Over 1 million tech questions and answers.

Browser redirects in both IE and Firefox - random pops also

Q: Browser redirects in both IE and Firefox - random pops also

A few days ago, I started to get browser redirects in both IE and Firefox - it seems random in Firefox; in IE, it's about every second or third link that redirects in a Google search. I'm also getting random popups from both IE and Firefox. I have ran Malwarebytes, Adaware, Trend Micro's Housecall, Spybot, SuperAntispyware. I had upgraded Adaware to their paid service, and it found trojans, but did not take care of the popup and redirect problems. Now, nothing is being found by any of the anti-malware, but I'm still having the same issues. I'm having issues getting into Adaware to give details on the trojans. Additionally, I downloaded CA Anti-Virus Plus Anti-Spyware 2010, but the install failed and now I can't get rid of it off of my computer. I am hoping I'm doing this right, here is my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:38:38 AM, on 4/11/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exeC:\WINDOWS\system32\CTSvcCDA.EXEC:\Program Files\Common Files\Command Software\dvpapi.exeC:\Program Files\PCPitstop\PCPitstopScheduleService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\zHotkey.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\CA\CA Internet Security Suite\casc.exeC:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXEC:\Program Files\AWS\WeatherBug\Weather.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Upromise\dca-ua.exeC:\Program Files\Upromise\UpromiseTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeC:\Program Files\Brother\Brmfcmon\BrMfcmon.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.mozilla.org/start/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\fbhffadg.slt\prefs.js)N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\fbhffadg.slt\prefs.js)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dllO2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dllO2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dllO3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLLO3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.65.dllO3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -bootO4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [ShowWnd] ShowWnd.exeO4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /rO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exeO4 - HKLM\..\Run: [Earthlink Protection Control Center] "C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe" /trayO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [CHotkey] zHotkey.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLLO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exeO4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXEO4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [Upromise Update] C:\Program Files\Upromise\dca-ua.exeO4 - HKCU\..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exeO4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000028.000000D8O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exeO4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO14 - IERESET.INF: START_PAGE_URL=http://www.gateway.comO16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dllO21 - SSODL: hawewemez - {658be8a2-3b3c-4e02-91f9-5d46002e9ce9} - (no file)O22 - SharedTaskScheduler: tokatiluy - {658be8a2-3b3c-4e02-91f9-5d46002e9ce9} - (no file)O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeO23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXEO23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exeO23 - Service: EarthLinkSafeConnectAgent - Sana Security - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Update Service (gupdate1c9b0a8b412f88a) (gupdate1c9b0a8b412f88a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel? Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: ProtectionService - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe (file missing)O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 12035 bytesTwo quick updates: I was able to remove CA Anti-Virus Plus Anti-Spyware 2010 off the computer by redownloading and then uninstalling the whole thing.I also was able to get into AdAware:Trojan.FakeAlertTrojan.Win32.Generic!BTTrojan.Win32.Generic!SB.0Trojan.Win32.Hiloti.gen.d (v)VirTool.Win32.Obfuscator.hg!a (v)Hope this can help.Merged posts. ~ OB

RELEVANCY SCORE 200
Preferred Solution: Browser redirects in both IE and Firefox - random pops also

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Browser redirects in both IE and Firefox - random pops also

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%appdata%\*.exe%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exenetsvcsmsconfig/md5startproquota.exesfcfiles.dlleventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dllbeep.sysiaStor.sysnvstor.sysatapi.sysnvatabus.sysviamraid.sysnvata.sysiastorv.sys/md5stopCREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

Read other 35 answers
RELEVANCY SCORE 78.8

Was having random browser redirects and popups in Firefox
AVG & Malwarebytes found nothing.
Ran some misc fixes based on forum entries.
Computer seems better but would like confirmation that there is nothing lurking.
Ran scans based on "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help"
DeFogger
DDS
GMER

Can you review the attached scans, and let me know if any further action
is required.

Thanks

A:Random browser redirects and popups in Firefox

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 78.8

Recently purchased new laptop this thing has had next to none internet exposure however its seems i've still managed to pick somthing up....

Simply put everytime i open a new search in firefox i'm redirected to sites i've not searched for an example of would be searched facebook clicked on the link and found myself at ebay.. I have installed mcafee security center run a full scan and found nothing i have noticed there is another thread on the forum with the exact same problem so it nice to know i'm not the only person in this boat....

