We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
What is the problem?
Trow
Posts: 2,298 Forumite
in Techie Stuff
When I go to certain websites, including my webmail and google, then I get a different website coming up, of a graphic nature shall we say.
I have tried the following:
Avast
AVG
Spybot D&D
Adaware
but nothing has managed to clear it.
I am using windows ME
I have tried the following:
Avast
AVG
Spybot D&D
Adaware
but nothing has managed to clear it.
I am using windows ME
0
Comments
-
Sounds as if you might be using Internet Explorer. DON'T!
Download Firefox, Opera or ANYTHING and use that instead.
Also, it sounds as if you should get your PC professionally checked thoroughly for viruses, spyware, etc.
(If you used a Mac like I do, you wouldn't get these problems). :cool:0 -
Moneymaker wrote:Download Firefox, Opera or ANYTHING and use that instead.
That won't help if the hosts file is compromised.
Have a look here and see if it helps.0 -
The problem is the same with IE and firefox (which we use as standard)
I will check the hosts file when I get home - thanks for the replies.0 -
If nothing is found in the Hosts file, then try running HijackThis:
http://www.majorgeeks.com/download3155.html
Post the log on here if you need any help with it.0 -
I have a pop up blocker which I downloaded from the Internet and am not bothered by them now. It is Ad-aware 6 but I think the one that really works is included in my latest AOL programme.0
-
Hosts file is fine.
Its not a pop-up jakes gran - its a page that appears instead of the page I want to view.
This is my logfile from Hijack this - sorry, its a bit long:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quidco.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: InstantChess - !!40D61F04-59E4-4C8D-BF6E-697AB9C21F43} - C:\WINDOWS.000\DOWNLOADED PROGRAM FILES\CHESSBAR.DLL
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - !!8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS.000\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [EPSON Stylus C44 Seri (Copy 2)] C:\WINDOWS.000\SYSTEM\E_S09IC1.EXE /P30 "EPSON Stylus C44 Seri (Copy 2)" /O5 "LPT1:" /M "Stylus C44"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS.000\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [csunt.exe] csunt.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [dmhez.exe] C:\WINDOWS.000\SYSTEM\dmhez.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS.000\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS.000\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [Handy Backup 4.1] C:\PROGRAM FILES\NOVOSOFT\HANDY BACKUP\hbagent.exe -logon
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [shell] "C:\WINDOWS.000\SYSTEM\ibm00001.exe"
O4 - HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free Zip Wizard\ThirtyDayTimer.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJFOX000
O9 - Extra button: Create Mobile Favorite - !!2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - !!2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - !!2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: !!26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: !!40D61F04-59E4-4C8D-BF6E-697AB9C21F43} (InstantChess) - http://www.instantchess.com/applet/chessbar.cab
O16 - DPF: !!15AF6247-8420-4A42-B78E-6BACB05985B0} (Msoftdld Control) - http://www.moneysoft.co.uk/download/msoftdld.ocx
O16 - DPF: !!4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: !!75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: !!4D561B31-49A0-4E2C-8AFF-353468EC669B} (GreasyPalmInstallHelper Class) - http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: !!3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/wtgeneric/tradewinds/install.cab
O16 - DPF: !!288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v6.cab
O16 - DPF: !!2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) - http://www.shockwave.com/content/dinerdash/sis/DDSonic.1.0.0.92.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: !!87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/sis/axhost.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.20.19/ttinst.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.bigfishgames.com/online/dinerdash/DinerDash.1.0.0.58.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: !!1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.113.90,85.255.112.50 -
are you using two antiviruses? - if yes, don't
have noticed a few suspect processes;
dmhez.exe, hidsev.exe,csunt.exe, just noticed the ibm00001.exe - google brings it up as a trojan. using taskmanager -> processes tab, end all processes i mentioned, and try google/webmail again.
hth
L400rasThis is not an automated signature. I write this at the bottom of every message0 -
I would tick these items in HijackThis and let it fix them:
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS.000\SYSTEM\QTTASK.EXE" -atboottime
O8 - Extra context menu item: &Search -http://edits.mywebsearch.com/toolbar...tml?p=ZJFOX000
(See http://www.pchell.com/support/mywebsearch.shtml)
O16 - DPF: !!4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
(See http://research.sunbelt-software.com/threatdisplay.aspx?name=OTXMedia&threatid=39309)
O16 - DPF: !!1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.113.90,85.255.112.5
See if that solves your problem.0 -
I had this, and ran several anti virus / trojan / spyware programs to no avail. Even the trusty Sytem Restore didn't work.
I searched (not googled as that was affected), and found a site with the answer.
Apparently the problem is not on your computer, but is a hijack of the DNS that you are using. No, I don't understand it either.
Here (pasted from the source) is what worked for me.
on the computer itself, go to:
control panel
network connections
right click on local area network connections
goto properties
dble click TCP/IP
is the radio button click for Obtain DNS automatically?
if yes, I don't know
if a DNS number is specified, then get another number from your LAN administrator or ISP or change it to automatic....?
I changed mine to automatic and everything's been OK since......0 -
I am having exactly the same problem as the OP.
It occurs on both Firefox and IE, and affects google, hotmail, autotrader and any other number of sites. The browser keeps redirecting to https://www.jpuk.com, and other !!!!!!/junk sites.
I have tried blocking the cookie from jpuk, but it keeps installing in Firefox. I have run a HJ log and removed some stuff. My HOSTS file is fine, and I have run Spybot, AVG antivirus and antispyware both in normal and safe mode.
Any other tips? I have also tried switching my DNS to automatic, but that hasn't worked either. Would posting the HJ log help?
Thanks for any suggestions, (my parents are coming to visit and I'm not too keen on my dad using the computer and coming up with the "hot moms" site. Eeek!
divorcingjackSelf-building fund :eek:: £4259
Savings target: 1 rainy year 10000/10000 :j
WINS 2011: Briggs & Reilly Suitcase, Nail Polish, Book, AEGON international tennis tickets x2, 4* trip to London including Michelin Star dinner :j0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards