Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome Version 40.0.2214.91 m redirect


  • Please log in to reply
2 replies to this topic

#1 n8yp

n8yp

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 27 January 2015 - 06:14 AM

Hello,

 

I have an issue with Chrome (Primary) and Internet Explorer (Used only to test) opening a specific and trusted site, www.towerhobbies.com  

I have been here before without issue, but now, every time I try to go there, I get a redirect.  It will open one to three pages in the same browser, then land either first on Google, or now Century21.com.

 

On my own, I have tried these steps so far:

 

Updated and ran AVG Free 2014 Version 2014.0.4592 DB Version 4257/9005 (1/25/2015 2:58pm)

Updated and ran MalwareBytes Anti-malware Free 2.0.4.1028 DB Version 2015.1.25.09

Downloaded and ran Kaspersky TDSSKiller.exe on 1/25/2015

 

All three tests did not stop the redirects.

 

Also on computer is Heimdal Free, 1.10.3.686

 

My computer details:

 

Asus Desktop PC CM6870

Windows 7 Home Premium 64 bit Service Pack 1

Intel Core i7-3770 CPU @ 3.40GHz

16 GB Ram

Chrome Version 40.0.2214.91

Internet Explorer 11, Version 11.0.9600.17501 Update Version 11.0.15 (KB3008923)

 

Any help would be greatly appreciated.  Thank you for your time.

Jeremy

 

 

 



BC AdBot (Login to Remove)

 


#2 Gmer99

Gmer99

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe
  • Local time:04:14 AM

Posted 27 January 2015 - 07:31 AM

Hello n8yp .... please update your chrome version to 40.0.2214.93 m  and download AdwCleaner and post a log on forum , makes sure you Hosts files are not infected/hijacked , you can run a scan with DrWeb Cureit tool >>http://www.freedrweb.com/cureit/?lng=en   follow the steps you see on that page and run a scan with it ...  :thumbup2:



#3 n8yp

n8yp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 28 January 2015 - 05:33 AM

Hi Gmer99,

 

I updated Chrome, ran AdwCleaner, then the DrWeb Cureit as well.  The redirect is still happening.  Here is the AdwCleaner log:

 

# AdwCleaner v4.109 - Report created 27/01/2015 at 17:36:08
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jeremy - DESKTOP
# Running from : C:\Users\Jeremy\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater18.1.10
[#] Service Deleted : Speedly_FastIP
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speedly
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\WSE_Vosteran
Folder Deleted : C:\Program Files (x86)\speedly
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Jeremy\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Jeremy\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Jeremy\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Jeremy\AppData\Roaming\WSE_Vosteran
File Deleted : C:\windows\SysWOW64\Speedly_FastIP.exe
File Deleted : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{25F0AB92-FB8E-4DF9-B2B9-5C5A00D2D9E9}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\WSE_Vosteran
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F42A1869-5C2D-4DBB-909C-F78DF900E348}_is1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\app.mam.conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit-apps.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fastcontent.conduit.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v40.0.2214.93
 
 
*************************
 
AdwCleaner[R0].txt - [11674 octets] - [18/10/2014 20:04:07]
AdwCleaner[R1].txt - [6149 octets] - [27/01/2015 17:34:13]
AdwCleaner[S0].txt - [10554 octets] - [19/10/2014 08:08:26]
AdwCleaner[S1].txt - [5918 octets] - [27/01/2015 17:36:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5978 octets] ##########





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users