 11 July 2011 - 08:16 PM

I still need Security Check log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 urnme

urnme
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 11 July 2011 - 08:29 PM

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET NOD32 Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ SE Runtime Environment 6
Adobe Flash Player
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
``````````End of Log````````````

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:09 PM

Posted 11 July 2011 - 08:32 PM

I want you to install Firefox: http://www.mozilla.com/en-US/firefox/new/ and see if same redirection happens.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 urnme

urnme
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 11 July 2011 - 11:33 PM

I had a bit of a play around with firefox, and it doesn't seem to be redirecting. Although the redirection was only occasional, so hard to say for sure.

Anything else I can do to salvage IE?

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:09 PM

Posted 12 July 2011 - 06:46 PM

Possibly some IE add-on.

In IE, go Tools>Internet options>Advanced tab and click on "Reset" button.
Use it for a while and see how it goes.

Also....

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

============================================================

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 urnme

urnme
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 21 July 2011 - 09:33 PM

I've run ESET online scanner a few times now, it reports no threats found.

Resetting IE Addons, and clearing Temp Files seemed to fix the problem for a while.

The user has just reported that the issue has come back...

I'm going to apply Software Restrictions to disallow any executable outside windows and program files dirs, across the domain to stop this happening in the future.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:09 PM

Posted 21 July 2011 - 09:44 PM

Well, we can't be sure what "the user" is doing in a meantime.
In any case, keep me posted.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users