DDS (Ver_09-05-14.01) - NTFSx86
Run by Tim at 23:46:12.16 on 28/05/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.44.1033.18.894.200 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C: ... Read more

A:Browser (firefox) Redirects to random sites.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 72

The JIT debugger keeps on popping up. I tried disabling script debugging from Control Panel -> Internet Options -> Advanced but that did not work.

Also when I run google searches and click on the links it redirects me to other websites ( monster, dating etc.)

I need to know what Malware and tools to run to fix this.
 

A:JIT Debugger Pops up and Firefox redirects to other wbesites

Read other 16 answers
RELEVANCY SCORE 71.6

I have scanned with malwarebytes and nothing is found but continually get the browser redirects and just in time debugger pop upsthanks for any helpDDS (Ver_10-03-17.01) - NTFSx86 Run by Jane at 19:40:20.87 on Mon 08/09/2010Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.495 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\oodag.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\ALCMTR.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXEC:\Program Files\Mozilla Firefox\plugin-container.exeC:\WINDOWS\system32\wscntfy.exeC:\Documents and Settings\Jane\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyServer = http=127.0.0.1:5643uInternet Settings,ProxyOverride = <local>mWinlogon: SfcDisable=-99 (0xffffff9d)BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dlluRun: [ctfmon.exe] c:\windows\sy... Read more

A:browser redirects and Just in time debugger pops up

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 21 answers
RELEVANCY SCORE 70.8

hi there... asthe thread title suggests, when online a small blank browser window frequently pops up and redirects my webpage to a variety of commercial websites..... hijackthis as follows


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:08, on 25/10/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
C:\Windows\System32\TBCTRAY.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBEE.EXE
C:\Program Files\Avi Player\AviPlayer.exe
c:\Program Files\Hewlett-Pac... Read more

Read other answers
RELEVANCY SCORE 70

Hello,

I am running Windows XP Pro SP3 with Firefox 3.5.10 (primary) and Internet Explorer 7.0.5730.13 (backup). Both browsers have started to open new tabs with advertising content. The pages are not distasteful in content, only that they are uninvited. I have run both Malwarebyte's Anti-Malware and Adaware. The problem has been going on for about 10 to 15 days now. Every once in a while Anti-Malware picks up a couple of things and gets rid of them but the problem keeps coming back. Now neither one finds anything. I run AVG Free Anti-Virus 9.0.830 for routine virus protection.

Last night, the whole computer was very slow. Looking at task manager, it was evident that both Firefox and IE (when running) were taking up more memory than usual. Rebooting the computer fixed it.

As mentioned, I have run Malaware's Anti-Malware and Adaware. I cannot get the message to posts when I include any HJT information.
 

Read other answers
RELEVANCY SCORE 65.2

Hello,I have been lurking bleepingcomputer as a non-member for a while now. I typically am able to find the instructions to fix almost any problem a computer (be it mine or a friends) has from your forum. Now it seems I am unable to find the solution to my specific problem, so I finally signed up as a member! My problem is similar to all these redirect virus issues I have been reading, but slightly different and not quite the same.Here's the problem:Randomly when I am browsing the internet, every now and again a site that I come across (typically while using StumbleUpon [Firefox Add-On]) will redirect to some completely random site. It doesn't appear to follow any pattern, and has redirected to various different websites. The websites I am redirected to are rarely the same website I was redirected to before, the only exception being theclickcheck.com and yellowpages.com, both of these websites I have been redirected to more than once. Additionally, even if I don't have a browser open a pop-up will appear in a new window. If a browser is open, the pop-up window error will occur more frequently it seems(in a separate window, not a separate tab). Also, I noticed each redirect or pop-up goes through google-analytics.com, so this may still be the google redirect virus, but I am unsure.I have had this issue for about a week now, and I have been unable to get the time to really find the problem. I wish to do online banking, bill paying, and the what not but fear that... Read more

A:Random redirects and occasional pop-up while browsing with Firefox (particularly when using Firefox Add-On StumbleUpon)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

Read other 3 answers
RELEVANCY SCORE 64.8

Hi Gang:Last Friday my PC was hit with AV Security Suite. I removed it per online directions but my browser (IE8) was redirected and AV Security Suite reappeared. I have deleted the rouge software three times and I still notice occasional redirects and random browser windows popping up so I suspect there is still malicious code within the bowels of my machine but I am unable to locate it.I have used: Malwarebyte's Anti-Malware, A-Squared Free, AVG Anti-Viris, AVG Anti-Rootkit Free, CCLeaner and Disk Cleanup.For your viewing pleasure, my Hijack logo:Thanks for the help!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:12:37 PM, on 7/5/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Digital Media Reader\readericon45G.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\WINDOW... Read more

A:Browser redirects/random browser windows/AV Security Suite

Hi,Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.

