Over 1 million tech questions and answers.

Random Redirects on Clicking Links or Random Tab Pop-ups In Firefox

Q: Random Redirects on Clicking Links or Random Tab Pop-ups In Firefox

EDIT: Split from here: http://www.bleepingcomputer.com/forums/t/311114/random-redirects-on-clicking-links-or-random-tab-pop-ups-in-firefox/ ~BPOk heres all the files. I skiped step 9 as i did not know if i need to create a new post or continue this topic.DDS.txt:DDS (Ver_10-03-17.01) - NTFSx86 Run by alex at 22:10:32.04 on Tue 04/20/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.367 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AirLink101\AWLL5026\WLService.exeC:\Program Files\AirLink101\AWLL5026\AWLL5026.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\ehome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\AVG\AVG9\avgnsx.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\slserv.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\Explorer.EXEC:\Program Files\Gateway Utilities\GWInkMonitor.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Mozilla Firefox22\firefox.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXEC:\Documents and Settings\alex\Desktop\dds.scr============== Pseudo HJT Report ===============uSearch Page = uStart Page = hxxp://www.yahoo.com/uSearch Bar = mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.commSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.commSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.localmSearchAssistant = BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dllBHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dllBHO: 1 (0x1) - No FileTB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dllTB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dllTB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No FileTB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No FileTB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No FileTB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No FileEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exeuRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.0.11)_Gecko/2009060215_Firefox/3.0.11_Creative_ZENcast_v1.01.06_FBSMTWB" -"http://www.shockwave.com/gamelanding/driftnburn3.jsp"mRun: [Gateway Ink Monitor] "c:\program files\gateway utilities\GWInkMonitor.exe"mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"uPolicies-explorer: DisallowRun = 0 (0x0)IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dllIE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dllIE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dllDPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {9BEEA7FF-FF76-403C-B124-86D9835435F0} - hxxps://www.gamechu.jp/ssl/dl/download/sessionctrl.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: avgrsstarter - avgrsstx.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLmASetup: {44EF7E71-596F-7A27-8099-29283AE244BB} - c:\windows\system32\rename.exe================= FIREFOX ===================FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\cq5s5c35.default\FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dllFF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dllFF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\---- FIREFOX POLICIES ----c:\program files\mozilla firefox22\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox22\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox22\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox22\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox22\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox22\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox22\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox22\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox22\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox22\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox22\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox22\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox22\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox22\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox22\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox22\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox22\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox22\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox22\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox22\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox22\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox22\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox22\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox22\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox22\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox22\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox22\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox22\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox22\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox22\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox22\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox22\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox22\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox22\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox22\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox22\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox22\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R0 MCED;MCED;c:\windows\system32\drivers\MCED.sys [2006-8-5 26816]R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-24 216200]R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-24 29512]R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-24 242696]R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2008-5-8 3026]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 66632]R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-16 308064]R2 AWLL5026 WLService;AWLL5026 WLService;c:\program files\airlink101\awll5026\WLService.exe [2007-10-7 49152]R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]R3 HCW88ENC;Hauppauge WinTV 88x MPEG Encoder;c:\windows\system32\drivers\hcw88enc.sys [2006-8-5 304323]R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2006-8-5 111681]R3 HCW88VID;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2006-8-5 557808]R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [2006-8-5 25832]R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2010-2-5 28672]R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 12872]R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [2006-12-30 19968]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]S3 A3AX;D-Link AirPro DWL-A520 PCI Adapter Service;c:\windows\system32\drivers\a3ax.sys [2002-3-2 261112]S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-2-3 16512]S3 cpuz132;cpuz132;\??\c:\docume~1\alex\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\alex\locals~1\temp\cpuz132\cpuz132_x32.sys [?]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 XDva005;XDva005;\??\c:\windows\system32\xdva005.sys --> c:\windows\system32\XDva005.sys [?]S3 XDva007;XDva007;\??\c:\windows\system32\xdva007.sys --> c:\windows\system32\XDva007.sys [?]=============== Created Last 30 ================2010-04-21 03:08:33 0 ----a-w- c:\documents and settings\alex\defogger_reenable2010-04-16 03:37:55 0 d-----w- c:\program files\Mozilla Firefox 22010-04-15 08:05:46 204 ----a-w- c:\windows\system32\MRT.INI2010-04-14 23:24:54 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cadc29b091e0dc.mof2010-03-31 21:44:09 232 ----a-w- c:\windows\reimage.ini2010-03-31 21:43:41 0 d-----w- C:\rei2010-03-31 21:43:38 0 d-----w- c:\program files\Reimage2010-03-31 21:27:27 0 d-----w- c:\program files\Mozilla Firefox222010-03-29 23:36:26 0 d-s---w- c:\windows\Downloaded Program Files2010-03-29 20:38:09 664 ----a-w- c:\windows\system32\d3d9caps.dat==================== Find3M ====================2010-04-18 06:34:49 96512 ----a-w- c:\windows\system32\drivers\atapi.sys2010-03-30 05:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-30 05:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-16 13:07:52 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys2010-03-16 13:07:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll2010-03-16 13:07:20 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll2010-02-07 11:41:10 352513 ----a-w- c:\windows\system32\savapi3.dll2010-02-07 11:41:10 1380403 ----a-w- c:\windows\system32\avgsdk.dll2008-10-24 23:34:24 13848 ----a-w- c:\program files\common files\dawurara.lib2008-10-24 23:34:24 10910 ----a-w- c:\program files\common files\fefamujor.dll2009-08-13 19:05:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009081320090814\index.dat============= FINISH: 22:12:31.85 ===============Also gmer.log from before: (Didn't know if i needed to create new one)GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-04-20 21:15:08Windows 5.1.2600 Service Pack 3Running: zntmlxxz.exe; Driver: C:\DOCUME~1\alex\LOCALS~1\Temp\uxrdapow.sys---- Kernel code sections - GMER 1.0.15 ----.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF757C794]---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0098000A .text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0099000A .text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0097000C .text C:\WINDOWS\Explorer.EXE[984] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A .text C:\WINDOWS\Explorer.EXE[984] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C4000A .text C:\WINDOWS\Explorer.EXE[984] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C ---- Devices - GMER 1.0.15 ----Device -> \Driver\atapi \Device\Harddisk0\DR0 876ADCF7---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xBE 0x60 0xF6 0x83 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xAF 0xB7 0x78 0x43 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x50 0xC7 0xE1 0x23 ...Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xBE 0x60 0xF6 0x83 ...Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xAF 0xB7 0x78 0x43 ...Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x50 0xC7 0xE1 0x23 ...Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0xBE 0x60 0xF6 0x83 ...Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xAF 0xB7 0x78 0x43 ...Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x50 0xC7 0xE1 0x23 ...Reg HKLM\SOFTWARE\Classes\[email protected] MacromediaFlashPaper.MacromediaFlashPaperReg HKLM\SOFTWARE\Classes\[email protected] Type application/x-shockwave-flashReg HKLM\SOFTWARE\Classes\[email protected] Type text/plainReg HKLM\SOFTWARE\Classes\[email protected] Type text/plainReg HKLM\SOFTWARE\Classes\[email protected] FlashProp ClassReg HKLM\SOFTWARE\Classes\FlashProp.FlashProp\CurVer Reg HKLM\SOFTWARE\Classes\FlashProp.FlashProp\[email protected] FlashProp.FlashProp.1Reg HKLM\SOFTWARE\Classes\[email protected] FlashProp ClassReg HKLM\SOFTWARE\Classes\FlashProp.FlashProp.1\CLSID Reg HKLM\SOFTWARE\Classes\FlashProp.FlashProp.1\[email protected] {1171A62F-05D2-11D1-83FC-00A0C9089C5A}Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{291AE871-7442-82EC-0D9F-8A1E86BF6CBD} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{291AE871-7442-82EC-0D9F-8A1E86BF6CBD}@bboighakgnaphblcjfdapfdjijmekjnbphbb 0x61 0x62 0x6A 0x67 ...Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{291AE871-7442-82EC-0D9F-8A1E86BF6CBD}@aboighakgnaphblcjfaaiekpbgghjidmll 0x61 0x62 0x6D 0x68 ...---- Files - GMER 1.0.15 ----File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification---- EOF - GMER 1.0.15 ----Im going to go ahead and post the Attach.txt:UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-03-17.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 8/5/2006 4:09:57 PMSystem Uptime: 4/20/2010 9:16:30 PM (1 hours ago)Motherboard: Gateway | | Desktop SystemProcessor: Intel? Pentium? 4 CPU 3.00GHz | Socket 478 | 3000/200mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 233 GiB total, 101.238 GiB free.E: is RemovableG: is RemovableH: is RemovableI: is Removable==== Disabled Device Manager Items =============Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}Description: Unimodem Half-Duplex Audio DeviceDevice ID: MODEMWAVE\0\{E2BD1D32-7EE1-4BE5-AA61-017B21E77A73}Manufacturer: MicrosoftName: Unimodem Half-Duplex Audio DevicePNP Device ID: MODEMWAVE\0\{E2BD1D32-7EE1-4BE5-AA61-017B21E77A73}Service: MODEMCSA==== System Restore Points ===================No restore point in system.==== Installed Programs ======================Acrobat.comAdobe Acrobat 7.0 StandardAdobe Acrobat 7.1.0 StandardAdobe AIRAdobe Anchor Service CS3Adobe Asset Services CS3Adobe Bridge CS3Adobe Bridge Start MeetingAdobe Camera Raw 4.0Adobe CMapsAdobe Color Common SettingsAdobe Color EU Extra SettingsAdobe Color JA Extra SettingsAdobe Color NA Recommended SettingsAdobe Device Central CS3Adobe ExtendScript Toolkit 2Adobe Flash CS3Adobe Flash CS3 ProfessionalAdobe Flash Player 10 PluginAdobe Flash Video EncoderAdobe Help Viewer CS3Adobe Linguistics CS3Adobe PDF Library FilesAdobe Photoshop Elements 3.0Adobe Reader 9.3Adobe SetupAdobe Shockwave Player 11.5Adobe Type SupportAdobe Update Manager CS3Adobe Version Cue CS3 ClientAdobe WinSoft Linguistics PluginAge of Empires IIIAiO_Scan_CDAAiOSoftwareNPIAirLink101 USB XR AdapterApple Application SupportApple Mobile Device SupportApple Software UpdateATI Control PanelATI Display DriverAudacity 1.2.6AVG Free 9.0AVI DivX to DVD SVCD VCD Converter 2.2.2AviSynth 2.5BenVista PhotoZoom Pro 3.0.2BonjourBufferChmC3100c3100_HelpCCleaner (remove only)Compatibility Pack for the 2007 Office systemCP_Package_Variety1CP_Package_Variety2CP_Package_Variety3Creative Audio ConsoleCreative MediaSourceCreative MediaSource 5Creative Removable Disk ManagerCreative System InformationCreative ZEN V Series (R2)Creative Zen Vision MDestinationsDeviceFunctionQFolderDeviceManagementQFolderDivX Content UploaderDivX Web PlayerDNADocProcDocProcQFolderDoMoreDVDDVD to VCD AVI DivX Converter v3.2 (build 069)Easy Video Splitter 1.28eSupportQFolderEVGA Display DriverFar Cry 2FastStone PlayerFax_CDAFirstClass? ClientFlash Slideshow Maker Pro 4.81Form Fill (Windows Live Toolbar)Gateway Drivers and Applications RecoveryGateway IE CustomizationsGateway Ink MonitorGateway RhapsodyGdiplusUpgradeGemMaster MysticGoogle EarthGoogle SketchUp 6Google Update HelperGoogle UpdaterHijackThis 2.0.2Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows Media Format SDK (KB902344)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)HP Imaging Device Functions 7.0HP Photosmart and Deskjet 7.0.AHP Photosmart EssentialHP Software UpdateHP Solution Center 7.0HPPhotoSmartExpressHPProductAssistantHyperCamInfraRecorderInstantShareDevicesMFCIntel? PRO Network Adapters and DriversIntel? PROSetInterActual PlayeriTunesJ2SE Runtime Environment 5.0 Update 11J2SE Runtime Environment 5.0 Update 7Java 2 Runtime Environment, SE v1.4.2Java™ 6 Update 3Learn2 Player (Uninstall Only)LibUSB-Win32-0.1.12.1Magic Audio Recorder v5.4.0Malwarebytes' Anti-MalwareMap Button (Windows Live Toolbar)Microsoft .NET Framework 1.0 Hotfix (KB953295)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB953297)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft ActiveSyncMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft National Language Support Downlevel APIsMicrosoft Office Standard Edition 2003Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Mozilla Firefox (3.6.3)MS Access 97 SP2MSVC80_x86MSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMSXML 6 Service Pack 2 (KB954459)Need for Speed? CarbonNero SuiteNetcam Watcher ProNewCopy_CDANokia Connectivity Cable DriverNVIDIA DriversNVIDIA nView Desktop ManagerOCR Software by I.R.I.S 7.0oggcodecs 0.71.0946OneCare Advisor (Windows Live Toolbar)PanoStandAlonePC-Doctor for WindowsPC Connectivity SolutionPDF SettingsPeerGuardian 2.0Pocket RAR documentationPopup Blocker (Windows Live Toolbar)Power Tab Editor 1.7ProductContextNPIProject TorquePunkBuster ServicesQuickFreedom 1.2.0QuickTimeRave-MP Digital Audio PlayerReadmeReimage RepairRhapsody Player EngineScanScannerCopySecurity Update for Windows Internet Explorer 7 (KB928090)Security Update for Windows Internet Explorer 7 (KB929969)Security Update for Windows Internet Explorer 7 (KB931768)Security Update for Windows Internet Explorer 7 (KB933566)Security Update for Windows Internet Explorer 7 (KB937143)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB939653)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 7 (KB974455)Security Update for Windows Internet Explorer 7 (KB976325)Security Update for Windows Internet Explorer 7 (KB978207)Security Update for Windows Media Encoder (KB954156)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows Media Player 9 (KB917734)Security Update for Windows XP (KB913433)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB981349)Serif PagePlus SE 1.0Serif WebPlus X4Serif WebPlus X4 ResourcesSmart Link 56K Voice ModemSmart Menus (Windows Live Toolbar)SmartSound Quicktracks for Premiere ElementsSnagIt 7SolutionCenterSpelling Dictionaries Support For Adobe Reader 9Spybot - Search & DestroySpybot - Search & Destroy 1.5.2.20StatusSUPERAntiSpyware Free EditionSystem Requirements LabThumbView 1.0ToolboxTrayAppUnloadUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 7 (KB976749)Update for Windows Internet Explorer 7 (KB980182)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)VFD DriverVFTPXWebFldrs XPWebRegWindows Driver Package - Nokia Modem (03/05/2008 3.7)Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)Windows Driver Package - Nokia Modem (05/22/2008 3.8)Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)Windows Driver Package - Nokia Modem (10/12/2007 3.6)Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)Windows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Imaging ComponentWindows Live Favorites for Windows Live ToolbarWindows Live MessengerWindows Live OneCare safety scannerWindows Live Outlook Toolbar (Windows Live Toolbar)Windows Live ToolbarWindows Live Toolbar Extension (Windows Live Toolbar)Windows Live Toolbar Feed Detector (Windows Live Toolbar)Windows Media Encoder 9 SeriesWindows Media Format RuntimeWindows Media Player 10Windows Media Player 10 Hotfix - KB894476Windows Media Player 10 Hotfix - KB895316Windows Presentation FoundationWindows XP Service Pack 3WinRAR archiverWinZipXML Paper Specification Shared Components Pack 1.0Yahoo! Browser ServicesYahoo! Install ManagerYahoo! Internet MailYahoo! Music JukeboxZENcast Organizer==== Event Viewer Messages From Past Week ========4/20/2010 9:14:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}4/20/2010 4:50:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX eeCtrl Fips hwinterface intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL4/20/2010 4:50:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.4/20/2010 4:50:20 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.4/20/2010 4:50:20 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.4/20/2010 4:50:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.4/20/2010 4:50:20 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.4/20/2010 4:50:20 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.4/20/2010 4:49:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}4/20/2010 4:49:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}4/20/2010 10:10:36 PM, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.4/19/2010 8:53:29 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014A5D8EED5. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.4/19/2010 6:33:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.4/19/2010 6:28:16 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.4/18/2010 10:11:47 AM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0014A5D8EED5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).4/16/2010 2:02:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.4/14/2010 8:36:35 PM, error: Service Control Manager [7000] - The NTPort Library Driver service failed to start due to the following error: The system cannot find the file specified.4/14/2010 8:35:56 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.4/14/2010 8:35:56 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.4/14/2010 8:35:56 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.==== End Of File ===========================Im not sure how to attach zip so im sorry for all the room i take up. i Tried to divide with extra spaces inbetween.

