Over 1 million tech questions and answers.

Firefox opens/redirects to a random ad website randomly, as well as infections with various trojans

Q: Firefox opens/redirects to a random ad website randomly, as well as infections with various trojans

I've recently had many trojans get downloaded onto my computer when AVG crashed while detecting several threats. I remember my pc being locked out where I could not open any programs or task manager unless I download the fake anti-malware program. I had several types but I could only remember anti-malware doctor being present. I removed most of the stuff with malwarebytes, spybot and SUPERantispyware in safe mode but it doesn't seem to get rid of my firefox browser directing me to a random site periodically. I scan multiple times a day and each time I find a trojan which I thought I had already removed. Also GMER.exe seems to freeze whenever I try to scan and my CPU goes to 100% whenever the program is opened.Any help would be much appreciated,- JennyDDS (Ver_10-03-17.01) - NTFSx86 Run by User at 1:56:35.90 on Tue 09/14/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1202 [GMT 10:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\system32\A0380mon.exeC:\WINDOWS\system32\S3trayp.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\VTTimer .exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exeC:\Program Files\Common Files\Real\Update_OB\realsched .exeC:\Program Files\Java\jre6\bin\jusched .exeC:\PROGRA~1\AVG\AVG9\avgtray .exeC:\Program Files\gigabyte\RCApp\U7000RCApp .exeC:\Program Files\CyberLink\PowerCinema\PCMService .exeC:\Program Files\HP\HP Software Update\HPWuSchd2 .exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor .exeC:\Program Files\Windows Live\Messenger\MsnMsgr .exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exeC:\Program Files\Skype\Phone\Skype .exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exeC:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM .exeC:\Program Files\Mozilla Firefox\firefox.exeC:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM .exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exeC:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM .exeC:\Documents and Settings\User\Desktop\dds.scr============== Pseudo HJT Report ===============uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyServer = http=127.0.0.1:6092uInternet Settings,ProxyOverride = <local>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [EPSON Stylus COLOR 480] c:\windows\system32\spool\drivers\w32x86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 480" /O5 "LPT1:" /M "Stylus COLOR 480"uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr .exe" /backgrounduRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologonuRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silentuRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimizeduRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exemRun: [VTTimer] VTTimer.exemRun: [S3Trayp] S3trayp.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [SkyTel] SkyTel.EXEmRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1mRun: [DHTray] c:\windows\system32\DHTray.exemRun: [A0380mon] c:\windows\system32\A0380mon.exemRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM .exe" -schedulermRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottimemRun: [SMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [WinSys2] c:\windows\system32\winsys2.exemRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"mRun: [RCApp] c:\program files\gigabyte\rcapp\U7000RCApp.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exemRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitdRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgroundStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: Send picture by MMS - c:\program files\tencent\qq\SendMMS.htmIE: Send Picture with QQ MMS - c:\program files\tencent\qq\SendMMS.htmIE: Upload to QQ Network Hard Disk - c:\program files\tencent\qq\AddToNetDisk.htmIE: ????QQ??? - c:\program files\tencent\qq\AddEmotion.htmIE: {c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\tencent\qq\QQ.EXEIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllIE: {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - {39732CE5-0EE6-401A-A0B2-27F46B755C5B}Trusted Zone: com\www.msiTrusted Zone: com.tw\asia.msiTrusted Zone: com.tw\global.msiDPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cabDPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cabDPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cabDPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cabDPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cabDPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: avgrsstarter - avgrsstx.dllNotify: ljJYPjIY - ljJYPjIY.dllAppInit_DLLs: bbglpn.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLLSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\n28mbuoc.default\FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/FF - prefs.js: network.proxy.type - 0FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dllFF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dllFF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dllFF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dllFF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dllFF - plugin: c:\program files\sony\media go\npmediago.dllFF - plugin: c:\program files\veetle\player\npvlc.dllFF - plugin: c:\program files\veetle\plugins\npVeetle.dllFF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dllFF - plugin: c:\program files\worldwinner.com, inc\worldwinner games\npwwload.dllFF - HiddenExtension: XULRunner: {E472855E-6278-4465-B425-B41868EC2CC8} - c:\documents and settings\user\local settings\application data\{E472855E-6278-4465-B425-B41868EC2CC8}FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-14 216400]R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-14 29584]R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-14 243024]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-11-24 90112]R3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2007-7-11 13824]R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-11-24 27632]S0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-5-17 11264]S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]S3 A0380VID;USB2.0 PC Camera;c:\windows\system32\drivers\A0380Vid.sys [2007-10-27 3941376]S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\locals~1\temp\xta1b9.tmp --> c:\docume~1\user\locals~1\temp\XTA1B9.tmp [?]S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-11-24 13224]S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-1-23 13952]S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [2009-11-24 90280]S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [2009-11-24 15016]S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [2009-11-24 122280]S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [2009-11-24 115880]S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [2009-11-24 26024]S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [2009-11-24 111912]S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [2009-11-24 116904]S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-5-17 654848]S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\rt2500usb.sys [2008-9-6 139904]============== File Associations ===============chm.file="hh.exe" %1txtfile=c:\windows\notepad.exe %1=============== Created Last 30 ================2010-09-13 15:43:51 20 ----a-w- c:\documents and settings\user\defogger_reenable2010-09-13 15:26:22 0 d-----w- c:\windows\system32\NtmsData2010-09-13 14:54:58 71170 ----a-w- c:\docume~1\alluse~1\applic~1\y4MF2s5G.exe2010-09-13 14:54:50 112 ----a-w- c:\docume~1\alluse~1\applic~1\jIp3738.dat2010-09-11 05:20:32 0 d-----w- c:\docume~1\user\applic~1\SUPERAntiSpyware.com2010-09-11 05:20:32 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com2010-09-11 05:20:23 0 d-----w- c:\program files\SUPERAntiSpyware2010-09-08 12:00:44 235352 ----a-w- c:\windows\system32\xactengine3_4.dll2010-09-08 10:53:09 0 dc-h--w- c:\windows\ie82010-09-07 17:21:04 0 d-----w- c:\windows\system32\wbem\Repository2010-09-07 16:00:26 1284 ----a-w- c:\windows\lsrslt.ini2010-09-07 15:47:10 120 ----a-w- c:\windows\Wlubimelu.dat2010-09-07 15:47:10 0 ----a-w- c:\windows\Rvejefuweja.bin2010-09-03 10:13:00 0 d-----w- c:\docume~1\alluse~1\applic~1\WorldWinner2010-09-03 10:12:53 0 d-----w- c:\program files\WorldWinner.com, Inc2010-09-03 10:12:53 0 d-----w- c:\docume~1\user\applic~1\Worldwinner2010-09-01 14:29:29 722 ----a-w- C:\ZB20100902002927001.xml2010-09-01 12:35:00 117760 ----a-w- c:\windows\system32\hpzll64X.dll2010-08-20 04:55:19 0 d-----w- c:\docume~1\user\applic~1\Foxit Software2010-08-20 04:55:18 0 d-----w- c:\docume~1\user\applic~1\Foxit2010-08-20 04:54:56 0 d-----w- c:\program files\Ask.com2010-08-20 04:54:49 0 d-----w- c:\program files\Foxit Software2010-08-20 04:47:02 0 d-----w- c:\program files\GPLGS2010-08-20 04:46:30 87552 ----a-w- c:\windows\system32\cpwmon2k.dll2010-08-20 04:46:22 0 d-----w- c:\program files\Acro Software==================== Find3M ====================2010-09-13 14:51:48 35332 ----a-w- c:\windows\system32\VTTimer.exe2010-09-13 14:51:48 35332 ----a-w- c:\windows\system32\S3trayp.exe2010-07-17 02:07:11 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys2010-07-17 02:07:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll2010-07-17 02:07:05 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll============= FINISH: 1:58:30.71 ===============