Read other 23 answers
RELEVANCY SCORE 64.8

Hi all,

Thanks in advance for helping with my problem -- I really appreciate it.

Last weekend I got a very bad infection that basically rendered my system unusable, i.e., when I tried to launch resident programs such as Word, some message said that the .exe was infected, and asked if I would like to activate my antivirus software. The problem at that time was evidently a rogue antivirus program; I ran several spyware cleaner programs (those that I saw recommended on this forum) and this seems to have been fixed -- so now it looks like I just have this redirect problem.

First, my details:
- Windows XP Service Pack 3
- IE 8
- Firefox 3.5.5
- Chrome 3.0

Here's what happens: When I use any of the above-mentioned browsers to search, using Google or Yahoo, and I click on one of the links in the search results, I get taken to some random, garbage website instead of the one mentioned in the search results.

Also, multiple browser windows open repeatedly -- multiple windows with IE, and multiple tabs with Chrome. This seems to get worse over time, until the next reboot.

Here's what I've tried within the past two days:
- SuperAntiSpyware
- Spybot Search & Destroy
- Malwarebytes' Anti-malware
- Spyware Doctor
- Browser Hijack Recover
- Windows Live Onecare Safety Scanner
- My primary antivirus program had been McAfee, but now I'm running Microsoft Security Essentials instead

I've run scans with all of the above (some of them in safe mode) but the pro... Read more

A:Please help - Browser redirects to random sites, plus multiple browser windows

Hello please post your SuperAntiSpyware logTo retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take som... Read more

Read other 6 answers
RELEVANCY SCORE 64.4

EDIT: Split from here: http://www.bleepingcomputer.com/forums/t/311114/random-redirects-on-clicking-links-or-random-tab-pop-ups-in-firefox/ ~BPOk heres all the files. I skiped step 9 as i did not know if i need to create a new post or continue this topic.DDS.txt:DDS (Ver_10-03-17.01) - NTFSx86 Run by alex at 22:10:32.04 on Tue 04/20/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.367 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AirLink101\AWLL5026\WLService.exeC:\Program Files\AirLink101\AWLL5026\AWLL5026.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\ehome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\AVG\AVG9\avgnsx.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeC:\WINDOWS\sy... Read more

A:Random Redirects on Clicking Links or Random Tab Pop-ups In Firefox

Hi, qwertyasd Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------Double click on combofix.exe & follow the prompts.Install the Recovery Console if prompted.When finished, it will produce a report f... Read more

Read other 10 answers
RELEVANCY SCORE 64.4

Recently i have been getting a lot of random pop-ups that normally lead to sites trying to give me a virus. AVG Free Edition 9.0 always blocks these attacks but i really want to get rid of this because i can't ever get to the site i am trying to get to. About a week ago i had a rouge anti-virus (Windows Defender 2010) which i finally got rid of using Malyware Malbytes. After that my PC was acting weird and Just-In-Time Debugging keeps popping up. Sometimes SVChost or something like that crashes and then nothing works. Also after i removed the rogue anti-spyware none of the icons on desktop or in start folder would open. So i looked it up and i had to copy this into notepad and save it as fix.reg.

Pasted the following:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

This let me open all programs but then Mozilla Firefox would do random tabs and redirects.
Also i tried this.

Went to: C:\WINDOWS\system32\drivers\etc
Opened Hosts and deleted EVERYTHING. Then saved.
Deleted all backup hosts and thats about it.
A... Read more

A:Random Redirects on Clicking Links or Random Tab Pop-ups In Firefox

Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Make sure the Sections option is checked (in the right hand panel). Leave all other options unchecked!Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

