Over 1 million tech questions and answers.

Firefox Google searches hijacked (windows 7, Firefox 3.6.10)

Q: Firefox Google searches hijacked (windows 7, Firefox 3.6.10)

I'm hoping someone can help me diagnose and fix this problem. Everything else on the computer seems to work ok, but when I do a google search on Firefox and click a link from there, it redirects me to somewhere else, and the response slows down drastically. This doesn't seem to happen on Google Chrome.Below is the result of running HijackThis. I'd greatly appreciate any help. Thanks in advance.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:23:56 AM, on 10/8/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Classic Shell\ClassicStartMenu.exeC:\Program Files\VMware\VMware Player\hqtray.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\system32\taskhost.exeC:\Program Files\Mozilla Thunderbird\thunderbird.exeC:\Users\Sridhar\AppData\Local\Google\Chrome\Application\chrome.exeC:\tools\emacs-21.3\bin\emacs.exeC:\Windows\system32\conhost.exeC:\cygwin\bin\bash.exeC:\Windows\system32\conhost.exeC:\Users\Sridhar\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Users\Sridhar\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Sridhar\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Sridhar\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Sridhar\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Sridhar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exeC:\Users\Sridhar\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Sridhar\AppData\Local\Google\Chrome\Application\chrome.exeC:\tools\bin\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dllO4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -sO4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe"O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKCU\..\Run: [Google Update] "C:\Users\Sridhar\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office10\EXCEL.EXE/3000O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dllO9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dllO10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{BBA2F019-5BAE-4D4C-B883-DF1486F65D0F}: NameServer = 206.13.31.12,206.13.28.12O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exeO23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BPowMon\BPowMon.exeO23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXEO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exeO23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exeO23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exeO23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe--End of file - 7913 bytes

RELEVANCY SCORE 200
Preferred Solution: Firefox Google searches hijacked (windows 7, Firefox 3.6.10)

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Firefox Google searches hijacked (windows 7, Firefox 3.6.10)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:Download DDS and save it to your desktopLink1Link2Link3Please disable any anti-malware program that will block scripts from running before running DDS.Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear: DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"information and logs:In your next post I need the following1.logs from DDS2.log from RKUnHooker3.let me know of any problems you may have hadGringo

Read other 17 answers
RELEVANCY SCORE 104.4

The firefox/google hijack is the last remaining 'problem' I have as evidenced by normal computer use.I have also shut off a number of startup processes that I did not recognize or could determine from google searches (on another machine), that were most likely malware. I would prefer to have them gone from my system rather than just 'off'.The first noticeable problem I had came from Antispywaresoft. I think I have gotten that off my system, as my machine is largely back under my control, but it could still be hiding I suppose.I am running Windows XP.I have run the following antispy/mal ware programs:Malware BytesSUPERAntiSpywareESET NOD32Spybot S&DThese were able to pick up a number of problems on my computer, but more remain.I have prepared myself as directed in your guide.The GMER log program did run, but it annihilated my computer. I couldn't check if it was just hogging process share because task manager wouldn't even open. I left it overnight to run and it did finally finish. Every click at the end of the process to get the log to save had about a 20 minute lag. Once it was saved I had to do a hard reset to get my computer back. (not complaining, thank you for the service, but the guide recommended i communicate problems with the process, and this definitely seemed like a problem).Additionally, the resulting GMER log (ark.txt), is 2MB and as such cannot be attached here.Thank you for your help, I look forward to your response.My DDS log is as ... Read more

A:Firefox/google searches hijacked.

Hello studiodweller,Could you please look at the GMER report and copy and paste the Kernel Code Sections part? That's the part I'm most interested in from that log. Just so you know, it tends to crash some infected computers, so that isn't really unusual. Also if you still have it, the MBAM report from the last time you ran it. Anything else you'd like to add about behavior is welcome, and we'll go from there. Thanks,tea

Read other 17 answers
RELEVANCY SCORE 104.4

I have been having a problem for about 3 weeks now. My Google searches in Firefox are being redirected to some sort of ad sites. I have run scans with my AVG, Spybot Search and Destroy, AdAware, Malwarebytes Anti-Malware and SUPERAntiSpyware and I have removed any and all found infections. That was when it started, 3 weeks ago. My scans now come back with nothing and the infection is still there. I am currently running the Kaspersky Online Scanner and I will post whatever it finds when it is finished. It is currently at 23% after 2.5 hour of scanning, so there is quite a while left. Here is my HijackThis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:49:26 PM, on 4/26/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Documents and Settings\HP_Owner\My Documents\mywebs\xampp\apache\bin\apache.exeC:\Program... Read more

A:Google Searches Hijacked in Firefox

Hi elockram,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.Please close the topic at GeeksToGo forum.

Please post the Kaspersky scan log when finished.

Download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

Please download http://OTListIt2 by OldTimer.Save it to your desktop.Double click on the OTListIt2 icon on your desktop.Select the "Scan All Users" checkbox.Click Run Scan button.Two reports will open, copy and paste them to your reply:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimized[/list]

Read other 7 answers
RELEVANCY SCORE 104.4

I'm on Windows XP.

When I do a google search in IE or Firefox, then click on the search results, it gets redirected to a random site about 60-70% of the time.

I've run Malwarebytes, Avira AntiVir Personal, and Combofix but none of them have fixed the problem.