RELEVANCY SCORE 200
Preferred Solution: Firefox opens/redirects to a random ad website randomly, as well as infections with various trojans

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Firefox opens/redirects to a random ad website randomly, as well as infections with various trojans

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the Quick Scan button.Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease download Rootkit Unhooker and save it to your DesktopDouble-click on RKUnhookerLE to run itClick the Report tab, then click ScanCheck Drivers, Stealth and uncheck the restClick OKWait until it's finished and then go to File > Save ReportSave the report to your DesktopCopy the entire contents of the report and paste it in a reply here.Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)RKU logThanks and again sorry for the delay.

Read other 13 answers
RELEVANCY SCORE 87.2

Firefox randomly goes to jokeroo.com or on another instance yellowpages

here's the DDS log


DDS (Ver_09-01-07.01) - NTFSx86
Run by Arthur at 0:32:05.21 on 21/01/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.2046.985 [GMT -8:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windo... Read more

A:Firefox hijacked and randomly redirects to another website

no one ??

Read other 1 answers
RELEVANCY SCORE 85.6

Hi,

I recently had a virus/rootkit or some type of malware installed on my computer. Basically because I accidentally clicked yes to one of those "you're computer is infected" links. I ran Malwarebytes and AD-Aware before hand and I thought I got rid of everything, unfortunately I did not as Firefox still opens random tabs.

I read the first steps, my logs are attached below. Unfortunately I do not have a Windows Install CD, I think it's forever lost somewhere.

I read the previous posts similar to mine but was not able to figure out what exactly to do. Any help would be greatly appreciated!




DDS (Ver_10-03-17.01) - NTFSx86
Run by Gov at 18:12:00.67 on Thu 05/13/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.1727 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe ... Read more

A:Firefox opens random tabs / redirects sites

Hi ettes and welcome to TSF.

If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

** Note: Please stick with me until I declare that your system is free from malware. Even though your system may not have any symptoms of malware, it may still be infected. **

--------------------------------------------------------------
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can find instructions HERE.

Reply back with the following: C:\ComboFix.txt

Read other 19 answers
RELEVANCY SCORE 83.6

http://www.bleepingcomputer.com/forums/topic459101.html
as an add-on, firefox in general runs sluggishly

I skipped step 8 in the preparation guide: http://www.bleepingcomputer.com/forums/topic34773.html since I have a 64 bit computer

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Rajiv Desikan at 23:53:58 on 2012-07-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8106.5432 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program... Read more

A:Firefox google redirects to webhp after a search/opens up random links

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 16 answers
RELEVANCY SCORE 83.6

Firstly, I think I probably got this from some shady porno sites while in private browsing, fwiw

basically, whenever I google stuff using firefox on my laptop (64 bit windows 7, dell xp), oftentimes, when I click on the links, it opens up some random spam website. It takes numerous clicks to actually get the actual link to open. Also, when this doesn't happen, clicking on any google searches redirects the browser to google.com/webhp. I have to exit this tab and open a new tab for google to work after this. Finally, firefox now uses up to 25% of my cpu performance when I check my task manager. So far, these problems only exist on firefox, and IE is fine, but I'd still like to get rid of this possible malware. Thanks!

A:Firefox google redirects to webhp after a search/opens up random links

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

Read other 6 answers
RELEVANCY SCORE 82.8

Hi,A couple days ago I got a virus or something that would pop up a fake Windows AntiSpyware (don't remember exact name) program. I was finally able to get rid of it using AVG and MalwareByte's Anti-Malware.Now Firefox will open up random tabs on it's on (don't have to click on anything) and when I click on links sometimes it will redirect me for like 5 clicks of the link and then after that allow me to go to the site and then it will repeat this action maybe 10 minutes later.It also will not let me go to the microsoft update site (in IE and Firefox), and when I search w i n d o w s u p d a t e . m i c r o s o f t (without the spaces) in google or any text field that I submit (tried it in a forum) (in IE or Firefox) it will just bring up a page that says connection was reset or page failed to load. I have also tried it in safe mode and I get the same symptoms.I have tried running MalwareByte's Anti-Malware, Spybot S&D, AVG, and HJT. At one time MalwareBtyes said something about a tcipip.sys thing but I don't remember too much about what was wrong.I followed the prep guide but I cannot get a full gmer scan to run. It either just restarts my computer, freezes, shuts down the program, or locks down my computer (have to do a hard reset).Thanks for any and all helpEDIT: One of the pop-up tabs lingered on a site for a second before going to an ad site, the url of this site was..hxxp://apachejct.com/key/?qs=9434cd09aed34cc216c628c7eac958b4aa78b00b6706ac1a... Read more

A:Firefox opens random tabs and redirects, blocks microsoft update - rootkit?