Read other 6 answers
RELEVANCY SCORE 62

I have a similar problem to http://www.bleepingcomputer.com/forums/t/271417/google-redirect-both-ie-and-firefox/When I search in Google and click on a link in the organic search section I occasionally get redirected to another site. At first, I was being redirected to various Clickbank products. I did some research and found it was always a hoplink with a certain affiliate code. I alerted Clickbank and they have closed that account. But I'm still getting redirected, it just goes to an error page from Clickbank stating that the account has been closed or disabled. I also get redirected to Amazon. I'm assuming that it's probably the same guy. The redirects happen randomly (not every time). I use Firefox 3.5.5. I'm also using TrendMicro Internet Security Pro 17.1.1250 with the latest updates.I've run full scans with both TM and MalwareBytes, but neither find any problems. I don't see anything that pops out in my HighJackThis Log.Usually, I can find and remove these things on my own, but this is over my head. I'm stumped. I've seen other posts with similar problems that point to it being a rootkit and that's a little beyond my level of expertise.Please help. Thanksrbr451

Read other answers
RELEVANCY SCORE 62

Don't know where I picked up a bug, but it randomly redirects every 25th click or so to sites like PCKeeper and feedbackexplorer. FWIW, I just switched to Windows 10 last week and the problems started a few days ago.  Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015Ran by Jerome (administrator) on HAL (07-12-2015 05:48:04)Running from C:\Users\Jerome\DownloadsLoaded Profiles: Jerome (Available Profiles: Jerome)Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe() C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(Qualcomm Atheros... Read more

A:Random Redirects in Firefox

Greetings DocWhoops and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter probl... Read more

Read other 12 answers
RELEVANCY SCORE 62

with MBAM currently installed, i wonder if it is interfering with SystemShield... I see in the DDS.txt log that SystemShield is disabled, but i can "see" that it is running.

when this is all over with, as much as i have enjoyed using Iolo system mechanic (utilities) and thus bought Systemshield to go with it... maybe you can make a recommendation for preferred/better virus protection SW... Is SystemShield not as good as i was lead to believe? Maybe It didn't matter, and any AV would have had this issue(?)

ok, talk to you soon...

A:Random Firefox redirects

fwiw.. i just got a redirect when i was trying to navigate to change my notification options on your site... took me to this address:

http://click.get-answers-fast.com/ads-clicktrack/click/jump2.do?affiliate=46831&subid=7_f8&terms=bleepingcomputer.com%20user%20cp

Read other 19 answers
RELEVANCY SCORE 62

occasionally, clicking a link in Firefox browser initiates a redirect... usually a page of links, or a yellowpages-type of site.

in a separate, but related thread, boopme asked me to run Fixtdss and aswmbr then MBAM and post the logs in a new topic thread....

brb with logs

A:Random Firefox Redirects

fixTDSSno infectionsaswmbr log:aswMBR version 0.9.9.1532 Copyright© 2011 AVAST SoftwareRun date: 2012-03-06 21:13:34-----------------------------21:13:34.355 OS Version: Windows x64 6.0.6002 Service Pack 221:13:34.355 Number of processors: 2 586 0x170621:13:34.356 ComputerName: OFFICE-PC UserName: Jim21:13:35.068 Initialize success21:16:28.653 AVAST engine defs: 1203060021:17:35.084 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-021:17:35.085 Disk 0 Vendor: WDC_WD6400AAKS-75A7B0 01.03B01 Size: 610480MB BusType: 321:17:35.106 Disk 0 MBR read successfully21:17:35.107 Disk 0 MBR scan21:17:35.124 Disk 0 Windows VISTA default MBR code21:17:35.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 126500 MB offset 204821:17:35.158 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 483977 MB offset 25907404821:17:35.161 Service scanning21:17:35.850 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 3221:17:36.386 Modules scanning21:17:36.388 Disk 0 trace - called modules:21:17:36.392 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80077f32c0]<<spnl.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 21:17:36.394 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008b05790]21:17:36.397 3 CLASSPNP.SYS[fffffa6000fccc33] -> nt!IofCallDriver -> [0xfffffa80079ed9b0]21:17:36.39... Read more

Read other 9 answers
RELEVANCY SCORE 61.6

I've also now joined the ranks of those with a hijacked browser search engine, Firefox and I.E keeps redirecting me when I do a search on certain subjects. Opera does not seem to have any issues. Done a scan using AVG, Malwarebytes, adaware and spybot with no luck.DDS (Ver_09-12-01.01) - NTFSx86 Run by mark at 19:20:43.70 on 09/02/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.61 [GMT 0:00]AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\a-squared Free\a2service.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\System32\PAStiSvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\WINDOWS\system32\dla\tfswct... Read more