I went through the preparation guide and did everything it said. I'm attaching the two logs it said to attach.

Someone else on another forum on this site said I should post the Combofix log here too so I'm going to do that as well.

Thanks in advance for any help you can provide.

A:Hijacked Google Searches in Firefox and IE

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 16 answers
RELEVANCY SCORE 104.4

Hi, I have been trying to remove this google search hijacking for a while. I have tried tdss killer, but it does not do it.I have also tried the latest version of malware bytes, dident find anything. Heres my logs:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Someone at 1:44:47.97 on Sun 04/17/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.351 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\GM SPO\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
C:\Program Files\GM... Read more

A:firefox google searches hijacked

FIXED! Sorry about that, I just realized I dident have the latest TDSSKiller installed. It was a Backdoor.Win32.Sinowal.knf on 2 of my hard drives. Removed and we seem to problem free.

EDIT!: Ok, its came back again. Scanned with TDSS and did not find anything but the search redirect it back. FAIL.

Read other 15 answers
RELEVANCY SCORE 103.6

Hi, When I search (using either IE or Firefox) at google or yahoo, my searches getredirected to 7.7.7.1 and then I get a bunch of unrelated ads returned to my browserwindow.I followed the Goored post on this forum, and downloaded goored.exe and combofix.exe.I've run both programs and a goored.log file and a combofix.log which I can post hereif someone knowledgeable is watching the forums today.GooredLog.txt:GooredFix v1.83 by jpshortstuff
Log created at 15:40 on 25/01/2009 running Option #2 (Andrea Derby)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"ComboFix.txt:ComboFix 09-01-21.04 - Andrea Derby 2009-01-25 15:45:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.83 [GMT -5:00]
Running from: d:\downloads\ComboFix.exe
* Created a new restore point
.

((((... Read more

A:IE/Firefox google/yahoo searches hijacked

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 103.6

Whenever I try to browse to the search results whenever using Yahoo or Google, I get arbitrarily re-routed to random websites. Any & all help would be GREATLY appreciated!
DDS (Ver_09-03-16.01) - NTFSx86
Run by Angel at 17:41:51.20 on Thu 05/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1881 [GMT -6:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\IoCtlSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Progr... Read more

A:Firefox Yahoo/Google Searches Hijacked?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 103.6

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

A:hijacked Firefox, google searches redirect

I have discovered that my dlink dir-655 had the DNS settings hacked. DHCP from ISP was getting russian IP's.

Primary DNS Server : 213.109.66.22
Secondary DNS Server : 213.109.75.217

I hard reset it to correct and set non default password.


Below you will see.

c:\users\tv\AppData\Local\Temp\bluecove_tv_0\intelbth.dll

That I assume is the problem. I checked and this WAS NOT deleted or has regenerated.

ComboFix 11-08-03.02 - tv 08/03/2011 8:26.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1055 [GMT -4:00]
Running from: c:\users\tv\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\tv\AppData\Local\Temp\bluecove_tv_0\intelbth.dll
c:\users\tv\AppData\Roaming\Local
c:\windows\7Loader.TAG
.
.
((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-08-03 12:38 . 2011-08-03 12:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-03 05:32 . 2011-08-03 05:32 -------- d----... Read more

Read other 6 answers
RELEVANCY SCORE 103.6

Hi,I have a Windows XP SP3 machine, and recently Google searches in IE and Firefox seem to be hijacked. When I search for a topic, I get search results that kind-of look like Google search results, but all of the hyperlinks have been changed to some other adware-like sites. For example, when I search for "fios speed", the first entry I get looks like this:Verizon | FiOS Internet (High-Speed Fiber-Optic Broadband Internet)Looking for an alternative to DSL high-speed Internet and cable? Experience the broadband power of FiOS Internet from our 100% fiber-optic network.www.bestwebchoices.com - 55k - Cached - Similar pagesThe same search from Safari and other uninfected computers turn up this:Verizon | FiOS Internet (High-Speed Fiber-Optic Broadband Internet)Looking for an alternative to DSL high-speed Internet and cable? Experience the broadband power of FiOS Internet from our 100% fiber-optic network.www22.verizon.com/Residential/Fiosinternet/ - 55k - Cached - Similar pagesNotice that the "www22.verizon.com/Residential/Fiosinternet/" was changed to "www.bestwebchoices.com" on the infected computer.There seem to be other forum posts that describe a similar problem, and I've tried running Malwarebytes - Anti-Malware. It found the following problems:Malwarebytes' Anti-Malware 1.31Database version: 1546Windows 5.1.2600 Service Pack 312/25/2008 9:52:49 PMmbam-log-2008-12-25 (21-52-49).txtScan type: Quick ScanObjects scanned: 72000Time elapsed: 12 minute(... Read more

A:Google searches hijacked in IE and Firefox, but not Safari

I have more information, which I hope will with the diagnosis of the problem.

1) I think the infection might be Vundo/Virtumonde or a variant. Before I ran the Malwarebytes scan, the infected machine exhibited many of the same kinds of problems I've seen attributed to Vundo. MBAM seemed to clean out most of the problems, but the hijacked search results persist. I'm still not sure that Vundo was/is the problem.