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 8 answers
RELEVANCY SCORE 82

Ok so i've noticed that firefox randomly will open ad pages in new tabs and redirect my google searches.

I have run complete scans with superantisypware, avira, spybot, malwarebytes, iobit security 360 and inbuilt windows malware scanner. Some of which came up with detections which i got rid yet the problem remains. I tried to restore my comp but it failed, obviously one of the malwares clever tricks.

Here is my DDS log. The attach.txt file is attached but i could not get the GMER rootkit scanner to work. It would complete the scan but as soon as i tried to save it it would give a blue screen and restart...not good i would say. So hence i dont have an ark.txt.

Really starting to worry. I read that these things are usually to direct internet traffic to specific sites to increase ad revenue for the malware people. I havn't done any internet banking cos i am not that foolish but is there much of a chance they will get control of my gmail or facebook accounts? How paranoid should i be in terms of infections spreading to other networked computers and external hard drives?


DDS (Ver_09-12-01.01) - NTFSx86
Run by Darren at 16:35:42.58 on Wed 13/01/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.3323.2523 [GMT 10.5:30]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system... Read more

A:Due to adware/spyware/malware firefox opens random tabs and google redirects pages

BUMP, please

Read other 12 answers
RELEVANCY SCORE 71.6

Hi,

I am using Windows XP and Internet Explorer version 8.0.6001.18702. When I first navigate off my home page, a new window pops up for another website selling services. I can close that window. After that, at seemingly random times, new windows or tabs will open redirecting me to other websites. The new websites seem to have been chosen from previous search topics in Google or Yahoo. While I can close them, the nuisance nonetheless remains and limits my ability to conduct business.

There are two virus scanners on the computer: MalwareBytes (which I put on and run independently) and Trend Micro (which runs automatically through network settings - I do have Administrative rights). Neither seem to detect anything.

I would be very grateful for your assistance in removing this annoyance.

Sincerely,
Otoluke

A:IE Randomly Opens New Window and Redirects

Please post the results of your last MBAM scan for review (even if nothing was found).To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Logs are saved to the following locations:-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\LogsPlease follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKillerDouble-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.If malicious objects are found, they will sh... Read more

Read other 1 answers
RELEVANCY SCORE 69.2

Hi i'm new to this forum and need help removing whatever it is I have. I am running Windows 7 and have tried Malwarebytes/Super Anti-Spyware/AVG even in safemode and none of them find anything other than cookies. Any help will be appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by steve at 2:20:52 on 2012-02-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6142.4765 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files&... Read more

A:Website Redirects/Random Pop-Ups/Random Music and Clicking Noises

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 3 answers
RELEVANCY SCORE 68.8

Hi Folks
Every so often, when I log in to my laptop (HP Pavilion g6) when I go to the desktop from the Windows tile display screen and Firefox opens (always) on the "Bing" website. This is not the website I have set as my 'Home Page' in Firefox and I have not clicked on anything other than the tile to open the program I want to use ... Mailwasher, Word, Outlook etc.
I've checked the Start folder and I can't find anything that might obviously be the cause. This is really annoying, has anyone else had this problem.

RevPete

A:Firefox opens on its own and to the Bing website!

I would expect anything in the start folder to run consistently at start-up rather than intermittently as in your case. The same for most things I can think of that are set to start up in hklm/software/Microsoft/windows/current version/run.

You could use more intelligent software utility like Ccleaner to look and see what is being run at startup and possibly identify anything suspect. As ALWAYS when encountering this type of anomaly you should first scan your system for malware. I find Malwarebytes quite good.

Screech

Read other 4 answers
RELEVANCY SCORE 68.8

Hi bleeping computer,
 
My computer just launched fire fox by itself and went to the msn website and then it opened a new tab to the msn website. I don't know what's going on. Am I infected with something? I've attached my additions.txt and frst.txt. Please help me.

A:My computer opens firefox by itself and goes to msn website?

Hello bluedoggie2122 and Welcome to the BleepingComputer.    My name is Yılmaz and I'll help you with the cleanup of malware from your computer.Before we move on, please read the following points carefully.Please complete all steps in the specified order.Even if tools don't find malware, I want you to post the logfiles anyway.Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.Don't install or uninstall software during the cleanup unless you are told to do so.Ensure your external and/or USB drives are inserted during always the scan.If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is cleanPlease reply to this thread. Do not start a new topicAs my first language is not English, please do not use slang or idioms. It could be hard for me to understand.Please open as administrator  the comput... Read more

Read other 0 answers
RELEVANCY SCORE 68.4

Hi - Two days ago I noticed that Firefox is opening new sessions to bogus landing pages with the following URL:hxxp://results.google-analytics.com/Steps Taken:1. Ran Malwarebytes - And it does not detect anything at all2. Ran Superantispyware - It does not detect anything at allAnother Issue - IE8 Keeps Redirecting me to ad sites stating results.yahoo.comI am familiar a little bit with OTS and OTL and combo fix. OS Windows 7Hoping to hear from you soon.Thanks

A:Firefox Opens New Session & IE8 Redirects

Hi,If you still need help with this post fresh dds logs, please. Also, it looked like ComboFix was run there (not recommended without supervision of trained helper). Kindly post back its log too.