RELEVANCY SCORE 200
Preferred Solution: Random Redirects on Clicking Links or Random Tab Pop-ups In Firefox

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Random Redirects on Clicking Links or Random Tab Pop-ups In Firefox

Hi, qwertyasd Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------Double click on combofix.exe & follow the prompts.Install the Recovery Console if prompted.When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" .**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Read other 10 answers
RELEVANCY SCORE 135.6

Recently i have been getting a lot of random pop-ups that normally lead to sites trying to give me a virus. AVG Free Edition 9.0 always blocks these attacks but i really want to get rid of this because i can't ever get to the site i am trying to get to. About a week ago i had a rouge anti-virus (Windows Defender 2010) which i finally got rid of using Malyware Malbytes. After that my PC was acting weird and Just-In-Time Debugging keeps popping up. Sometimes SVChost or something like that crashes and then nothing works. Also after i removed the rogue anti-spyware none of the icons on desktop or in start folder would open. So i looked it up and i had to copy this into notepad and save it as fix.reg.

Pasted the following:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

This let me open all programs but then Mozilla Firefox would do random tabs and redirects.
Also i tried this.

Went to: C:\WINDOWS\system32\drivers\etc
Opened Hosts and deleted EVERYTHING. Then saved.
Deleted all backup hosts and thats about it.
A... Read more

A:Random Redirects on Clicking Links or Random Tab Pop-ups In Firefox

Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Make sure the Sections option is checked (in the right hand panel). Leave all other options unchecked!Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

Read other 6 answers
RELEVANCY SCORE 126

Hi,

I've recently discovered what I believe is a trojan horse, which is hijacking links, and taking me to different sites from the one that I requested. This does not happen every single time, but is obviously causing a lot of worry and stress about whether the sites I am looking at are the correct ones. If anyone could help, that would be very appreciated.

My DDS log:
DDS (Ver_09-05-14.01) - NTFSx86
Run by Matt Tremayne at 10:28:26.65 on 20/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1023.371 [GMT 1:00]

AV: PC Tools AntiVirus 5.0.0.16 *On-access scanning enabled* (Updated) {832E7172-E406-4BB2-8B19-6D29F2C93A98}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program... Read more

A:Using IE7 or Firefox, clicking on links redirects me to totally random sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 38 answers
RELEVANCY SCORE 110

This machine was infected with scareware / malware that popped up stuff about being infected with viruses. After following the relevant instructions here and running rkill.exe and mbam, that stuff seemed to get cleaned up. However, now whenever I click a link in IE it connects to some random site rather than the one I would expect. There is no proxy set in the connection settings for IE. Any help would be greatly appreciated!DDS (Ver_10-03-17.01) - NTFSx86 Run by Carla Nordstrom at 15:47:48.25 on Mon 08/23/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.383.64 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC... Read more

A:IE redirects to random sites when clicking on links

Hi halindrome,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will ... Read more

Read other 3 answers
RELEVANCY SCORE 100

Hi i'm new to this forum and need help removing whatever it is I have. I am running Windows 7 and have tried Malwarebytes/Super Anti-Spyware/AVG even in safemode and none of them find anything other than cookies. Any help will be appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by steve at 2:20:52 on 2012-02-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6142.4765 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files&... Read more