2) If I use the Advanced Search Google page to perform my search, I get the correct search results! It's as if the virus/malware doesn't know how to hijack Google's Advanced Search results. Other modes of Google search, such as Google searching in the browser's toolbar or using the form in "www.google.com" is hijacked.

3) I updated my infected machine from IE6 to IE7. It was a shot in the dark. It didn't help.

Read other 5 answers
RELEVANCY SCORE 102.4

Everytime I do a search in Firefox using the Google homepage the result page ends up being hijacked to an HP search result. If I backspace one page my proper search shows up. I've been in the IT world for a long time and I have to say that this is a totally new one on me. I watch the address bar when I try the search and at first the proper one shows but is quickly changed to http://www.google.ca/search?q=hp. When I backspace it will change to this http://www.google.ca/#hl=en&source=hp&q=test&aq=f&fp=1&cad=b. Interestingly enough it inserts that source=hp part. If I do a search from the result page the search behaves properly.Here is the DDS log:DDS (Ver_09-07-30.01) - NTFSx86 Run by Admin at 21:32:54.34 on Thu 08/20/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_06Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.274 [GMT -6:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS�... Read more

A:Firefox Google searches Hijacked DDS Rootappeal LOGS

I'm pretty sure that I posted the right stuff. Is there something else I need to do to get help with this issue? Thanks in advance for any help.Hello sparhawk77,While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?We ask that once you have posted y... Read more

Read other 3 answers
RELEVANCY SCORE 101.2

My OS is Windows XP SP3. I have ZoneAlarm Anti-virus.In order to deal with this problem I have used Malwarebytes - no luck. (However, I have had a separate trojan which ran from my temp files today (seseextivj.exe, called Trojan-Dropper.Win32.Agent.asii by ZoneAlarm Anti-virus) which Malwarebytes seems to have dealt with). Both of these programs are updating normally - I have read of people having my problem and not being able to update or run security programs.I am preventing anymore trojan downloads by running the noscript extension in Firefox, which means that redirected google searches do not load up unpleasant websites. I have replaced Adobe Acrobat with FoxIt reader, and turned off javascript in FoxIt.Please note that this has happened for other forum users:<hxxp://www.google.co.uk/search?hl=en&tbo=1&tbs=qdr:w&q=+site:www.bleepingcomputer.com+overclick>Thanks for any help you can give,TomDDS Log:DDS (Ver_09-05-14.01) - NTFSx86Run by John at 21:07:04.51 on 08/06/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.102 [GMT 1:00]AV: ZoneAlarm Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\... Read more

A:Google searches in Firefox 3.0.10 and IE 8.0.6001 hijacked/redirected through overclick.cn

I am receiving help elsewhere. Apologies for posting on two sites, I became desperate in case the situation got worse (I've read of others who had a google redirect problem who also were stopped from using anti-malware software). I have since read the rules that this is forbidden, so I won't do it again.

Read other 2 answers
RELEVANCY SCORE 91.2

Hi all. I've tried to follow the directions to the letter, but please do let me know if I've done something wrong or omitted a step. Your assistance, to put it lightly, is appreciated.

I'm running an almost brand-new Dell Inspiron 580S, using Windows 7 Premium, service pack 1 installed.

In the course of browsing, I managed to pick up some sort of virus or malware. When I go to google.com and search for just about anything ("public schools") the results come up like normal, but I get redirected to any number of sites. Oddly, this doesn't seem to happen when I use Internet Explorer. I would much prefer to return to Firefox, though.

I've run AVG and Spybot Search and Destroy. While those found and corrected a few issues, the redirection continues.

Please let me know how I can help you help me!

DDS.txt:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Jarett at 17:53:35 on 2011-07-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3895.2535 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\... Read more

A:Windows 7, Firefox Google searches redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 8 answers
RELEVANCY SCORE 88

This seems to be a rather common problem on the net.

Typing a random word in my address bar for a search brings me to some Google-clone site called iamwired.net, which, after some looking around, appears to be something only a malware-infected browser would do.

If anyone can help me out with this problem it would be greatly appreciated. Thanks in advance.

Below is the log from a Malwarebytes quick scan. It doesn't seem to have found anything unusual.
Code:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6957

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/7/2011 12:39:00 PM
mbam-log-2011-07-02 (12-39-00).txt

Scan type: Quick scan
Objects scanned: 181284
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

A:Hijacked searches (Firefox)

Read other 14 answers
RELEVANCY SCORE 88

Windows XP service pack 2. Computers homepage is set to www.google.com and when I do a search in the google search bar it brings up a list of found results just fine, but when I click on one of the result links about 9 times out of 10 it will try to go to some other website (blocked by noscript when using firefox). The 1 time out of 10 that I am allowed to actually get to the actual site I clicked on, quite often the page only loads about halfway before timing out. Also, online games time out when attempts are made to log on to them.

Please let me know what to do, and thanks in advance for your time! =)

(edit: some spelling mistakes.)