Read other 2 answers
RELEVANCY SCORE 68.4

I have been google redirects to cl01cl10cl01.com sites when using chrome and to a variety of site names when using firefox. Also firefox sometimes opens a new tab sometimes.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4076

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/8/2010 12:16:06 PM
mbam-log-2010-05-08 (12-16-06).txt

Scan type: Quick scan
Objects scanned: 150198
Time elapsed: 20 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

A:Google redirects and odd Firefox new tab opens

sigh....I just went a head and reformatted. I couldn't wait any longer.

Read other 1 answers
RELEVANCY SCORE 68.4

Hi I have Windows XP SP 2 machine and while i am browsing the internet on firefox, IE suddenly opens with a blank page and then firefox redirects me to Zipcodez.com. Previously i used to get ads on IE but after scanning and removing trojans with Spybot this has stopped. I used to use McAfee and Ad aware but after a friend's recommendation i now use Kaspersky, Ad aware and Spybot. Here is my HijackThis log file. Thanks for the help...

I have already read the "Read before posting" topic.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:03 AM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee\Common Framework\Fram... Read more

A:IE opens and Firefox redirects to Zipcodez

Hello Ssjegoku5,

1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Under Browsing History, click Delete.
Click Delete Files, Delete cookies and Delete history
Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.
Click Privacy in the menu..
Click the Clear now button below.. A new window will popup what to clear.
Select all and click the Clear button again.
Click OK to close the Options window
* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
2. Download ComboFix

NOTE: If you already have ComboFix, remove the old version from your Desktop, and replace it with this new version.Save it to your Desktop.
Double-click ComboFix.exe and follow the prompts. Type 1 (continue) and click Enter.
Don't click the ComboFix window while the fix is running, because that may cause your system to hang.
When finished and after reboot (in case it asks to reboot), Combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, Combofix.txt.
Post the contents of this log in your next reply.
Do NOT post the ComboFix-quarantined-files.... Read more

Read other 9 answers
RELEVANCY SCORE 68

It is annoying that while I am browsing in Firefox, IE will randomly open a window. I don't know what else it may do, because as soon as it opens, I click to close it. Sometimes I get a security window asking if I want to add the Yahoo toolbar. I always click don't allow on it.
Does anyone else have this happen? Is there a fix for it? IE is not my default browser.
Any help would be greatly appreciated as it is an annoying occurrence.
Thank you in advance.
(Sorry if this is posted in the wrong place. I am new here.)
 

A:IE opens randomly when I am in Firefox..

Read other 16 answers
RELEVANCY SCORE 68

Noticed today that random russian website opens on windowns startup, seeking help to remove it, not just "disable".
 
Found the thing from msconfig; cmd.exe /c start http://zenigameblinger.org && exit
 
 
logs:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Mikael (administrator) on MIKAEL-PC on 23-03-2015 17:38:20
Running from C:\Users\Mikael\Downloads
Loaded Profiles: Mikael (Available profiles: Mikael)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: suomi (Suomi)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\DCService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(A... Read more

A:Possible malware, random website opens on startup

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Press the + R on your keyboard at the same time. Type notepad and click OK.Copy the entire content of the codebox below and paste into the notepad document:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S... Read more

Read other 6 answers
RELEVANCY SCORE 68

So today I noticed that when I start my computer and open my web browser, this random website pop ups, something to do with CMD opening it or something. The website seems like a spam/virus site. Any help? Did I get hacked? 
The site is http://gameharbor.org/

A:random website opens when I open my web browser?

FRST

Spoiler
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Collin (administrator) on COLLIN-PC on 09-09-2014 13:54:54
Running from E:\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe... Read more

Read other 7 answers
RELEVANCY SCORE 67.6

Internet Security 2012 appeared while I was streaming a football game on Sunday.
Ran Malawarebtyes and removed some files.

Now getting random tabs opening.

Can't not access windows updates or update windows security essentials..

Computer froze when running DDS

Here is the log from GMER.

A:Browser Opens Random Tabs & Redirects

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-20 19:48:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250310AS rev.3.ADA
Running: fwwj8zmk.exe; Driver: C:\DOCUME~1\Nate\LOCALS~1\Temp\kwldapob.sys
---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB0C59640]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9542000, 0x18FE04, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F5000A
.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F6000A
.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F4000C

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft C... Read more

Read other 3 answers
RELEVANCY SCORE 67.2

This is a weird case, and I'm pretty sure it's not attributed to a virus.Basically, I was playing full screen Starcraft whilst Firefox was running with multiple tabs open in the background. I alt-tabbed from the game to Firefox, and right clicked my taskbar and closed the game. As soon as I did this, a tab opened to Adtechus. (A legitimate AD company from what I can tell). I had a look on the website that was open when I alt tabbed before the new tab to Adtech opened and one of the ads on it had an Adtechus URL. The thing that perplexes me is that, my mouse didn't go near it, and so I couldnt have clicked it.After this, a short while later, I re-opened the game, alt tabbed and before I could close it, another tab opened automatically from a site I was on before with a Facebook box implemented into it, and for some reason the new tab contained the Facebook "like" box seperate from everything else. SEE HERE: http://www.facebook.com/plugins/likebox.ph...mp;header=falseFull website with the box to the left, here: http://www.gonintendo.com/I can recreate this by right clicking the Facebook box on this specific website and choosing "This Frame > Open Frame in New Tab". But the thing is, I never did this in the first place! Plus, the website was already closed 20 seconds previously before this new tab popped up. Then, automatically, another Adtechus tab popped up shortly after!I am quite sure I have not got any viruses as I have a multi lay... Read more

A:Firefox opens tabs randomly... but not in the way you'd think

Close out firefox and see if the issue continues.

Read other 9 answers
RELEVANCY SCORE 67.2

The infection occured when "updating MediaFire desktop" window appreared.  I was using MediFire at the time, but when I tried to close the window using "x", it would not close.  I unplugged the computer from power asap, but not soon enough.  Immediately ran virus & malware scan (using System Mechanic - recommended by a Dell tech a few years ago) and nothing was found.  Attempted to uninstall MediaFire Desktop using "Programs - Uninstall MediaFire" and Control panel uninstall.  Not successful.  Set computer back using "system restore", but the MediaFire update survived.
 