A:Website Redirects/Random Pop-Ups/Random Music and Clicking Noises

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 3 answers
RELEVANCY SCORE 99.2

http://www.bleepingcomputer.com/forums/topic459101.html
as an add-on, firefox in general runs sluggishly

I skipped step 8 in the preparation guide: http://www.bleepingcomputer.com/forums/topic34773.html since I have a 64 bit computer

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Rajiv Desikan at 23:53:58 on 2012-07-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8106.5432 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program... Read more

A:Firefox google redirects to webhp after a search/opens up random links

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 16 answers
RELEVANCY SCORE 99.2

Firstly, I think I probably got this from some shady porno sites while in private browsing, fwiw

basically, whenever I google stuff using firefox on my laptop (64 bit windows 7, dell xp), oftentimes, when I click on the links, it opens up some random spam website. It takes numerous clicks to actually get the actual link to open. Also, when this doesn't happen, clicking on any google searches redirects the browser to google.com/webhp. I have to exit this tab and open a new tab for google to work after this. Finally, firefox now uses up to 25% of my cpu performance when I check my task manager. So far, these problems only exist on firefox, and IE is fine, but I'd still like to get rid of this possible malware. Thanks!

A:Firefox google redirects to webhp after a search/opens up random links

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

Read other 6 answers
RELEVANCY SCORE 86.8

I've been having problems with clicking on links to go to other sites. It's very random. Some links work, but many others don't. It really limits my ability to get information, watch videos, etc. I'm not computer literate. At least not much. But this is very frustrating. I haven't been able to find a good answer. Can someone help please? Thank you.

A:I have trouble clicking on certain random links. They just won't open.

Welcome to the Seven Forums.
Please reset IE using this info:
Internet Explorer - Reset
When you get to step 5, please put a check by the option to Delete Personal Settings.
Doing this should reset IE's popup blocker - which might be the source of your problems,

When you say:
Some links work, but many others don't.
What do you see when links don't work?
What version of IE are you using?
Please see this post if you need help.

Read other 2 answers
RELEVANCY SCORE 86.8

I have problems in google and bing with links. Clicking on a link after a search in google or bing takes me to random ad sites.

I had a post in: BleepingComputer.com > Security > Am I infected? What do I do?
After taking the following steps, the person assisting me said that he couldn't solve the problem, and to post to this forum.

Here are the steps taken in that forum:
1) Ran TDSSkiller and posted log
2) Ran aswMBR and posted log
3) Ran ESET online scanner and posted results
4) Ran Malwarebytes and posted log
5) Ran mini toolbox and posted results
6) Ran adware cleaner and posted log
7) Ran Junkware removal tool and posted log
8) Ran Bleepingcomputer.com rkill, posted contents
9) Ran autoruns and posted contents
10) Ran Microsoft fixit tool, reset internet explorer, restarted PC
11) Uninstalled IE 8, now have IE version 7
12) Opened MSConfig, changed setting to Normal Startup, rebooted the computer, and ran autoruns (again) and posted log

Anything you can do to help would be greatly appreciated. Here are the logs (one pasted and one attached)
 attach.txt   17.6KB
  2 downloadsper your instructions. Thanks!

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16850
Run by Sean Clark at 22:38:28 on 2012-12-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.286 [GMT -8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\syst... Read more

A:Clicking on links in IE takes me to random ad sites

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
Do not install any other programs until this if fixed.[/b]
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass... Read more

Read other 11 answers
RELEVANCY SCORE 86.8

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz, x64 Family 6 Model 15 Stepping 11
Processor Count: 4
RAM: 3325 Mb
Graphics Card: NVIDIA GeForce GTX 460, 767 Mb
Hard Drives: C: Total - 476890 MB, Free - 378808 MB;
Motherboard: Dell Inc., 0TP406
Antivirus: Norton Security Suite, Updated and Enabled

----------------------

I started having some major issues about 2 days ago.. going to google and clicking on links would take me to random sites. Windows host processor would randomly go to 100 % usage and slow me down. Then I crashed and suspected something. Ran a full scan of my av it found a trojan removed it. Then today i got a few attacks that Nortons blocked.. and the clicking on links things got worse and then i crashed again.. downloaded malawarebytes it found one deleted it.. i rebooted.. crashed.. windows did a checkdsk.. deleted a bunch of index entrys.. came back in crashed.. went into safe mode with internet off.. ran mal and my av nothing found.. came back in.. surprised i got to you through google without going to a random site. I do not know what else to do and hope you can help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:05:14 PM, on 2/26/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhos... Read more

A:Clicking on Links takes me to random websites

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using, 32bit (x86) or 64 (x64) bit)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File... Read more

Read other 1 answers
RELEVANCY SCORE 86.8

Hi all,Many times clicking links or an attempt to go to a certain website redirects me to advertisements and spam, rather than the intended link i want to view. I have tried spyware removal tools (malwarebytes, spybot, windows defender), and they found trojans, i removed them, but i'm still having the problem. I just can't go to many URLs.Here's a hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:55:22 AM, on 4/26/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\cvsnt\cvsservice.exeC:\Program Files\cvsnt\cvslock.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Prog... Read more

A:Clicking links takes me to different random websites

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe to your desktopDouble click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedNEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you wi... Read more

Read other 36 answers
RELEVANCY SCORE 86.8

Hi Guys,Really hope I'm posting this in the right spot, if I have messed up, I'm sorry!I have been getting random redirects when doing searches with google, the results are fine, but after clicking on a result sometimes I'm taken to a random site, always varies on what type of sites they are as well, never the same.Hope someone can help. attached files from DDS below:-

A:Random redirects after clicking google results

Anyone able to help me ?

Read other 29 answers
RELEVANCY SCORE 86

Basically the title says it. I figured I must have some kind of malware or something because whenever i click on any link or anything like that, i get redirected to stupid ads and useless webpages.
Basically, when i click, the page changes and at first it loads the page, though nothing actually shows up, its just blank, then it will suddenly start loading the ad page. VERY annoying.

Please help?

DDS (Ver_09-12-01.01) - NTFSX64
Run by Ian at 21:24:02.78 on Fri 01/22/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_14
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.4094.2123 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k n... Read more

A:Clicking on any kind of link automatically redirects me to random ads.

Please help

Read other 7 answers
RELEVANCY SCORE 86

Basically the title says it. I figured I must have some kind of malware or something because whenever i click on any link or anything like that, i get redirected to stupid ads and useless webpages.
Basically, when i click, the page changes and at first it loads the page, though nothing actually shows up, its just blank, then it will suddenly start loading the ad page. VERY annoying. Please help? I have access to a Windows Install CD.


DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 11:08:57.92 on Fri 01/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.466 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\LSI SoftM... Read more

A:Clicking on any kind of link automatically redirects me to random ad

Hello, and welcome to TSF.

My name is Gringo and I'll be glad to help you with your computer problems.The logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Somethings to remember while we are working together.
1.Please do not run any other tool untill instructed to do so!
2.Please reply to this thread, do not start another!
3.Please tell me about any problems that have occurred during the fix.
4.Please tell me of any other symptoms you may be having as these can help also.
5.Please try as much as possible not to run anything while executing a fix.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this cli... Read more

Read other 9 answers
RELEVANCY SCORE 85.6

Hi

Whenever i click links on any websites whether it be google, facebook or indeed anything i get directed to a completely random site usually advertising some sort of product. I have no idea what this and it only came up about a week ago.

On top of that, i keep seeing iexplore.exe on my windows task manager when internet explorer is not even running at all (i use firefox). Not sure what this is either.

Help would be appriciated, thanks!
 

A:Random links when clicking links

Read other 8 answers
RELEVANCY SCORE 85.2

Hi,When trying to click on google search links (in IE or FireFox) random pages have started opening. i have followed the instructions at http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ and have attached the ogs as requested. I also ran the ComboFix.exe & have also attached its logs. Thanks for your help,Vishal.DDS (Ver_09-06-26.01) - NTFSx86 Run by SmitaVishal at 18:42:40.67 on Sat 07/11/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1281 [GMT -7:00]AV: eTrust Antivirus *On-access scanning enabled* (Outdated) {33EA71EA-56CF-40B5-A06B-BD3A27397C33}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\CA\eTrust Antivirus\InoRpc.exeC:\Program Files\CA\eTrust Antivirus\InoRT.exeC:\Program Files\CA\eTrust Antivirus\InoTask.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\IT Connection Manager\SRUserService.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Live Mesh\Remote Deskto... Read more

A:Clicking on Google search links opening random pages.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 84

Noob so go easy but,
i have a dell inspiron 6000
using firefox, not sure but i think it is the most up to date version.
when i click on google links i get sent to random sites, with weird titles or sites that say that i have spyware/malware on my pc,
i have hjt but not sure how to use it
 

Read other answers
RELEVANCY SCORE 84

After search for specific topics on Google, I get the appropriate results but when clicking on the links for the search results, I get directed to various random sites like credit cards, refinance, search engines, etc. Seems like a virus.I have run Symantec, Adaware, Spybot, but no resolution.Running on Windows XP, internet explorer. Any help? Here is the recent Hijack This log:Logfile of HijackThis v1.99.1Scan saved at 9:11:08 PM, on 11/29/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Dell\NICC... Read more

A:Clicking On Google Search Result Links Takes Me Random Sites

Click here to download SmitfraudFix (by S!Ri). Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.Please do not run any other options until you are asked to do so.

Read other 4 answers
RELEVANCY SCORE 84

Malwarebytes' Anti-Malware 1.37
Database version: 2246
Windows 5.1.2600 Service Pack 3

6/8/2009 4:54:08 PM
mbam-log-2009-06-08 (16-54-02).txt

Scan type: Quick Scan
Objects scanned: 124096
Time elapsed: 18 minute(s), 18 second(s)

Memory Processes Infected: 6
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 6
Registry Data Items Infected: 1
Folders Infected: 14
Files Infected: 129

Memory Processes Infected:
C:\WINDOWS\pp10.exe (Worm.KoobFace) -> No action taken.
C:\WINDOWS\system32\SYSDLL.exe (Trojan.Proxy) -> No action taken.
C:\WINDOWS\system32\SYSDLL.exe (Trojan.Proxy) -> No action taken.
C:\WINDOWS\9129837.exe (Trojan.Dropper) -> No action taken.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.Marketscore) -> No action taken.
C:\WINDOWS\ld08.exe (Worm.Koobface) -> No action taken.

Memory Modules Infected:
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.Marketscore) -> No action taken.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mi... Read more

A:Browser redirects to other random websites when clicking on search engine results

then I can't connect to the internet. My browser says "Proxy server connection refused"
 

Read other 1 answers
RELEVANCY SCORE 83.6

Hello, recently i contracted a virus. It was the Bankerfox A and win nuqel.e virus where AV security suite keeps popping up and asking you to install it. I managed to get rid of that and get everything else working, however afterwords I have the problem of most google searches when I click on the links it redirects me to a random site. Also random ad tabs will pop up every now and then. One thing I noticed is that most of the redirects information symbol in the address bar looks like a 2. I have ran multiple searches with malwarebytes and microsoft security suite and they have come up with nothing.

A:Random Redirects on links from google search

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 83.6

I have Norton on and scan it several times, but this problem is still persist. I'm not sure what to do, and I feel like crying from frustration.
 

A:Google redirects links to random websites

Here is what I have from using Gmer. What should I do next?

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-25 01:46:09
Windows 6.0.6001 Service Pack 1
Running: gmer.exe
---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xA2 0x7D 0x45 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA3 0x32 0x3B 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf... Read more

Read other 2 answers
RELEVANCY SCORE 82.4

Greetings!

FF has been removed from computer
IE still has the redirecting errors: opens it own windows, redirects when links are clicked etc

Spybot Search and Destroy, Malwarebytes cannot find any files (ran both in regular and safe modes)(McAfee didn't find anything either)

Prep per guide has been completed (back-ups etc)
DeFogger ran

Attached are logs for DDS (X2) and GMER
RU42
DDS REPORT
DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 17:01:44.89 on Wed 11/24/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.145 [GMT -8:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\QuickTime\QTTask.e... Read more

A:Redirects from FF and IE links; tabs open to random sites

Hi ru42video,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.Please download TDSSKiller.exe and save it to your desktop.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.comDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install ... Read more

Read other 2 answers
RELEVANCY SCORE 81.6

Hello,I have been lurking bleepingcomputer as a non-member for a while now. I typically am able to find the instructions to fix almost any problem a computer (be it mine or a friends) has from your forum. Now it seems I am unable to find the solution to my specific problem, so I finally signed up as a member! My problem is similar to all these redirect virus issues I have been reading, but slightly different and not quite the same.Here's the problem:Randomly when I am browsing the internet, every now and again a site that I come across (typically while using StumbleUpon [Firefox Add-On]) will redirect to some completely random site. It doesn't appear to follow any pattern, and has redirected to various different websites. The websites I am redirected to are rarely the same website I was redirected to before, the only exception being theclickcheck.com and yellowpages.com, both of these websites I have been redirected to more than once. Additionally, even if I don't have a browser open a pop-up will appear in a new window. If a browser is open, the pop-up window error will occur more frequently it seems(in a separate window, not a separate tab). Also, I noticed each redirect or pop-up goes through google-analytics.com, so this may still be the google redirect virus, but I am unsure.I have had this issue for about a week now, and I have been unable to get the time to really find the problem. I wish to do online banking, bill paying, and the what not but fear that... Read more

A:Random redirects and occasional pop-up while browsing with Firefox (particularly when using Firefox Add-On StumbleUpon)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

Read other 3 answers
RELEVANCY SCORE 81.6

Hi, almost every time I click on a search result in Google I am redirected to a page on a similar topic to the page I linked to but never to the actual site. Sometimes this links to adult orientated sites which has caused me to stop my children using the Net. Can anyone help please?
 