Read other answers
RELEVANCY SCORE 88

Hi -- Since yesterday, I have been having some issues while online, and I know I have some kind of trojan or virus, but nothing is really picking it up and dealing with it. I use Firefox almost all the time, but still have IE on my computer; I opened it yesterday to try to go to Facebook, because the site wasn't loading on Firefox all of the sudden, and I didn't know if it was a Facebook problem or a Firefox problem. After I did that, and closed IE, these things have been happening:

-- I started getting IE pop-ups, even in Firefox, as well as Firefox pop-ups, which I rarely ever have had before (I have their pop-up blocker enabled). I uninstalled IE, but I'm still getting Firefox pop-ups.
-- My searches in Google are being hijacked -- I search for something, and the results come up, but when I click on a link, it will take me to some other site -- this doesn't happen all the time, but often
-- still can't load Facebook, or it loads very slowly (I know this may be a different issue)

I ran an AVG scan, and it didn't find anything. I have Easy Cleaner, and checked it to see what start-ups are listed; there are 2 which I'm pretty sure are Trojans or whatever:
- CPM0bbe5e91 - c:\windows\system32\maligoha.dll
- tuhuzusadu - c:\windows\system32\hinazapo.dll
If I delete these start-ups, they always reappear when I restart the computer. I don't see either of the files in the system32 folder.

I ran Hijack This, and I do see these in the log ... Read more

A:Firefox pop-ups/searches hijacked

Downloaded and ran Anti-Malware, and it found the trojans. Ran Hijack This again and log was clean, except for one entry, which I deleted. Pop-ups have stopped, Facebook loads, no Google search re-directs.
 

Read other 1 answers
RELEVANCY SCORE 88

I've been having my Google searches hijacked in both Firefox and IE, and all the standard spyware removal steps I've taken (including Spyware Doctor and MalwareBites scans) haven't helped. Hijack destinations include areaconnect.com, freemoneyservices.com, newcastleoperahouse.com, greenpresidents.com, and others.Below please find my DDS and GMER logs. Thanks in advance for anything you can do to help.DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 20:05:28.50 on Wed 03/24/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.283 [GMT -4:00]AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\WINDO... Read more

A:Searches hijacked in Firefox and IE

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 16 answers
RELEVANCY SCORE 88

Urgh. I thought I took care of this a month or so ago - but it's back again.My Firefox searches are currently getting hijacked by something and sending me to pages.us.com - which gives me "results" that I can click on, then they get paid for it.I can't find jack about this when Googling, so I've come here with my HJT log to see if somebody can lend a hand.I've pasted it below.I appreciate any help you can give!QUOTELogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:03:04 PM, on 4/20/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exec:\program files\idt\wdm\STacSV.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exeC:\Program Files\TVersity... Read more

A:Firefox Searches Hijacked!

hi,Please download DDS, followed by Malwarebytes. Link and directions:Please download DDS and save it to your desktop.Double click dds.scr to run the tool. When done, DDS.txt will open. Save both reports to your desktop. Please Copy/paste both logs in your reply.MBAM:Please download Malwarebytes to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform FULL SCAN, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click *Remove Selected.**A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txtPost the log in your reply.

Read other 1 answers
RELEVANCY SCORE 87.2

Hi. I've picked up a very nasty trojan that redirects many of my Google searches to ad pages. Sometimes when I type a web address into the address field, I get a message at the bottom left of the screen saying that Firefox is waiting for google-analytics.com. It waits forever, and nothing happens. I've been running STOPzilla daily for three weeks, and it always finds Trojan.Vilsel.JGM or Clicker.CD or GASF. I remove them, but they come right back. How can I get rid of all this? I'm unable to use Firefox at all. Internet Explorer is also affected, but less so. Thanks very much for your help.

A:Searches and web addresses hijacked in Firefox

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Read other 2 answers
RELEVANCY SCORE 87.2

I obtain proper search results when using a search engine, but most time when clicking on a result, I get taken to a different website. I have run Avira and Malwarebytes, but no detection. I suspect it is registered as a service, but not sure. Any assistance would be appreciated.
-------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:37:18 AM, on 2/27/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\dla\tf... Read more

A:Hijacked searches - Firefox Browser

I was able to clear it after reading the other posts. Thanks for the good information posted here.

Read other 2 answers
RELEVANCY SCORE 87.2

I'm having a problem that I've seen other people on this forum have. My web searches are redirecting me to pages that I don't want to go to, and firefox is locking up after only a few minutes of use every time I use it. It's so bad that I had to restart in safe mode just to be able to log into this forum. Here is a hijack this log, please help.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:52:11 PM, on 1/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...sbcydial/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page... Read more

A:Firefox locks up, web searches hijacked.

Read other 7 answers
RELEVANCY SCORE 87.2

Hello - I have struggled to regain control of my browser through several antivirus software, none of which have worked--including MalwareByte. All searches are directed to junk sites. Your help is appreciated! Many thanks.
DDS (Ver_09-10-13.01) - NTFSx86
Run by rashab at 19:12:16.04 on Sat 10/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.432 [GMT -4:00]

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOW... Read more

A:IE/Firefox hijacked - Web searches redirected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 84.4

I recently was a victim of an attack of the Security Essentials 2010 malware. I managed to clear the most evident problems of that following the guide/tutorial on this site. That infection began Wednesday evening 3 days ago, and I was cleaned up by last night. Later last night I noticed that my google searches would usually redirect. Occasionally they will work when I click a search result, but it seems that well over half the time I end up redirected and the sites i'm sent to show no pattern I've been able to discern yet.Earlier I was troubleshooting this and did come across a vonabuka.dll line in a HJT log and removed it. I've since restarted several times and these logs are from the system in it's current state and how it will remain until we can work this problem.I've followed the prep guide for posting here and so included here are the DDS and GMER logs.Thanks in advance for your help and especially your time.EDIT I should add, whatever it is that's left, or that was infected during the Security Essentials ordeal and is now resisting removal is not detected by Symantec, Spybot, AdAware, or Malwarebytes. And when I ran the gmer scan, it did pop up that it found something. I have never used this before though so I don't know if that's usual or not. end edit.DDS LogDDS (Ver_09-12-01.01) - NTFSx86 Run by IrishPanther at 21:10:44.76 on Sat 02/20/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Prof... Read more