Ads appeared and redirects were common in Chrome and Firefox away from general as well as helpful (anti-malware) sites.  Some of the redirects were to what looked like Adobe but the link was not correct.  Search pages replaced with garbage.  Survey pages opened.  Computer user feels like a dope.
 
Ran Malware Bytes, AdwCleaner, Hitman Pro but the malware persists.
 
Thank yuo for any help you might offer.
Shanna Rendon
 
 
 
DDS:DS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by Shanna at 13:46:11 on 2014-07-01
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.12279.8686 [GMT -6:00]
.
AV: System Shield *Enabled/Updated* {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Shield *Enabled/Updated* {8B5160E8-C49... Read more

A:Malware : ads, redirects, opens surveys in Chrome and Firefox

 
Download AdwCleaner from here or from here. Save the file to the desktop.
 
 
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
 
Close all open windows and browsers.

XP users: Double click the AdwCleaner icon to start the program.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

You will see the following console:
 
Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
Click the Clean button.
Everything checked will be deleted.
When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

 
On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

 
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

Double-click to run it. When the tool opens click Ye... Read more

Read other 8 answers
RELEVANCY SCORE 66.8

Hello and thank you so much for your time in considering this. I am experiencing redirecting google search results and other (unexpectedly) redirected hyperlinks in Firefox. Just updated to Firefox 6.0 (sorry, not certain if problem coincided with this update or if it was preexisting) on a Windows Vista Business 64-bit box.
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20
Run by mcstan at 18:56:43 on 2011-08-17
Microsoft? Windows Vista? Business 6.0.6001.1.1252.1.1033.18.12278.8892 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)... Read more

A:Website redirects in Firefox

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/414884 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 66.8

I got infected 3 days ago and I have been trying since then to remove all infections. I have performed various scans (AVG, Trend Micro OfficeScan and housecall, Kaspersky) and they all detected infections. I think I have removed some of them but Kaspersky still detects 15 infected objects and I don't know how to remove them. My computer won't allow me to install any antispyware/malware programs (e.g. superantispyware, malwarebytes, spybot search and destroy, spywaredoctor, smitfraudfix, hijackthis). When I click on the icon to start installing the program, a window pops up and asks me if I want to run it, so I hit run and then nothing happens. The set-up or installation window doesn't appear after hitting "Run." Also, when I try to access the sites that offer free download of some antispyware/adware/malware programs it says connection interrupted (I'm using Mozilla. When I launch Internet Explorer, a tab for some ad appears along with a tab of the home page). I tried going on safe mode to install SuperAntiSpyware but it still doesn't work. Other symptoms of infection include: pop-ups of ads (around 10 when I leave computer on overnight), random sounds (ads, sound effects, etc. which appear as iexplorer.exe in task manager), google redirecting me to other ad sites when I click on google results, and my computer has become noticeably slower. I don't know what to do. This has become so stressful for me. I need help badly. =[ PLEASE HELP ME REMOV... Read more

A:HELP: Been trying to remove infections (trojan, random sounds, google redirects) for days and nothing has worked.

try this for Malware bytes if it's not installed.NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Also try running Rootrepeal.ROOTREPEALNext Please install RootRepealNote: Vista users ,, right click on desktop icon and select "Run as Administrator."Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides. Go HERE, and download RootRepeal.zip to your Desktop. Tutorial with images ,if needed >> [email protected]@K.Unzip that,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner. Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.DriversFilesProcesses Not this >>> SSDTStealth ObjectsHidden ServicesNow you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report. Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there). Please copy and paste that into your next reply. Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

Read other 16 answers
RELEVANCY SCORE 66.4

this is inside the virtual XP running on my windows 7 box, i get redirected to random websites from google results including 1 pron yesterday.

dds.txt
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Run by XPMUser at 14:59:35 on 2011-08-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.272 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Virtual PC Integration Components\vmsrvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\cygwin\bin\cygrunsrv.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files\LabF.com\WinaXe_Plus\xsetsrv.exe
C:\cygwin\usr\sbin\sshd.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOW... Read more

A:random website redirects

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415913 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 3 answers
RELEVANCY SCORE 66.4

Hello
I'm having problem with links for example on google sometimes redirecting to random websites or search engines I believe. How can I fix this and where do I sit with respect to security of bank information.

Thanks

A:Random Website redirects

Hello tradercAre you on a router? Are other machines on it,if so are they redirecting?Do you use Firefox?Run these,post the logs and let me know how it is.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (2.6.11.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scan... Read more

Read other 1 answers
RELEVANCY SCORE 66.4

Hi,

When I search in google I get random redirects a "web search". This started happening today.

It seems to be a "web search" tool that gives me other links to click on.
This computer is running Windows Vista SP2. Microsoft Security Essenitals did not find anything on a full scan. Yes I have the Boot Disk.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Toshiba at 21:35:21 on 2012-04-01
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1526.415 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k L... Read more

A:Random Website Redirects

BUMP!

Read other 18 answers
RELEVANCY SCORE 66.4

Hello,

My Firefox 3.6.3 browser has been opening randomly to my homepage (bbcnews.com) without any keys being pressed or anything- it continues to occur even when I am away from the computer. I have McAfee installed on my Dell laptop and have also scanned with Malwarebytes Anti-Malware and Avira Anti-Vir Personal, but no malware or viruses have been detected.