A:Solved: Google redirects links to similar but random sites

Read other 15 answers
RELEVANCY SCORE 81.6

There has been several problems with my computer:Twice, Windows Virus Pro (or similar name) would pop up and say I have a virus, with fake computer warnings. The first time I tried to remove it, it resetted my computer. The 2nd time it worked fine and was removable, but still annoying to get.My computer resetted again, but this was when I was searching on Google. Almost 90% of the links I clicked on Google, it redirected me to a site with a weird blue icon next to it, then to an ad. While reading up on this, my computer resetted. I have not searched on Google since yesterday.Also, when I tried to run RootRepeal after a long time of waiting, my computer resetted. I have not been able to run RootRepeal. In total, today my computer resetted twice as I tried to remove the Google adware. I found the location of the program, but when I touched on the icon of it my computer resetted. I also been getting Pure Network error messages when I first start up the computer. Usually I'm able to remove it quite easily, but now it doesn't show up when I want to remove it. I also get several errores before I open my computer, but I don't remember the errors right now until I reset once again.Here is the DDS:DDS (Ver_09-07-30.01) - NTFSx86 Run by HP_Administrator at 11:17:44.04 on 2009-08-23Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.166 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) ... Read more

A:Google Links redirects to Adware, Random Computer Resets

An Update:

I now get errors when I try to open my eternal that says "ljnhwt.bat has encountered a problem and needs to close", Malware. I hope I get help soon, as my computer is getting worse and worse.

Read other 4 answers
RELEVANCY SCORE 81.6

Hi, this is my first time posting. Ive noticed many other people have also had this same problem, and have looked at their specific posts. Still, i decided that i needed help on my own. Internet explorer opens random links and my search engine redirects me to different sites. I have several diffrent virus removal tools, but i havnt used them yet because i dont want to mess anything up. Please help me....

Read other answers
RELEVANCY SCORE 81.6

Hello, for over a month now I have been getting random redirects to various sites (like casino sites, cash sites, advertisement sites, etc) when clicking any link - and it happens completely at random. Also, for the longest time I would have a cell phone shaped ad recommending products that were related to the site I was on (for example, if I was on Amazon, it would recommend where I can buy DVDs) I have never clicked a recommendation in the ad, so I am not sure where it would have taken me. I could click the 'x' that the ad had in the right hand corner, however this would only minimize it to a rectangular box that said "Recommended for you".
I was using the latest version of Firefox, and I thought the problem was with Firefox so I uninstalled it and began using IE 9. I have Windows 7 64 bit OS. I continue to have this ad in the bottom right hand corner even with IE9. The ad has now changed over (about a couple days ago) to a large square box that advertises for an online poker site or "who will you marry, so accurate it's scary!" I still get random redirects daily. The ad does not pop up on every site I visit, but it does appear 90% of the time. I cannot recall what I did to infect my computer with this as I do not illegally download files (not even music), and only programs that I know are from trusted sites and my antivirus program scans it. So I am not sure how I got this. I do know that BitDefender finds it, and I choose to remove it, ... Read more

A:Infected with Cell Phone shaped ad and random redirects on links

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

Read other 14 answers
RELEVANCY SCORE 80.8

with MBAM currently installed, i wonder if it is interfering with SystemShield... I see in the DDS.txt log that SystemShield is disabled, but i can "see" that it is running.

when this is all over with, as much as i have enjoyed using Iolo system mechanic (utilities) and thus bought Systemshield to go with it... maybe you can make a recommendation for preferred/better virus protection SW... Is SystemShield not as good as i was lead to believe? Maybe It didn't matter, and any AV would have had this issue(?)

ok, talk to you soon...

A:Random Firefox redirects

fwiw.. i just got a redirect when i was trying to navigate to change my notification options on your site... took me to this address:

http://click.get-answers-fast.com/ads-clicktrack/click/jump2.do?affiliate=46831&subid=7_f8&terms=bleepingcomputer.com%20user%20cp

Read other 19 answers
RELEVANCY SCORE 80.8

occasionally, clicking a link in Firefox browser initiates a redirect... usually a page of links, or a yellowpages-type of site.

in a separate, but related thread, boopme asked me to run Fixtdss and aswmbr then MBAM and post the logs in a new topic thread....

brb with logs

A:Random Firefox Redirects

fixTDSSno infectionsaswmbr log:aswMBR version 0.9.9.1532 Copyright© 2011 AVAST SoftwareRun date: 2012-03-06 21:13:34-----------------------------21:13:34.355 OS Version: Windows x64 6.0.6002 Service Pack 221:13:34.355 Number of processors: 2 586 0x170621:13:34.356 ComputerName: OFFICE-PC UserName: Jim21:13:35.068 Initialize success21:16:28.653 AVAST engine defs: 1203060021:17:35.084 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-021:17:35.085 Disk 0 Vendor: WDC_WD6400AAKS-75A7B0 01.03B01 Size: 610480MB BusType: 321:17:35.106 Disk 0 MBR read successfully21:17:35.107 Disk 0 MBR scan21:17:35.124 Disk 0 Windows VISTA default MBR code21:17:35.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 126500 MB offset 204821:17:35.158 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 483977 MB offset 25907404821:17:35.161 Service scanning21:17:35.850 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 3221:17:36.386 Modules scanning21:17:36.388 Disk 0 trace - called modules:21:17:36.392 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80077f32c0]<<spnl.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 21:17:36.394 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008b05790]21:17:36.397 3 CLASSPNP.SYS[fffffa6000fccc33] -> nt!IofCallDriver -> [0xfffffa80079ed9b0]21:17:36.39... Read more

Read other 9 answers
RELEVANCY SCORE 80.8

Don't know where I picked up a bug, but it randomly redirects every 25th click or so to sites like PCKeeper and feedbackexplorer. FWIW, I just switched to Windows 10 last week and the problems started a few days ago.  Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015Ran by Jerome (administrator) on HAL (07-12-2015 05:48:04)Running from C:\Users\Jerome\DownloadsLoaded Profiles: Jerome (Available Profiles: Jerome)Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe() C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(Qualcomm Atheros... Read more

A:Random Redirects in Firefox

Greetings DocWhoops and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter probl... Read more