A:Firefox Searches Hijacked following cured? Security Essentials Infection

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic. if you still need help please give me a brief description of your problems.Unfortunately your logs show you have a rootkit infection, so you should be aware of the following information.One or more of the identified infections is a backdoor trojan/Rootkit.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can... Read more

Read other 8 answers
RELEVANCY SCORE 83.6

Hey there. I've recent been having problems with Firefox/Google Chrome where my searches are being redirected to random sites when I click on the results. In addition the spellcheck function doesn't work if this searches are mistyped. I've tried several different programs with no success in fixing the matter. Among them are Dr. Web Cure it. As well as Malwarebytes which caused my computer to crash both times I tried using when it reached a file called zipfldr.dll

I've looked around at a couple sites but as nothing seems to be working I thought I'd give this a try. Any help would be apperciated, and it only seems to be affecting Firefox, and Chrome. Oh, and in addition to the redirect it's highlighting random phrases within the webpage with something called Clicksor, as well as the redirects going through something called 123bounce.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:14 AM, on 17/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Creative\USB Headsets... Read more

A:Google Searches being redirected in Firefox/Chrome. Google Redirect?

You have a DNS hijacker.

Disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box.
Click Allow Change box.

You can follow this link if you need help: http://russelltexas.com/malware/teatimer.htm
Try updating and running Malwarebytes again.
 

Read other 1 answers
RELEVANCY SCORE 83.2

Hi All. I've been having issues when I perform a search through Google. When I click on a link, I am taken to another search site. I have done some limited research and this seems to be more of a common problem than I realised. I installed Firefox thinking that maybe the issue was related to IE only, but this is happening on both softwares. I have hopefully followed the rules for this site, and I am posting below the results of the DDS.txt file.
S
I hope that someone can shed some light on what may or may not be correct on my laptop. Please note that this is first and foremost a work computer, so it does have Symantic Antivirus installed.
DDS (Ver_09-03-16.01) - NTFSx86
Run by SHannant at 22:22:24.47 on 03/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1201 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C: ... Read more

A:Google Searches being redirected in both IE and Firefox

Hello Stephen and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!If ComboFix does run it's full circle, the please try to install Avira... Read more

Read other 5 answers
RELEVANCY SCORE 83.2

Everytime i search something on Google in Firefox, the search results come up fine, yet when i click a site on the results page, it either doesn't load, or when it does, re-directs me to some random site.

I had this problem on Firefox on my Computer, switched to Google chrome which was fine for a few weeks, then the same exact problem happened again. None of the sites in my Google results would load to the actual site. The weird thing is, i can still excess all the sites in my bookmarks menu without a problem, its just the google search sites that don't load or end up directing me to some random site.

So i switched from my computer to Laptop, which has been fine for weeks, and now again, same problem with Firefox. Nothing loads on Google. Its kind of weird how its happened again on a totally different computer.

I've messed around with the add-ons in Firefox, and it works for a few hours, then goes back to normal, nothing loading on the google results page.

Any help would be massively appreciated as its effecting my browsing experience.

A:Firefox Re-Directing Google Searches

On the search bar on our site (first item is User CP), hit search and type in "Google redirects". You'll see a whole bunch of answers.

Read other 4 answers
RELEVANCY SCORE 83.2

Hello,

I am having a problem with google searches in firefox being redirected to other sites than the intended url. I have a feeling it is something to do with some sort of malware. I have run programs like ad-aware, spybot s&d, malewarebytes, and superantispware. None of them seem to fix the problem. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:25 PM, on 11/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\KH Blocker\khb.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverrid... Read more

A:Google searches in Firefox redirected

Hello,

I am having a problem updating various software programs that I feel are related to some problem with my computer. Software like Ad-aware SE Personal and AVG 7.5+8.0 both cannot update. I have researched answers to the error message I get in both programs, but none seem to work. Like I said, I feel that the this updating problem between the two is caused by something. Other problems that I am having with my computer is my internet connection. Using google in firefox, I sometimes get redirected to ad-sites. All I know is something isn't right with my computer. Thank you.

