[jtfire55]

Whenever i click on a hyperlink, i get redirected to a ad site. Im gonna shoot myself it happens again. I download many programs but many haven gotten rid of it!

please help

 

[H-man]

Those are infolinks

 

[Kriztoffer]

Reinstall your OS. Then your computer will be free from trouble.

If this is some kind of virus.

 

[Beric]

You have some sort of adware, spyware, or a virus. Or some sort of plugin installed.

What browser do you have?

Get some good anti-malware software.

 

[jarble]

hijack this (program) then find the bbo that is redirecting you

 

[Raiden911]

Quote:

Originally Posted by jtfire55 Whenever i click on a hyperlink, i get redirected to a ad site. Im gonna shoot myself it happens again. I download many programs but many haven gotten rid of it! please help

I got $50 that he is going to do it.

---------
run malwarebytes and see what's up.

--> http://www.malwarebytes.org/

Are you running any AV and antispyware apps?

 

[Rothen]

combofix? hell, I don't know whats wrong. Elaborate more and maybe we can help you.

But it definitely looks like you have a virus.

 

[Slider46]

Your browser has probably been hijacked and from my experience, they are difficult to remove. You may just want to cut to the chase and re-install the OS.

 

[jtfire55]

i did malware bytes but it didnt fix the problem

 

[jarble]

Quote:

Originally Posted by Raiden911 I got $50 that he is going to do it. --------- run malwarebytes and see what's up. --> http://www.malwarebytes.org/

while malwarebytes is a great program it in not infallible

 

[TwoCables]

Quote:

Originally Posted by jtfire55 i did malware bytes but it didnt fix the problem

Which links redirect you to an ad?

 

[jtfire55]

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 7:28:29 PM, on 12/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\system32\
undll32.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\COMODO\\COMODO Internet Security\\cfp.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\CCleaner\\CCleaner.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\WINDOWS\\system32\\msiexec.exe
C:\\Program Files\\h\\TrendMicro\\HiJackThis\\HiJackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.d ll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\PROGRA~1\\MICROS~1\\Office12\\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dl l
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugi n.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dl l
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dl l
O4 - HKLM\\..\\Run: [COMODO Internet Security] "C:\\Program Files\\COMODO\\COMODO Internet Security\\cfp.exe" -h
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKUS\\S-1-5-19\\..\\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\\S-1-5-18\\..\\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\\.DEFAULT\\..\\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dl l/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dl l/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dl l/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEFavClient.dl l/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~1\\Office12\\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~1\\Office12\\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~1\\Office12\\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~1\\Office12\\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{8E7B467C-06CA-4268-BEB8-57FA6E41AEEC}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\PROGRA~1\\MICROS~1\\Office12\\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\\WINDOWS\\system32\\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\\WINDOWS\\system32\\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\\WINDOWS\\system32\\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe

--
End of file - 5283 bytes

 

[Rebel4055]

Get super antispyware I believe you got a DNS changer virus. I knew a few people how had those and it was redirecting to even more horrible sites.

 

[jtfire55]

Quote:

Originally Posted by TwoCables Which links redirect you to an ad?

anything from a search engine

 

[Beric]

Quote:

Originally Posted by TwoCables Which links redirect you to an ad?

Also, is this one particular ad site?

 

[Raiden911]

Quote:

Originally Posted by jarble while malwarebytes is a great program it in not infallible

There is also combofix, but that's not for everyone.

 

[TwoCables]

Quote:

Originally Posted by jtfire55 anything from a search engine

So is it correct to say that any search engine's search results re-direct you to an ad?

 

[jtfire55]

Quote:

Originally Posted by TwoCables So is it correct to say that any search engine's search results re-direct you to an ad?

yeah i tried google and bing

 

[jarble]

most of that looks clean (I am not a fan of run once stuff) you may have a virus on your hands and not a simple redirect

 

[jtfire55]

i dont think it is a dns changer cause i changed my dns recently to commodos