My HijackThis log is below- any advice would be much appreciated!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:19:31 PM, on 4/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcs... Read more

A:Firefox browser opens randomly to homepage

bump
 

Read other 3 answers
RELEVANCY SCORE 66.4

Here is my hijack this log. My firefox will barely run and it pops up random windows despite my pop up blocker being on. In particular everytime I run a google search, popups start to fly. Here is the log from this morning. If anyone can tell me if this log has anything that looks bad in it, I would greatly appreciate it!! Thanks!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:43:10 AM, on 6/4/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\Windows\system32\java.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Windows\System32\igfxpers.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exeC:\Windows\ehome\ehtray.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra0... Read more

A:Need help. Firefox opens pop ups randomly with pop up blocker on; think I have some malware

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,I am and I am here to help you!I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.As I am in training an Expert Coach will assist me in your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!**********Let's begin.I need a little more info.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.... Read more

Read other 6 answers
RELEVANCY SCORE 66.4

Hello all,Thank you for reading my post. I have the following setup:Windows 7 ProfessionalRating: 4.7 Windows Experience IndexProcessor: Intel® Core™ i5 CPU 650 @ 3.20GHz 3.19GHzInstalled memory (RAM): 6.00 GB (5.87 usable)System type: 64-bit Operating systemPen and Touch: NoneInternet Explorer: Version 9 just installed - problem started when I had IE8 installed.Antivirus: ESET NOD32The problem:About a month ago I was browsing the web and all of a sudden the Internet Explorer window kept popping up. It was a skinny page with no browser navigation and would go to random pages of advertising. I had Internet explorer 8 installed at the time this issue first started. I tried to uninstall but the PC only gave me the option to hide IE because I could not find the full uninstall button or option. It only let me mark it as unused, kind of when you try to uninstall MsPaint. It only lets you find it in the "Turn windows features on or off" section.I turned it off there and the problem stopped for about a week. I mainly use Firefox so IE is not a priority for me and I can happily live without it, however to do test mode for my websites I use it sometimes. So making a long story short I installed IE again from the Microsoft website and upgraded to IE9 Beta. When I say installed again I mean the IE9 gave me instructions on how to set IE up again.Now the same thing happens but with less frequency. I keep getting pop ups at random times. Internet explorer just opens rando... Read more

A:IE randomly opens a window and goes to random pages

Hi old5chool, and welcome to Bleeping Computer.Please follow the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help and post the DDS log requested (don't have to run Gmer)...

Read other 2 answers
RELEVANCY SCORE 66

Okay, I've had this problem for weeks. Every now and then, some shady webpage randomly pops up on my web browser. A lot of times, when I click on a result of a Google search, it redirects me (but not always) to a different website. I've tried Microsoft Security Essentials, Avast, SpyBot, Malwarebytes, they either detect nothing or the damn virus is still there after being apparently detected and removed! Not to mention that I've been randomly attacked with viruses a few times while I was browsing YouTube or a website I can trust or while doing nothing! I try my best to avoid any suspicious websites, but it seems like these damn cyber-criminals have ME targeted for some reason. I get these scam emails almost every day, which automatically gets directed to my junk folder.

I'm scared that these bastards will eventually steal my financial information if they haven't already! I want this madness to stop!

A:Annoying and persistent virus that redirects and opens up random webpages.

Hi Candlemass91,

Try this http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller then follow up with malwarebytes.

Read other 3 answers
RELEVANCY SCORE 66

Hi, this is my first time posting. Ive noticed many other people have also had this same problem, and have looked at their specific posts. Still, i decided that i needed help on my own. Internet explorer opens random links and my search engine redirects me to different sites. I have several diffrent virus removal tools, but i havnt used them yet because i dont want to mess anything up. Please help me....

Read other answers
RELEVANCY SCORE 65.6

Hi

I have viruses affecting my browsers (internet explorer and firefox) but think they may be caused by seperate viruses.

Internet explorer randomly opens up on its own with spammy websites/ads
Firefox also redirects to other pages that the ones click on sometimes. Also got fake virus warning sites showing.

I have run malwarebytes and removed anything that was detected but the problems persist.

Also when i try to check firewall i get the message "due to an unidentified problem windows cannot display windows firewall settings"

A:internet explorer opens randomly to ads and firefox redirect

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 3 answers
RELEVANCY SCORE 65.6

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:13:54 PM, on 12/15/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19170)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:&... Read more

A:HijackThis Log - In Firefox, computer randomly opens 14 new windows

Bump please!

Read other 7 answers
RELEVANCY SCORE 65.6

The last 3 weeks i have been reading and researching to try to eliminate this ongoing annoying issue where GOOGLE redirects my searches to other search websites...
I have followed the strict instructions provided in the following thread
http://forums.techguy.org/virus-oth...00673-browser-mainly-google-redirects-me.html by dvk01 but not sure if my computer is affected with other little worms and viruses.
I have also performed avast asw scan but no infected files found as per other forum advise.

I would really appreciate if i can get someone to have a look at my logs belows and provide some permanent fixes

Below is the log from Combo fix:-

ComboFix 11-07-26.02 - John 26/07/2011 20:14:25.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.242 [GMT 10:00]
Running from: c:\documents and settings\John\Desktop\username123.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-12-05 23:35 . 2009-08-06 09:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-12-05 23:35 . 2009-08-06 09:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-12-04 16:48 . 2008-11-10 01:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-12-04 16:48 . 2006-10-26 09:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\... Read more

Read other answers
RELEVANCY SCORE 65.6

Good day, and thanks for any help you can provide.

This occurred last night when I went to a website and it must have given me a Trojan as this morning its causing redirects from search engines, sending me to malware sites (already had to scrub Security Shield off). I keep getting two results from MalwareBytes, but they seem to be re-creating themselves on restart. I use TDSKiller and it cleaned one item, but the problem persists. It blocked my MSE and in following the help topic, uninstalled to reinstall it, but the malware seems to be block Windows Installer.

I'm running Windows 7 64-bit

Again, any help would be greatly appreciated. Thank you.

Here is my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Keefer at 11:40:08 on 2012-07-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4076.2663 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\S... Read more

A:Random Website Popups and Redirects

As a further update to this post, it seems MalwareBytes is capturing a common process when trying to clean the machine: Trojan.Dropper.BCMiner
I typically get one or two other results, but this Trojan is the common one always there.