I was told by someone else in a forum section where I posted this to give my HijackThis log to this forum:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:58 PM, on 11/20/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\KH Blocker\khb.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Win... Read more

Read other 1 answers
RELEVANCY SCORE 83.2

For the last few days, my searched in google while using Firefox are being redirected. The search results appear as normal, and mouse over the links show them normal, but when I follow the link, it redirects most of the time to other pages. I can right click and copy the link, then paste in a new tab and it works fine.I have run Windows Defender, AVG Antivirus scans, and Ad-Aware from Lavasoft with no luck.Here is my Hijack log. Thanks in advance for your help!!JTLogfile of Trend Micro HijackThis v2.0.2Scan saved at 18:01:36, on 10/23/09Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\WTablet\Pen_TabletUser.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Toshiba\FlashCards\TCrdMain.exeC:\Program Files\Camera Assistant Software for Toshiba\traybar.exeC:\Program Files\Synaptics\SynTP\SynToshiba.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Toshiba\Utilities\KeNotify.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\Program Files\Toshib... Read more

A:My google searches in Firefox are being redirected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 18 answers
RELEVANCY SCORE 83.2

Hello,

I am having a problem with google searches in firefox being redirected to other sites than the intended url. I have a feeling it is something to do with some sort of malware. I have run programs like ad-aware, spybot s&d, malewarebytes, and superantispware. None of them seem to fix the problem. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:25 PM, on 11/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\KH Blocker\khb.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Inte... Read more

A:Google searches in Firefox redirected

Hi, welcome to TSF!

Before we continue, please follow the instructions presented in this thread: http://www.techsupportforum.com/secu...oval-help.html then post the requested logs.

Read other 9 answers
RELEVANCY SCORE 83.2

Hi, I've seen a lot of other users have problems with this and I am too - Google will only occasionally redirect me to other sites, find-stuff-fast, informationgetter.com, expandsearchanswers, it's really annoying - so I made an account, hopefully I can get some help. I'm using Firefox 5.0.1 (I reinstalled hoping to get rid of the redirects, but it didn't work). I've tried running Malwarebytes and Norton 360 and it found some stuff, but Google is still redirecting me. I'm using Windows 7.

Am I infected? What do I do?

A:Firefox redirecting Google searches?

Hi Eugenlus, to Bleeping Computer.My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.Some things to remember while we are working together.Do not run any other tool untill instructed to do so!Please do not attach logs or put logs in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can also help.Do not run anything while running a fix.If you don't understand a step, please ask for clarification before continuing with any future steps.Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum. Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result. I'd like us to scan your machine with ESET On... Read more

Read other 21 answers
RELEVANCY SCORE 83.2

I have some malware that's redirecting google search links to phishing websites. It seems to only affect the firefox browser. I've run AVS, kapersky, malware bytes and escan with limited success. There's been a few root kits discovered, but not all of them are removed.

A:Firefox redirect on Google searches

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 17 answers
RELEVANCY SCORE 83.2

I have firefox running on a Windows 7 PC the 64 bit version.

This all started in the past day or so.

When i do a google search for say "youtube" Everything comes up normally, but when i click on the link it will redirect to a website trying to sell me a credit card or something. This will happen for about 10 minutes then goes away for a while and will eventually come back.

I tried updated my virus scan and anti-spyware, which did find and remove something, but the problem still persists.

This is really annoying and seems like it could potentially be a serious problem. I would appreciate any help you guys might be able to give.

DDS.txt

.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Run by Typhon at 23:26:36 on 2011-06-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6093 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\Sy... Read more

A:Google searches being redirected firefox.

Been 72 hours,

Bump

Read other 7 answers
RELEVANCY SCORE 83.2

When clicking on a link in Google, am getting redirected to various sites such as clicks.bestsearchfind.com, www.goingonearth.com/search.php, www.netshoppers.com, etc. Most of the time NoScript on Firefox blocks these sites and takes me to a fresh Google search page. Have scanned with Nortons, Malwarebytes, Housecall - all say nothing found. Downloaded FixTDSS and that said nothing found either. Only getting redirects using Firefox, Chrome seems to work fine (I don't use IE). Tried to run GMER twice and computer locked up both times about half-way through.
DDS (Ver_10-12-12.02) - NTFSx86
Run by user at 9:18:51.64 on Sun 02/06/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.478.54 [GMT -8:00]

AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\... Read more

A:Getting redirects on Google searches when using Firefox

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 4 answers
RELEVANCY SCORE 83.2

I suspect that I have some form of malware. I got adwarealert and about 3 other rogue antivirus programs on my computer a week or two ago. I've been trying to clean it up since then and have gotten down to the last bit of it, but can not stop firefox from redirecting my google searches.

Internet explorer and Safari do no redirect my google searches. I am running windows vista.

I've ran several antispyware programs and nothing is working. To start, i'll post an HJT log and a combofix log.

I ran:
malwarebytes
avg free
ad-aware
spybot
SDfix
and more

(also, after I ran combo fix I was able to use google without getting redirected for about 10 minutes, then the redirection came back)

I really really appreciate the help from this forum.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:18 PM, on 8/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttr... Read more

A:Firefox keeps redirecting my google searches

And now the combo fix logfile:

ComboFix 08-08-10.02 - adam 2008-08-10 18:09:49.1 - NTFSx86
Microsoft® Windows Vista&#8482; Home Premium 6.0.6001.1.1252.1.1033.18.2652 [GMT -5:00]
Running from: C:\Users\adam\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\adam\AppData\Roaming\macromedia\Flash Player\#SharedObjects\GVP00001\interclick.com
C:\Users\adam\AppData\Roaming\macromedia\Flash Player\#SharedObjects\GVP00001\interclick.com\ud.sol
C:\Users\adam\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\adam\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.

