I'm using Google Chrome. Occasionally webpages are hijacked and redirected to a variety of webpages including:
https: //dnshost.me/in/0174615323563/?ads=wy0z4b6cj8
I've tried:
Posted 18 October 2016 - 12:26 AM
I'm using Google Chrome. Occasionally webpages are hijacked and redirected to a variety of webpages including:
https: //dnshost.me/in/0174615323563/?ads=wy0z4b6cj8
I've tried:
Posted 20 October 2016 - 01:25 PM
start CreateRestorePoint: EmptyTemp: CloseProcesses: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-3549948302-4097066653-1816923473-1000\...\Run: [AdobeBridge] => [X] Toolbar: HKU\S-1-5-21-3549948302-4097066653-1816923473-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File FF user.js: detected! => C:\Users\Phillippi\AppData\Roaming\Mozilla\Firefox\Profiles\8dxxfx9m.default\user.js [2015-08-18] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] CHR Extension: (Avast Online Security) - C:\Users\Phillippi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\Phillippi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-10] CHR Extension: (Chrome Media Router) - C:\Users\Phillippi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-10] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 vpnva; system32\DRIVERS\vpnva64.sys [X] S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X] S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X] C:\Users\Phillippi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda C:\Users\Phillippi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm AlternateDataStreams: C:\ProgramData\Temp:C9633DEB [207] AlternateDataStreams: C:\ProgramData\Temp:FFE0B1EF [130] EndSave the file as fixlist.txt in the same folder where the Farbar tool is running from.
Posted 26 October 2016 - 09:42 AM
Posted 27 October 2016 - 12:10 PM
I'm still getting the same behavior which is redirecting to dnshost.me/in/0174615323563/?ads=wy0z4b6cj8
Fixlog attached.
Posted 27 October 2016 - 01:31 PM
createsrpoint; autoclean; emptyclsid; emptyffcache; FFdefaults; emptyiecache; iedefaults; emptychrcache; CHRdefaults; emptyalltemp; emptyfolderscheck;delete ipconfig /flushdns;bNow...
Posted 27 October 2016 - 03:26 PM
Zoek results attached. It's still doing it. Thanks for your help.
Posted 28 October 2016 - 09:43 AM
start CloseProcesses: Hosts: EndSave the file as fixlist.txt in the same folder where the Farbar tool is running from.
Posted 28 October 2016 - 01:05 PM
Start CreateRestorePoint: EmptyTemp: CloseProcesses: cmd: ipconfig /flushdns cmd: IPCONFIG /release cmd: IPCONFIG /renew CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset CMD: bitsadmin /reset /allusers EndSave the file as fixlist.txt in the same folder where the Farbar tool is running from.
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Posted 30 October 2016 - 10:32 PM
As I stated in my initial post, I added dnshost.me to the HOSTS file to prevent it from re-redirecting to the array of websites. It needs to be there until the problem is resolved.
The problem still persists. Search.txt attached.
Posted 31 October 2016 - 08:38 AM
start CreateRestorePoint: EmptyTemp: CloseProcesses: cmd: ipconfig /flushdns cmd: IPCONFIG /release cmd: IPCONFIG /renew CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset CMD: bitsadmin /reset /allusers EndSave the file as fixlist.txt in the same folder where the Farbar tool is running from.
Posted 31 October 2016 - 12:51 PM
That is the same response as last time. The problem only exists on one computer in my house so it isn't the router.
The problem still persists.
Posted 01 November 2016 - 08:49 AM
Posted 03 November 2016 - 03:22 PM
Still doing it. Files attached.
Edited by 93ToyTruck, 03 November 2016 - 03:23 PM.
Posted 04 November 2016 - 08:17 AM
0 members, 0 guests, 0 anonymous users