Read other 3 answers
RELEVANCY SCORE 65.6

Hi, recently I got the rogue XP Security Tool 2010, ran by the file ave.exe, which had caused a good load of problems. Because I just found out about this forum today, due to desperation before, I did some myself, but following the exact guide here,
http://www.malwarehelp.org/ave-exe-a-multiple-rogues-in-one-trojan-fakerean-2010.html
which had been quite helpful of clearing off this virus. I will post the MBAM Log in Post 3. In MBAM, at the Quarantined tab, there's this rogue of Internet Security 2010, another malware I got in January, has been lurking. I pressed "Delete All" in the Quarantine tab of MBAM, it gets deleted, but when I switch to some other tab and switches back, it's there again... Anyway, during some Google searches, I sometimes get redirected to another website, and sometimes random unknown websites just pop-up out of nowhere. One of the example sites is like (registrydefender.com) something. It's obviously related to this rogueware. That's where I hope to receive help. Also, sometimes services.exe or svchost.exe of SYSTEM take up huge amount of CPU, causing the computer to slow down.

I have HiJackThis log from before following that guide above in removing ave.exe, and one after. I will post both.

Here is log 1, during which ave.exe was running, before I followed the steps of that guide from the link above:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:15, on 2010-4-4
Platform: Windows XP SP3 (WinNT 5.01.2600)
M... Read more

A:Random Website Pop-Up & Google Redirects

Read other 8 answers
RELEVANCY SCORE 65.6

Hey, I'm using an ASUS Eee netbook with Windows XP and have experienced many problems lately including major slowdown in performance, website redirections, and random reboots. I've run Avast and MBAM and both say that there is no threat detected. I've tried about every routine fix including getting a new hard drive. Please help!

HijackThis logfile attached.

A:Website Redirects and Random Reboots

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 12 answers
RELEVANCY SCORE 65.2

Hello,I have been lurking bleepingcomputer as a non-member for a while now. I typically am able to find the instructions to fix almost any problem a computer (be it mine or a friends) has from your forum. Now it seems I am unable to find the solution to my specific problem, so I finally signed up as a member! My problem is similar to all these redirect virus issues I have been reading, but slightly different and not quite the same.Here's the problem:Randomly when I am browsing the internet, every now and again a site that I come across (typically while using StumbleUpon [Firefox Add-On]) will redirect to some completely random site. It doesn't appear to follow any pattern, and has redirected to various different websites. The websites I am redirected to are rarely the same website I was redirected to before, the only exception being theclickcheck.com and yellowpages.com, both of these websites I have been redirected to more than once. Additionally, even if I don't have a browser open a pop-up will appear in a new window. If a browser is open, the pop-up window error will occur more frequently it seems(in a separate window, not a separate tab). Also, I noticed each redirect or pop-up goes through google-analytics.com, so this may still be the google redirect virus, but I am unsure.I have had this issue for about a week now, and I have been unable to get the time to really find the problem. I wish to do online banking, bill paying, and the what not but fear that... Read more

A:Random redirects and occasional pop-up while browsing with Firefox (particularly when using Firefox Add-On StumbleUpon)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

Read other 3 answers
RELEVANCY SCORE 65.2

Recently my Firefox browser has been redirecting me to random ad/scam sites when i click google links. Also most of my programs have been losing their settings and defaulting as though i had just installed them. I am using Windows 7 and i have three accounts on this computer, all of them keep screwing up in odd ways, like whenever i change the background on my account the background changes for all of them. I have scanned the computer with Avast!, Malwarebytes, and Spybot.I tried attatching the logs like the preperation thread told me to, but it wouldn't upload.Here is the DDS log:DDS (Ver_09-09-29.01) - NTFSx86 Run by Kevin at 14:13:37.87 on Sun 06/27/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.1485 [GMT -5:00]SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\sy... Read more

A:Firefox randomly redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 9 answers
RELEVANCY SCORE 65.2

I've recently had an issue addressed in the 'Am I infected? What do I do?' forum that involves a suspicious advertisement tab randomly appearing on its own in Firefox once every few weeks. 
 
boopme had me run some additional scans (MiniToolBox, TDSSKiller, Adwcleaner, JRT, ESET, and Tweaking.com Windows Repair) to those I'd already done and looked over the logs. boopme found them to be fine and wondered if a faulty Firefox add-on might be responsible. 
 
User Bub12 had the same exact problem, and speculated in the thread that the cause isn't a local bug but a rogue Google ad. The ad appeared for me at least once while I was browsing Facebook, so perhaps a Facebook ad is to blame.
 
When I found no suspicious add-ons, boopme suggested I post in this forum to ensure there's nothing compromising on my machine locally.
 
Also, pages continue to often be slow to load or not load at all in Chrome, although this may be unrelated.
 
For my more detailed explanation of the problem and boopme's advice, here's the original thread: 
 
http://www.bleepingcomputer.com/forums/t/511159/firefox-opens-a-new-tab-on-its-own-and-loads-an-odd-womens-health-page/
 
 
Here's my DDS.txt, and attach.txt is attached.
 
Thanks in advance.
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720
Run by ****** at 14:26:20 on 2013-10-27
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.81... Read more

A:Suspicious 'Women's Health' advertisement tab opens randomly in Firefox

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===I checked both your topics and found nothing suspicious in your logs.I can only suggest one thing for now Remove Chrome using the Add/Remove Programs.Restart the computer normally.Reinstall Chrome.If you want to keep your Bookmarks before proceeding, I suggest you save them.When the new re-install is complete you can import your saved bookmarks.Read these instructions before proceedinghttps://support.google.com/chrome/answer/96816?hl=en

Read other 9 answers
RELEVANCY SCORE 65.2

I have a Pentium 4 desktop running MS Windows XP Pro. I have Combofix, Spybot, Malwarebytes and PC Tools Spyware Doctor(Full Version). I have run them all and I still can not get ride of this redirect virus on google. It also opens random pages on new tabs while I am on Firefox. I have the lastest versions of all these antivirus programs and I update them daily! Please help! I am not a computer guru and place go simple with your reply.Thanks! DaveEDIT: Moved from Malware Removal Logs to more appropriate Am I Infected ~ Hamluis.