2008-08-10 17:29 . 2008-08-10 17:29 <DIR> d-------- C:\Users\All Users\Avg8
2008-08-10 17:29 . 2008-08-10 17:29 <DIR> d-------- C:\ProgramData\Avg8
2008-08-10 11:44 . 2008-08-10 11:44 <DIR> d-------- C:\Users\All Users\Webroot
2008-08-10 11:44 . 2008-08-10 11:44 <DIR> d-------- C:\Users\adam\AppData\Roaming\Webroot
2008-08-10 11:44 . 2008-08-10 11:44 <DIR> d-------- C:\ProgramData\Webroot
2008-08-10 11:37 . 2008-08-10 11:37 164 --a------ C:\install.dat
2008-08-10 11:04 . 2008-08-10 11:44 <DIR> d-------- C:\Program Files\Webroot
2008-08-10 10:23 .... Read more

Read other 3 answers
RELEVANCY SCORE 83.2

A couple months ago my searches started being redirected to random sites. I'm almost always using Firefox and searching with Google. They never seem to be the same locations where I am redirected. A recent example was Merchant Circle and a lot of the time it's just and IP Address. If I go back to the original search page and click on the real link again it will go to the correct site. But the next time I do a search it happens again.

Any help would be greatly appreciated as I'm stumped.

Thanks

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32
Run by M at 10:03:35 on 2012-09-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1824 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\sv... Read more

A:Google searches being redirected in Firefox

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Read other 8 answers
RELEVANCY SCORE 83.2

Hi. This is my first time posting.

Okay I am having problems searching on Google in my firefox browser, I am getting redirected to ads on random sites. Its really annoying. I have scanned my computer with Malwarebytes, SuperAntiSpyware and AVG Antivirus. All the scans had detected some viruses or malware and they are all deleted. But the google search is still not fixed. Can someone please help?

I have Windows Vista operating system. I don't know what more information may be needed but you may ask me if anything is needed.
Thanks a billion!

Sagar

A:Google searches redirect to ads on firefox...PLEASE HELP!

Hello and welcome. I am suspecting a Rootkit.Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.-- If you encounter any problems, try running GMER in safe mode.-- If GMER crashes or keeps resulting in a... Read more

Read other 16 answers
RELEVANCY SCORE 83.2

I've scanned my computer using various malware programs including SpyDoctor, Malwarebytes, Spybot, etc... I did have a few issues but I've cleared them and now they've all been running and finding no infections.This problem only occurs in Firefox and only when I'm using the Google Search engine. After approx the fourth link I click, I get redirected to some random search engine which searches for random things. Here's my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:31, on 11/24/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TELUS\TELUS eProtect\Fws.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSRespond... Read more

A:Google searches only redirected in Firefox only

Hello, cdale73 to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We Need to Run ComboFixNote to readers of this post other than the starter of this thread:ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.How to run ComboFix:Please download ComboFix from one of the following mirrors, and save it to your desktop.This is a mirror.This is another mirror.This is yet another mirror.Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.Double click on your desktop.Read and accept (Press Yes) to the disclaimer.For Windows XP Systems: Instal... Read more

Read other 11 answers
RELEVANCY SCORE 83.2

Whenever I click on links after doing a Google search, whether using IE or Firefox, I get redirected to various random ad sites. AdAware found one thing and removed it, but the problem remained.Thanks in advance for any help I can get!DDS (Ver_10-03-17.01) - NTFSx86 Run by katie at 22:46:11.65 on Sat 05/15/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.206 [GMT -6:00]============== Running Processes ===============C:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\WINDOWS\System32\basfipm.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exec:\Program Files\Dell\OpenManage\Client\Iap.exeC:\Prog... Read more

A:Redirecting with Google searches on IE and Firefox

Hi upstairs, and welcome to Bleeping Computer.Firstly,Please download Malwarebytes' Anti-Malware from HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.Secondly,Download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:netsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job ... Read more

Read other 17 answers
RELEVANCY SCORE 83.2

Referred from here: http://www.bleepingcomputer.com/forums/topic429807.html ~ OBMy search results from google are constantly redirected in IE and firefox. Ive tried malewarebytes, spybot, and superspyware with no luck. running 64bit windows so no gmer attached..DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29Run by Michael at 13:45:28 on 2011-11-30Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3764.2104 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32 ... Read more

A:Google searches redirected in IE and firefox

Hello sircasini and welcome to Bleeping Computer!I apologize for the delay.I am D-FRED-BROWN and I will be helping you. Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps. -------------Please download to your Desktop:TDSSKiller.zip from here and extract it (right click on it => "Extract here").>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.In your next reply, please include the following (you may need to use two posts to get it all in):TDSSKiller_log.txthow the PC is running now?-------------Please download ComboFix.exe. Please visit this webpage for download links, and instructions for ru... Read more

Read other 8 answers
RELEVANCY SCORE 83.2

Hello to Bleeping Computer. I need your help!

I have recently started having issues with Google searches in Firefox and IE being randomly redirected to other sites. Most are junk shopping sites, but many are 'anti-spyware' sites. When I started noticing the redirects I ran scans with McAfee, Spybot, Windows Defender, MalwareBytes and Ad-Aware and only MBAM found anything. But even after MBAM 'removed' the problem the redirects remain. Six or eight searches in a row will function properly, but then the hijacker takes over and I cannot get anywhere without multiple clicks. I have looked around a bit on my own using various viewing tools including Hijack This but other than deleting a few suspicious items (with no results) I'm not getting anywhere.