Read other 12 answers
RELEVANCY SCORE 80.8

I have a similar problem to http://www.bleepingcomputer.com/forums/t/271417/google-redirect-both-ie-and-firefox/When I search in Google and click on a link in the organic search section I occasionally get redirected to another site. At first, I was being redirected to various Clickbank products. I did some research and found it was always a hoplink with a certain affiliate code. I alerted Clickbank and they have closed that account. But I'm still getting redirected, it just goes to an error page from Clickbank stating that the account has been closed or disabled. I also get redirected to Amazon. I'm assuming that it's probably the same guy. The redirects happen randomly (not every time). I use Firefox 3.5.5. I'm also using TrendMicro Internet Security Pro 17.1.1250 with the latest updates.I've run full scans with both TM and MalwareBytes, but neither find any problems. I don't see anything that pops out in my HighJackThis Log.Usually, I can find and remove these things on my own, but this is over my head. I'm stumped. I've seen other posts with similar problems that point to it being a rootkit and that's a little beyond my level of expertise.Please help. Thanksrbr451

Read other answers
RELEVANCY SCORE 80.8

Okay so i think i have the MOTHER of all viruses!!! It started about a month ago when i use to click on a link it would open up a new window to random websites and the only way i could get to any websites would be to click cached. THEN it started opening up new windows whenever i clicked on a link (i always forgot to click cached) and start scanning my computer (i'm guessing now that it wasn't really scanning) and kept saying it detected trojan viruses. THEN now my computer won't even open ANY new windows it won't do anything when i click on a link and it'll only let me go to yahoo, or google in the address bar. I have my log from hijack this...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:45 PM, on 2/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\hpq\H... Read more

Read other answers
RELEVANCY SCORE 80

Ok, this is really getting annoying now!
I'm currently in the process of repairing my computer after a massive virus attack. Whenever I'm on a website on firefox, I'll click on a link (e.g. to another video on YouTube or to a friend's profile on Facebook) and for some reason, rather than loading the page I want, another tab opens up and a completely different website loads up. The website it loads up seems to change depanding on what I click on. Sometimes it's a random video site, sometimes it's a random search engine, and once I got linked to a page trying to download an ActiveX update. This might be a virus messing with my browser but I'm not sure. I'm scanning my computer with Malwarebytes at the moment. I'll post the log once it's finished. I'd be grateful for any ideas as to what's going on.

A:Random links while browsing on firefox

malwarebytes will likely take care of this....

Read other 10 answers
RELEVANCY SCORE 80

Hi all,

Firefox opens random links when clicking on a regular link at any web page. This does not happen always but just from time to time.
Those random links may point anywhere although many times they jump to porn related websites which is very unconvinient as I share the laptop with all the family including childs.

Got Windows Vista updated with latest patches.
Avast! antivirus (free version) and malwarebytes, both updated to latest version, reports the system is clean.

Here's the dds.txt file:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by Chus at 17:10:37 on 2013-01-09
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\... Read more

A:firefox opens random links

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 19 answers
RELEVANCY SCORE 80

Hi Guys,

Chrome and Firefox over the past few days has been giving random links to ads. Its not like pop-up. In a normal webpage, There is just a random link on a random word and when I click on it, it opens an ad. My OS is windows 7 home basic 32 Bit. The problem is not Occurring in IE8 or opera.
So I am not sure whether its a Malware/Adware or just a change to my browser settings.

I ran a check with Malware bytes,Microsoft security essentials,super Anti spyware. No detection.

Kindly advise me. Thanks in advance.

P.S: I am not sure how to upload the screenshot, if you can advise me I can do that as well.
Cheers,
Jagan

A:Chrome and Firefox - Random Links to ads

I guess I have found the solution, just minutes after submitting the post.

It seems that it is a "click to continue- text to enhance" bot crawl. I am trying to remove it now.

Will update once it is cleared.

Read other 1 answers
RELEVANCY SCORE 80

Hi First time posting. So I don't know if this is the correct part of the forum to submit to so if its not, just let me know where to submit  it to  My problem is that I use Firefox (main browser Win 7) to browse and every so often it will redirect my websites to adware. For example when I "middle click" on a site at Google or Reddit, it usually opens a new tab but sometimes it opens this completely other site which im guessing is malware, I use Adblock Plus so not every malware site redirects to it, a lot of the time it is just a blank page with an obvisouly incorrect URL. I used to be able to browse just fine, but now it seems every so often that it wants to redirect me to this other site. MSE always pops up telling me it wants to send a ".tmp" file to Microsoft because it doesn't know what it is. But whenever I use MSE or Malware Bytes (even on the full trial version, or rootkit scan) it never picks up anything when it has been scanned. I have scanned it normally and on Windows safe mode. If anyone could help it would be much appreciated. Thanks.

A:Firefox redirects random websites

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create M... Read more

Read other 1 answers
RELEVANCY SCORE 80

Although I consider myself fairly astute at resolving computer issues, this one has gotten the best of me. When I do a Google search using Firefox 3.0.6, i get randomly redirected to non-related sites when i select a google provided link. Sometimes clicking on the link is successful; othertimes i'm redirecting to anything but what I was looking for.I've run (in safe mode) Malwarebytes anti-malware, Super AntiSpyware Free Edition, Spy-bot 1.6, AdAware, as well as McAfee. I've been "successful" in removing a few trojans (vundo), but nothing has helped the redirect problem.My HiJack log is:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:18:50 PM, on 2/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Lo... Read more

A:Random redirects when using Firefox (HijacK)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 79.2

Hi,

I am new to this site so please bear with me until I find my way around. I have a recurring problem whenever I get results from Google, Yahoo etc and click on one of the links, I get taken to a completely random site. If I RT click and use open in new tab, after about the fouth atempt it will take me to the site that the link is displaying. The other tabs are mainly other search engines like "Britannia search" or "MyComputerSpywareRemover" or just a "404 Error" page.
I have run every type of virus scanner and malware scanner that I can find but it is still happening. Programs I have used are:

AVG version 8.5.423
Advanced System Care Pro version 3.3.4
IOBit Security 360 updated daily
Max Spyware Detector Registered & updated
Windows Defender
Dr Web Cureit
CWShredder.exe
MalwareBytes version 1.41.

These are just a few of the things I have tried.