A:Browser redirects I.E and Firefox

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer sc... Read more

Read other 3 answers
RELEVANCY SCORE 61.6

I removed malware using MBAM last week; however, Browser redirect issues still remain. Hijackthis log as follows. Please help! Thank you!!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:23:23 AM, on 10/4/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exeC:\Program Files\Logitech\Logitech WebCam Software\LWS.exeC:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exeC:\Program Files\Lexmark Pro200-S500 Series\ezprint.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exeC:\Program Files\CyberLink\Power2Go\CLMLSvc.exeC:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files\CyberLink\Shared files\brs.exeC:\Program Files\Common Files\Java\J... Read more

A:Firefox and IE Browser redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 61.6

Hi all, I was told by extreemeboy to post here since we could not get this issue resolved with a rootkit scan. All attempts to use rootrepeal ended in the program crashing and GMER will completed a scan but I am unable to save the results then GMER completes as the system will completely hang once I click save.

I am having the redirecting issue also. Meaning that sometimes when I click a link after doing a search I get redirected to some random site instead of the link I initially clicked on. I have used Superantispyware, Webroot Spysweeper and anti-virus, spybot S&D, Malwarebytes, and finally removed webroot from my system and installed avast pro. Avast found some malware and move it to the chest. That seems to have made my system run faster and more stable than before however the redirecting issue is still present. I also can not boot the computer into safe-mode, when ever I try, I get to the mups.sys portion an the system just restarts itself. I have read though the forums about this issue and tried to follow some of the steps that where suggested to other folks as it pertains to my system. I downloaded OTL to desktop as well as GMER.exe and ATF-Cleaner. I was able to run OTL and ATF but GMER locks my system up to the point that only GMER will run and complete but no controls are able to be used including the ability to save the GMER log file at the end of the scan.

A:browser redirects firefox and IE8

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.Please describe the issues you are experiencing with your computer.

Read other 8 answers
RELEVANCY SCORE 61.6

This is a desktop running XP, and the owner reports that every now and then she tries to go to a web site and gets bounced to another one, usually porn. Here are the dds and gmer logs.

As always, any help is greatly appreciated!

Cheers,
Allan

=============

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Administrator at 0:02:07 on 2012-08-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.526 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.ex... Read more

A:Win XP - random browser redirects

Gentle "BUMP" haven't heard anything since original posting... hope someone can take a look soon.

Cheers,
Allan

Read other 1 answers
RELEVANCY SCORE 61.6

Hi guys, this problem has been persisting for 1 week now, browser keeps randomly redirecting. Like about 10 minutes into web surfing browser automatically opens up a tab with some stupid ad saying earn lots of money at home or something and Ive found it hard to remove and annoying. Here is a Hijack This Log attachedLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:12:27 PM, on 13/06/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton 360\Engine\4.2.0.12\... Read more

A:Browser random redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appe... Read more

Read other 22 answers
RELEVANCY SCORE 61.6

Hello I have seen other people with similar problems posting on your site. I am basically having the same problem when clicking links on the google search page, I get directed to similar sites or sites wanting to sell me something. for example if i am clicking to dl a free registry cleaner, by a certain company I will be redirected to another web page offering a similar service. I also will be directed to shopping and other various sites wanting to sell something usually.I am using firefox and Windows XP. I have ran Malware bytes and SuperAntispyware. I am also using Avira virus Protection.I have attached files from the programs I believe you wanted another user with this problem to run

A:Random Browser redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more eas... Read more

Read other 19 answers
RELEVANCY SCORE 61.6

My friends computer redirects to random websites when you click on a link in a search. After it redirects us once, it lets you go to the website the second time. When you type in an actual address it doesn't redirect us. My blackberry also does it when I'm connected to his network. I've used a bunch of different virus scans and nothing has worked so far. It happens in FF, IE, and Opera. Here are my logs:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 7:23:48 on 2011-10-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1002 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Progra... Read more

A:Browser redirects to random ads

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster. Create and Run Batch FileOpen Notepad and copy/paste the entire contents of the codebox below, into Notepad:@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.It should look like this: <--XPDouble-click on router.bat to run it. it will open notepad when done please p... Read more

Read other 12 answers
RELEVANCY SCORE 61.2

Hi First time posting. So I don't know if this is the correct part of the forum to submit to so if its not, just let me know where to submit  it to  My problem is that I use Firefox (main browser Win 7) to browse and every so often it will redirect my websites to adware. For example when I "middle click" on a site at Google or Reddit, it usually opens a new tab but sometimes it opens this completely other site which im guessing is malware, I use Adblock Plus so not every malware site redirects to it, a lot of the time it is just a blank page with an obvisouly incorrect URL. I used to be able to browse just fine, but now it seems every so often that it wants to redirect me to this other site. MSE always pops up telling me it wants to send a ".tmp" file to Microsoft because it doesn't know what it is. But whenever I use MSE or Malware Bytes (even on the full trial version, or rootkit scan) it never picks up anything when it has been scanned. I have scanned it normally and on Windows safe mode. If anyone could help it would be much appreciated. Thanks.