My primary anti-virus is the McAfee suite which comes free from my ISP. I do scans with MBAM, Spybot and Windows Defender from time to time. My firewall is up and functioning, and I am fully backed up on an outboard drive. I am running XP MCE SP3 on an HP m7674n and the machine is completely updated.

I have not had much in the way of other symptoms, however. My system seems to run normally, and is not visibly lagging. Internet operations other than Google searches seem fine. All of the malware programs update and execute normally. There does not seem to be any unwarranted traffic inbound or outbound, although the CPU usage will generally hover around 50% even at idle which seems high but may not be an actual issue. The only oth... Read more

A:Google Searches Redirected-Firefox and IE

Please disregard my issue as I had to resort to other measures. My machine was rapidly becoming unusable as more and more processes and applications became increasingly unstable or failed to function at all. I ended up wiping my disc and utilizing a mirror-image backup from a year ago. Many thanks just the same. You may close this topic.

Olias

Read other 2 answers
RELEVANCY SCORE 83.2

Every link is either redirected to a blank page or is redirected to an ad. I tried running Norton, but it did nothing, and I tried running TDSSKiller but it said that it found no threats. I tried flushing the dns cache but that didn't work either, not even for a short period of time. Does anyone know how to fix my computer?

A:Google keeps redirecting searches on Firefox and IE

Hello and welcome. Let's see what's up after these.Please download GooredFix from one of the locations below and save it to your DesktopDownload Mirror #1Download Mirror #2Ensure all Firefox windows are closed.To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).When prompted to run the scan, click Yes.GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before perfo... Read more

Read other 1 answers
RELEVANCY SCORE 83.2

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:14:26 PM, on 11/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\IPSSVC.EXEC:\WINDOWS\system32\acs.exeC:\Program Files ... Read more

A:Redirection after google searches in both Firefox & IE

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 12 answers
RELEVANCY SCORE 83.2

Malware Bytes, Spybot S&D and AVG come up clean.HP Media Center P4_2.5Ghz 1G-Ram; WinXP MCE 2005 sp3AVG9.0 / ZoneAlarm (free)Forgot to mention, I couldn't save a "new topic" this morning. I had to take the logs to my work computer to create and save a new topic (this one). Here's your requested logs:DDS (Ver_10-03-17.01) - NTFSx86 Run by Brad at 6:45:10.92 on Mon 07/12/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.392 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\ehome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\nvsvc32.exeC... Read more

A:firefox google searches get redirected

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 18 answers
RELEVANCY SCORE 83.2

Apologies if I am not posting this correctly, I honestly tried reading all the rules and searching other posts, but it seems my problem may need to be handled one on one. I am running Windows XP, and only use firefox. Not everytime, but maybe 50% of the time when I click a link after a google search, I get redirected to a few sites until I end up somewhere unrelated to my search. Additionally, I seem to be experiencing random opening tabs to websites I have no interest in. I would say I am a beginner-intermediate computer user, so please bear with me if you chose to help. Thanks... here is my hijack this log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:16 PM, on 4/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21183)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files... Read more

A:Firefox redirecting Google searches...

I'm sorry, I know I wasn't supposed to mess around after posting a hijack this, but another virus poped up and I couldn't resist running malwarebytes. This is my new hijack this after restarting my computer. All I am doing is posting this, then turning my computer off for a few days for someone to take a look. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:33 PM, on 4/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21183)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\... Read more

Read other 1 answers
RELEVANCY SCORE 82

Hello,Sometimes everynow and then I will do a google search or click on a youtube search result and I will be directed to another website.One of the ones in question was this one.http://star.thekeyresults.org/100/8003/sea...8.4585&nw=0I ran malware bytes and cleaned out my system a day ago (got hit by strongantivir) But this issue still persists.Here is my hijack this log. Anyone have an idea?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:10:18 PM, on 8/18/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\WindowsMobile\wmdc.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeD:\program files\steam\Steam.exeC:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files\MagicDisc\MagicDisc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeL:&... Read more

Read other answers
RELEVANCY SCORE 82

Hello- I'm running 32-bit Windows 7 Professional. Recently started getting Google search results to redirect to happili and other sites.

I have run MalwareBytes, SUPERAntiSpyware, Windows Defender, SpyBot Search & Destroy, and Avast anti-virus all in safe-mode without any luck.

Per the Preparation Guide, below is the DDS log and attached are the Attach.txt and GMER log. DeFogger has been run to disable any CD emulation programs.

Thank you very much for any assistance!


DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.2.1
Run by Kobs at 23:20:36 on 2012-04-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1903.193 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encrypt... Read more

A:Infected - Redirect on Firefox Google searches

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

Read other 14 answers
RELEVANCY SCORE 82

Hi,
I may have gotten ahead of myself, and may have done something stupid. Avast, Adware, and ESET all have located a malware/trojan. However, even when removed, my browser continues to be hijacked via google searches. When I rerun Avast and ESET, they no longer locate the trojan. I (perhaps stupidly) ran ComboFix on my own. After researching some more realized that may have been a mistake.

Thank you for your help!

Here are my dds results (below and attached):

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Kelli at 18:17:58 on 2012-03-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.384 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\stacsv.exe
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Java\jr... Read more

A:Browser Hijacks via Firefox/Google Searches

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Pl... Read more

Read other 14 answers