On a daily basis the Max Spyware detector seems to find something onle for it to reappear the next time i run the program. The only thing that seems to have found the cause but not the solution is "MalwareBytes 1.41" It says it has found 2 x "HijackWindowsUpates" and it has deleted them (log below)

Malwarebytes' Anti-Malware 1.41
Database version: 3038
Windows 5.1.2600 Service Pack 3

27/10/2009 11:47:04
mbam-log-2009-10-27 (11-47-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 217582
Time elapsed: 1 hour(s), 59 minute(s), 32 second(s)

Memory Processes Infecte... Read more

A:search links take me to random sites using XP & Firefox

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 26 answers
RELEVANCY SCORE 79.2

Hi, I am running my laptop with Windows 7 and I have a virus that I am unable to get rid of. My laptop will stream audio at random for 15 seconds to a minute. I have tried using MalwareByte's Anti-Malware and some other antivirus programs, but have been unable to stop random audio starting on this laptop. I am also unable to install any Window Updates and google and yahoo redirects me to another site anytime I go to click on a link from a search. I do not know what else to try or what to do. Any help is greatly appreciated.DDS LOG: .DDS (Ver_2011-06-01.06) - NTFSx86 Internet Explorer: 8.0.7600.16385Run by JEN at 20:33:46 on 2011-06-01Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1504 [GMT -5:00].AV: avast! Antivirus *Disabled/Updated* {20B878C2-E6E2-4EFF-ADB5-C3E74BCBA535}77SP: avast! Antivirus *Disabled/Updated* {20B878C2-E6E2-4EFF-ADB5-C3E74BCBA535}66SP: Windows Defender *Enabled/Updated* {20B878C2-E6E2-4EFF-ADB5-C3E74BCBA535}55.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalSe... Read more

A:audio plays at random, won't install windows updates, and redirects google search links;

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

Read other 81 answers
RELEVANCY SCORE 79.2

A few days ago, I started to get browser redirects in both IE and Firefox - it seems random in Firefox; in IE, it's about every second or third link that redirects in a Google search. I'm also getting random popups from both IE and Firefox. I have ran Malwarebytes, Adaware, Trend Micro's Housecall, Spybot, SuperAntispyware. I had upgraded Adaware to their paid service, and it found trojans, but did not take care of the popup and redirect problems. Now, nothing is being found by any of the anti-malware, but I'm still having the same issues. I'm having issues getting into Adaware to give details on the trojans. Additionally, I downloaded CA Anti-Virus Plus Anti-Spyware 2010, but the install failed and now I can't get rid of it off of my computer. I am hoping I'm doing this right, here is my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:38:38 AM, on 4/11/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program File... Read more

A:Browser redirects in both IE and Firefox - random pops also

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%appdata%\*.exe%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exenetsvcsmsconfig/md5startproquota.exesfcfiles.dlleventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dllbeep.sysiaStor.sysnvstor.sysatapi.sysnvatabus.sysviamraid.sysnvata.sysiastorv.sys/md5stopCREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

Read other 35 answers
RELEVANCY SCORE 79.2

Well, like the title says, Firefox keeps redirecting me to random sites. For instance I clicked on a wikipedia link and got sent to Travelocity.com. This just started happening earlier today, out of nowhere, and it's only Firefox that does this. The last things I remember downloading are Artweaver, Torsion, Notepad++, and Torsion, but that was all maybe over a week ago. I've used Malwarebytes' Anti-Malware and deleted four infected files. I've researched a few other threads but I'm still not exactly sure what I need to do. Can somebody please give me some direction? I'm using Windows XP by the way.
 

A:Mozilla Firefox Redirects to Random Sites

Read other 16 answers
RELEVANCY SCORE 79.2

Was having random browser redirects and popups in Firefox
AVG & Malwarebytes found nothing.
Ran some misc fixes based on forum entries.
Computer seems better but would like confirmation that there is nothing lurking.
Ran scans based on "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help"
DeFogger
DDS
GMER

Can you review the attached scans, and let me know if any further action
is required.

Thanks

A:Random browser redirects and popups in Firefox

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 79.2

For the past 3 days, this computer has had several problems with getting on the internet. I was able to solve some of the problems preventing Firefox from being opened, but two issues still remain.1) While using Firefox, and I am unable to use anything related to google.comGoing to google.com returns a white page with "404 Not Found" in large text, and "nginx" in smaller text below that.2) I randomly get redirected to advertising websites while viewing some of my favored sites.For an example of 2:
Spoiler
Earlier I was viewing Blizzard's Blue posts at http://blue.mmo-champion.com/1st: Went to http://blue.mmo-champion.com/2nd: I click a topic of interest, went to http://blue.mmo-champion.com/topic/191513/negative-ghostrider-the-pattern-is-fullThis next part is where I get redirected3rd: I click one of the buttons, the Blizz button with the arrow, which normally is supposed to take me to the source or the post itself.I'm supposed to go here: http://us.battle.net/wow/en/forum/topic/3048064944?page=19#371But instead, this shows up in my browsing history:http://allglobesales.com/aff?aff=http%3A%2F%2Fbridge2.admarketplace.net%2Fct%3Fversion%3D7.0.0%26key%3D62256396176.3275365%26ci%3D1313772378950.10158&i=HctLDoQgDADQdW_RC0iQj5Xj1AIOyQgTMOH6mtm-5JFTwSnjVmU2ME6DVtpY8kCwARkbJW-aD-Gd6BBKa7C7DzH4KDaDBLiutsiHr19pFRecrX8jtoyTu3TON9Y0B3KN2LnEUk8cd-c7nSUNfPOfx_vmAw~~http://bridge2.admarketplace.net/ct?version=7.0.0&key=62256396176.3275365&ci=131377... Read more

A:404 nginx google/firefox - random redirects

Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Read other 20 answers
RELEVANCY SCORE 79.2

Recently purchased new laptop this thing has had next to none internet exposure however its seems i've still managed to pick somthing up....

Simply put everytime i open a new search in firefox i'm redirected to sites i've not searched for an example of would be searched facebook clicked on the link and found myself at ebay.. I have installed mcafee security center run a full scan and found nothing i have noticed there is another thread on the forum with the exact same problem so it nice to know i'm not the only person in this boat....

DDS (Ver_09-05-14.01) - NTFSx86
Run by Tim at 23:46:12.16 on 28/05/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.44.1033.18.894.200 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C: ... Read more

A:Browser (firefox) Redirects to random sites.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 79.2

Hi, as the topic says my problem is random redirects and Firefox isn't saving browsing history for more than a day, and that has nothing to do with settings.
The only redirect address I've noticed and remember is server2.mediajmp.com, but there have been others.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:59 AM, on 6/23/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Steam\steam.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Lovick\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aqworlds.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&... Read more

A:Random Redirects and Firefox not saving history

Read other 7 answers
RELEVANCY SCORE 78.4

Running Windows 7 professional 64 bit. Google search links redirect to random sites on clicking. Thank you for your help! I tried running some programs named in earlier forums before reading what to do for help.
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Sreedhar Bharath at 19:59:41 on 2011-07-07
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.7920.6232 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe
C:\Program Files (x86)\Infineon\Security Platform Software\ifx... Read more

A:Google links redirect to random sites in Firefox

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Fir... Read more

Read other 16 answers