A:Firefox redirects random websites

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create M... Read more

Read other 1 answers
RELEVANCY SCORE 61.2

Although I consider myself fairly astute at resolving computer issues, this one has gotten the best of me. When I do a Google search using Firefox 3.0.6, i get randomly redirected to non-related sites when i select a google provided link. Sometimes clicking on the link is successful; othertimes i'm redirecting to anything but what I was looking for.I've run (in safe mode) Malwarebytes anti-malware, Super AntiSpyware Free Edition, Spy-bot 1.6, AdAware, as well as McAfee. I've been "successful" in removing a few trojans (vundo), but nothing has helped the redirect problem.My HiJack log is:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:18:50 PM, on 2/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Lo... Read more

A:Random redirects when using Firefox (HijacK)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 61.2

DDS (Ver_10-12-12.02) - NTFSx86 Run by ME at 13:08:24.62 on Thu 02/10/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.208 [GMT -5:00] AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Fi... Read more

A:help removing Firefox browser redirects

Hello and welcome to TSF.

The DDS.txt is difficult to read. Next time when you post a log, make sure the 'word wrap' is turned of under 'Format' menu.

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once we are done with the cleaning process.

Download ResetTeaTimerSave it to your Desktop.
Double click ResetTeaTimer.exe to run it. This will only take a few seconds.
------------------------------------------------------
Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
In the File menu click "Exit" to exit Spybot Search & Destroy.

===============

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1
Download Mirror #2[list]Please double-click GooredFix.exe on your Desktop to run it.Select "2. Fix Goored" by typing 2 and pressing Enter.
Make sure all instances of Firefox are closed at this point.
Type y at the prompt and press Enter again.
... Read more

Read other 19 answers
RELEVANCY SCORE 61.2

Hello,

When I use This work laptop at work on mt employers network Firefox doesn't redirect but when I bring this machine home to use it does. Also it only happens with machine that connect wirelessly to the internet. No redirects with my hard wired desktop. Please help me correct this problem.

Thank you,

Rod

A:Firefox browser/Google redirects

Here is the DDS log:
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by lausd_user at 9:54:57.75 on Sat 04/16/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1974.498 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System... Read more

Read other 6 answers
RELEVANCY SCORE 61.2

Escalated from original post per Broni. Currently having little to no success with programs used via original post. System crashes and no results found on various programs however problems persist. Clicking on links from google search are redirecting to various websites. Malwarebytes' and Avast5 (avast is now uninstalled) were displaying notifications of malacious websites blocked via antivirus processes, yet no results were found using advised programs. Please see original post as to steps I've taken prior to seeking help.

Original Post:

http://www.bleepingcomputer.com/forums/topic407933.html/page__gopid__2323994#entry2323994

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by Ben at 0:04:15 on 2011-07-07
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.4094.2097 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\Syste... Read more

A:Browser redirects from Google via firefox/IE

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 31 answers
RELEVANCY SCORE 61.2

Warmest Greetings,
Apparently whenever i search anything on google(using both ie or firefox) and click on the results which i wanted, i will be redirected to "www.sinexcite.com".
Please assist.
Thank you.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Yan at 15:43:38.75 on Sun 05/17/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Ultimate 6.0.6001.1.1252.1.1033.18.2046.1059 [GMT 8:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ATKFUSService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\syst... Read more

A:Web Browser(IE/Firefox) redirects to www.sinexcite.com

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 61.2

Hey there, i was wondering if there is a way to change the options in Windows Live Messenger so that the email tabopens your inbox in Firefox browser instead of IE?I'm sure there's a very simple way but i just cant seem to find how.Will appreciate any help

A:Msn Email Tab Redirects To Firefox Browser Instead Of Ie

Try setting Firefox as your default browser.