A:Redirect Virus With Google and Firefox Randomly Opens pages

Hello,Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ which discusses the use of ComboFix.Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 64.8

It started with "Microsoft Windows" popups stating that there was a virus. There were also pseudo-"Windows Security Center" popup that identified the threats. Later noticed Browser Hijacks... i.e. Google search results were being redirected to other non-relevant sites. Mcafee removed a few Artemis!... (... = random alpha-numerics) BUT wasn't able to update Mcafee's virus definition signature. Continued to get more popups.The virus/malware/trojan also:- set hidden files invisible- removed "Folder Options" under Tools- removed access to run REGEDITFound vb file online to fix REGEDIT access problemUsed Task Manager to end suspicious tasks and cleaned Temp folder in User\Local SettingsUsed REGEDIT to remove suspicious itemsWorked for a few hours BUT:- the problem files kept reappearing as different names (mostly located in TEMP)- set hidden files invisible - etc... (see above list)Malwarebytes' Anti-alware was able to fix/remove:- Trojan.BHO- Backdoor.Bot- Malware.Trace- Trojan.Downloader- Spyware.Zbot- Disabled.SecurityCenter- Hijack.Userinit- Stolen.data- Trojan.Agent- Trojan.FakeAlertUsed HijackThis to fix many entries in: O17 - HKLM\System\CCS\Services\Tcpip... Name ServerRan all utilities mentioned in the Prep Guide from this forum.Ran gmer but gets stuck on system\current...\tcpip\ (can't quite recall the exact section). The Stop button was clickable so I clicked it and got a partial l... Read more

A:Google redirects in both IE and Firefox (cleaned Artemis!... trojans)

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 13 answers
RELEVANCY SCORE 64.8

Explorer redirects every new web page I open. I cannot download any virus software because it will not work, when and if I get it open. Haven?t noticed any affect to my programs as of yet. Lots of pop ups that my Google blocker is not catching, same for firefox. I do not run a virus program because it slows my computer down. But I think I am going to start. These bugs are a nightmare. any help would be greatly appreciated.

Micro Trend told me that C:/autorun.inf was a problem file and about two other ones that i cannot remember. hope this is enough information.

as far as location I have no idea.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Benji Alford at 15:36:16.69 on Thu 04/30/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.1917.1143 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
FW: BitDefender Firewall *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.e... Read more

A:Malware, Spyware, and Trojans – explorer redirects, firefox also

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------


Quote:




I do not run a virus program because it slows my computer down.




Have you learned a lesson here?

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

Please note... Read more

Read other 19 answers
RELEVANCY SCORE 64.4

Recently i have been getting a lot of random pop-ups that normally lead to sites trying to give me a virus. AVG Free Edition 9.0 always blocks these attacks but i really want to get rid of this because i can't ever get to the site i am trying to get to. About a week ago i had a rouge anti-virus (Windows Defender 2010) which i finally got rid of using Malyware Malbytes. After that my PC was acting weird and Just-In-Time Debugging keeps popping up. Sometimes SVChost or something like that crashes and then nothing works. Also after i removed the rogue anti-spyware none of the icons on desktop or in start folder would open. So i looked it up and i had to copy this into notepad and save it as fix.reg.

Pasted the following:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

This let me open all programs but then Mozilla Firefox would do random tabs and redirects.
Also i tried this.

Went to: C:\WINDOWS\system32\drivers\etc
Opened Hosts and deleted EVERYTHING. Then saved.
Deleted all backup hosts and thats about it.
A... Read more

A:Random Redirects on Clicking Links or Random Tab Pop-ups In Firefox

Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Make sure the Sections option is checked (in the right hand panel). Leave all other options unchecked!Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

Read other 6 answers
RELEVANCY SCORE 64.4

EDIT: Split from here: http://www.bleepingcomputer.com/forums/t/311114/random-redirects-on-clicking-links-or-random-tab-pop-ups-in-firefox/ ~BPOk heres all the files. I skiped step 9 as i did not know if i need to create a new post or continue this topic.DDS.txt:DDS (Ver_10-03-17.01) - NTFSx86 Run by alex at 22:10:32.04 on Tue 04/20/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.367 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AirLink101\AWLL5026\WLService.exeC:\Program Files\AirLink101\AWLL5026\AWLL5026.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\ehome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\AVG\AVG9\avgnsx.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeC:\WINDOWS\sy... Read more

A:Random Redirects on Clicking Links or Random Tab Pop-ups In Firefox

Hi, qwertyasd Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------Double click on combofix.exe & follow the prompts.Install the Recovery Console if prompted.When finished, it will produce a report f... Read more

Read other 10 answers
RELEVANCY SCORE 64.4

Hi there,

I just can't solve this one. Somehow, when I search from the Firefox search bar, when I click a result, it is redirected to some other server.
Combofix, Malware Bytes, Spybot Search and Destroy and AVG do not detect anything.

Turning on Fiddler results in the page meta refreshing to the correct location after a few seconds on a 'blank' page. I have attached a Fiddler .SAZ. To view it, rename from wierd.saz.txt to wierd.saz. then view in fiddler (or I think you can unzip)

Additionaly things I have tried uninstalling firefox, deleting all folders and registry entries for it. No luck.

I had been using opendns; I am now using DHCP to get DNS from my router, router set to obtain automatically, obtaining 71.242.0.12
71.252.0.12.

Please let me know if I can provide any other information.

A:Firefox search bar redirects randomly

just an update -- still not able to fix. ran SAS, MBAM full scans, nothing.

Read other 4 answers
RELEVANCY SCORE 64.4

Hello covalesj Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.In order to better assist you I will need the following:If you have any CD emulation software such as Daemon or Alcohol please run the following before you run GMER. If you do not skip DeFogger and go right on to GMER. If you do use it let me know so we can reenable when we ... Read more

A:DDS Log for Firefox search bar redirects randomly

Due to the lack of feedback This Topic is closed.Should you need it reopened, please contact my by PM. Include the address of this thread in your request.If you have a new issue, please start a New Topic.This applies only to the original poster. Everyone else please begin a New Topic.

Read other 18 answers