Odd website

[niemiro]

Google re-directs! We have a guide for that!

Please run through the entirety of this guide: How to fix Google Redirects

and post your logs here.

Thanks!

Richard

 

[Lorien]

Hi Lottiemansion,

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 http://jpshortstuff.247fixes.com/GooredFix.exe


Download Mirror #2 http://downloads.securitycadets.com/GooredFix.exe

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista and Windows7).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Kantori,

Jacee means for you to do this - not Lottiemansion (though maybe him as well since he visited the sites).

She's our expert. If there's a malware/virus or similar problem, she'll help you find and get rid of it.

Good luck!

 

[Lottiemansion]

Hi all,

Sorry if I have confused any of you but I am not using firefox (I'm on ie8). This may explain why I am safe but I would'nt have thought so.

The re-direct is when I input the Lovemain address & then hit enter. So "From google" out & back "To google" my home page. The re-direct takes place in the middle, I had to be quick to get the picture!

Does that make things any clearer?

As recommended I've done it anyway, thank you.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 17:43 on 30/10/2010 (Sue&Paul)
Firefox version [Unable to determine]
========== GooredScan ==========

========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
(none)
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:17 02/09/2010]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\" [20:06 02/09/2010]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\" [20:06 02/09/2010]
-=E.O.F=-

 

[kantori]

ok i did the GooredFix thing, i'll attach HiJack for Lorien.

odd I don't see Nod32 in the GooredFix txt like Lottiemasion does with Norton, is that bad?

I've also read if u see conime.exe running that's bad but only when 2 other .exe are also present but on the deman-scan shows another temp file running along with conime.exe in C:\WINDOWS\Temp\fwtsqmfile00.sqm;C:\WINDOWS\Temp\fwtsqmfile01.sqm is safe? it keeps returning after it's been deleted with CCleaner.

@niemiro it's not a redirect in google at all nor does it do it at anytime, it only does a redirect when I click Doki in my Bookmark toolbar which takes me to: http://doki.hologfx.com/ only then it redirects me to that IP which it shouldn't do at all as that website (Doki) is harmless.

Im not sure if I should follow the guide till Jacee, Lottiemansion, or any other techs recommends it too.

 

[Lottiemansion]

Hi,

Could you please upload a picture of the properties for that link in your favourites as per the included sample.

 

[Jacee]

kantori, is this the site you're trying to get to?

 

[Lottiemansion]

Hi Jacee,

That is the site I get to when I use the link provided. Doki Fansubs

I do question how or where Kantori ended up with a "link" such as mensioned: -

http://67.210.14.254/after.php?type=doki.hologfx.com

This is where I think the problem lies. What are your thoughts?

From the information I have obtained earlier on the IP address,
(http://www.ip-adress.com/ip_tracer/67.210.14.254) expanded down the "Whois" question.

I only get the re-direct if I input the address of http://Lovemain.com which gives the redirect as I have previously posted.

 

[kantori]

@Jacee
yes that's the website, on IE it loads but it seems to want to do something there but the options i set in IE prevent it and the banner on top won't load it but the site loads, can it be on the banner?, anyways I don't think I did the right properties on firefox - I went to the folder in my bookmark scrolled down to the website name and just right-clicked on it to properties, doesn't look like Lottiemansion's pic.

edit: figured out what Lottiemansion did.

 

[Lottiemansion]

Hi,

This is the new & freshly created shortcut to Doki Fansub on my PC: -


There is no trickary or "owt else" involved!

 

[kantori]

I'm sorry I don't know what u mean - I didn't know if u meant to go to properties within the bookmark or to create a shortcut and go to properties there. Did both though, should I do niemiro suggestion at the top post above? I wanna start working on a solution to this issue, but I get a feeling I'm not being believed this is occuring to me I could see if i can get a video of it if i can get faps.com video thing to work.

edit: thought it as faps.com, some video thing that records on the pc.

 

[Lottiemansion]

Hi,

Sorry for this but which of the two posted book marks are the problem. From your posts I'm not sure? Please just post the problem one. As one looks as though one comes from ie & the other from Firefox.

Help us to help you & keep it clear.

 

[kantori]

The problem is in ALL browsers, I mainly use firefox but I use the other browsers to see IF i see the same problem and I am only reporting what occurs when something is happening on a different browser like IE, I won't report on the other browsers but i figured I might as well before Im asked to do it.

 

[Lottiemansion]

Ok,

You say this is from both links in all browsers?

Then there must be something odd going on. Malware comes to mind.

Unfortunately from your posts earier, I do not see a problem in the information you have provided (Although I'm not the best at this).

What have you installed recently? or is this a long term issue?

 

[kantori]

the same link in all browsers redirect to that ip to some random ad site, I have yet to get love something ur getting, it taking me to a poker site, wild-life.com, and some other one i can't recall but I blocked them all with noscript.

it just happened recently, um.. i think the last thing i installed besides different anti-virus stuff/spybot was flash beta, shockwave, ccleaner update trying to think what else oh some plugins for dbpoweramp, foobar2000, and Medieval CUE splitter i got them all from filehippo except dbpoweramps plugins/cue splitter i got it from the official sites.

come to think of it i also had other programs i installed but later took out that were to convert music files .tta files to flac but didn't seem to work effectively so i uninstalled it.

Another thing is I cant do a system restore cuz volume shadow copy was turned off i think by either microsoft or pirforms defraggler when i was defragmenting the pc and i was low on HD space (Im assuming here) but i turned it on and saved new system restore but it's for the 30th...


edit: maybe i should just reinstall again.

 

[Lottiemansion]

i think the last thing i installed besides different anti-virus stuff/spybot was flash beta, shockwave, ccleaner update trying to think what else oh some plugins for dbpoweramp, foobar2000, and Medieval CUE splitter i got them all from filehippo except dbpoweramps plugins/cue splitter i got it from the official sites.

come to think of it i also had other programs i installed but later took out that were to convert music files .tta files to flac but didn't seem to work effectively so i uninstalled it.

Another thing is I cant do a system restore cuz volume shadow copy was turned off i think by either microsoft or pirforms defraggler when i was defragmenting the pc and i was low on HD space (Im assuming here) but i turned it on and saved new system restore but it's for the 30th...

Did the issues start from the installation of any of the other files etc or just the .ttl to flac, not that that realy matters. It just gives us something to focus on.

I'm looking for a thread to focus on which will give direction to the investigation!

 

[kantori]

I do not know if that can be related because I took a few days off on my pc last week and only started recently from a day or 2 from my first post.

bleh

i don't wanna waste anymore of ur guys time especially Lottiemansion on trying to find a solution to this annoying problem, it's a big deal to me not to be able to go onto that website but ur guys time is more important in helping others instead of this issue so I think I will just reinstall once again if that's cool with all parties.


edit: niemiro suggestion in post: http://www.vistax64.com/browsers-mail/284544-odd-website-3.html#post1296230

tdskiller found nothing at all

edit2: i installed comodo's firewall about 3/4hrs ago and the website been loading normal ever since, does that help with the investigation for the problem?

 

[Lottiemansion]

Hi,

Well that is good!

Did the software inform you of any issues during or after the installation completed?

 

[kantori]

no it didn't inform me on anything which was odd - the only thing I noticed was that it had blocked port 137 couple of times and that's the only one that's been being blocked, I'm not sure what that means?

 

[niemiro]

BTW, does this occur on other computers in your house? It is possible that this is your router doing this. Routers can get infected, and have redirect settings. I shall send you more information shortly.

Richard