Read other 1 answers
RELEVANCY SCORE 61.2

I have a problem when I do a search on google and click on the results. It directs me to random sites. I ran hijack this and removed some O17 entries pointed to domains, but it is still doing it.Here was the O17's I deleted:O17 - HKLM\System\CCS\Services\Tcpip\..\{1C11AE53-28A5-4AC7-BA9F-CD4109D7856C}: NameServer = 93.188.164.226,93.188.161.83O17 - HKLM\System\CCS\Services\Tcpip\..\{99426465-398B-4E70-A3D4-92E8DBFC55FB}: NameServer = 93.188.164.226,93.188.161.83O17 - HKLM\System\CCS\Services\Tcpip\..\{B03D0ABE-BF61-462A-8B9F-0846A173B647}: NameServer = 93.188.164.226,93.188.161.83O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.226,93.188.161.83O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 93.188.164.226,93.188.161.83O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.226,93.188.161.83Here is my latest HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:26:43 PM, on 2/16/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v7.00 (7.00.6002.18005)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Motorola\SMSERIAL\sm... Read more

A:Browser redirects on google in Firefox

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!If you have since resolved the original problem you were having, we would appreciate you letting us know.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your ... Read more

Read other 4 answers
RELEVANCY SCORE 61.2

Hi
 
I am running Windows 10 technical preview so am unsure if you will be able to help.
 
I'm getting browser redirects under Chrome, IE and Firefox but scans using Avast, MBAM, Kaspersky, Bullguard, Defender, Malicious software removal tool and various other antivirus software turns up a blank.
 
Any help much appreciated.
 
Thanks

A:Browser redirects in Chrome/ IE / Firefox

Are you hooked up to a router?  They can become infected too.  If so, try resetting it with the recessed button.  My experience is that you have to use a paper clip and hold it in for about two minutes.

Read other 24 answers
RELEVANCY SCORE 61.2

I am working on a friends computer.Last night  removed  62 viruses and 13 malware programs. Computer is running pretty well now except for browser redirects and unwanted adware. This is preventing the computer from general browsing.
 
I used Emsissoft Emergency kit  and malwarebytes to remove the viruses,but need some helpwith these pesky redirects. Client computer is Windows 7 Home premium.
 
I had to download all these tools from my computer on a flash drive because i couldn't get any executable to run because of virus infection. i also removed all suspicious programs like coupons.com discount deals.com etc. but I still can't finf the culprit that is causing this. Any help would be greatly appreciated!

A:browser redirects on Opera and firefox

Update- after running Malwarebytes for a second pass it identified 162 additional threats.I don't know why it didn't catch them on the first go round.Anyway,the client's computer is completely clean .He was not aware that his antivirus software had expired. I found nearly 300 threats on his computer.O- and he has Antivirus and anti malware installed now-
 
I told him is he let his protection lapse I would NOT fix his computer again. Problem solved!

Read other 2 answers
RELEVANCY SCORE 60.8

I've just moved to WIndows 7 and have installed some of my favourite software. All fairly ordinary stuff really mostly freeeware. In short order I'm experincing random browser redirects. Some sites I can't visit at all, I'm just redicrected from (like hobart.gamessociety.info for example). This happens in thelatest Firefox, IE and Chrome all of which I've tried and use intermittently. Which is bothersomely indicative of a system level intervention not a browser hijack.I've googled at length and all I can find is many different reports of similar symptoms. Often they suggest a TDSS infection. Googled that and found some removers, neither of found a TDSS infection (Kaspersky and Norman TDSS removers), I'm at wit's end and facing a complete system rebuild again, this is nuts. I cna't imagine a vector for viral infection. I've not indulged in any riky behaviours Im aware of. It's Windows 7 64 bit.Microsft Security Essentials finds nothing.I ran HijackThis and it recommends posting here form some feedback on the log. I see nothing suspscious in it except the last pile of DLLs that are missing. Could be because it's not set up for Win 64 bit?Here's the log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:56:56 PM, on 21/08/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Common Files\Acronis\Schedule2\... Read more

A:Random Browser Redirects, TDSS?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run: Malwarebytes' Anti-Malware :Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.W... Read more

Read other 10 answers
RELEVANCY SCORE 60.8

I've run numerous spyware and virus scans and still have this issue with the browser redirectingme sometimes, not always, to other sites, seemingly at random. Any help would save what is left of mysanity.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:52:20 PM, on 10/18/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\... Read more

A:Browser redirects to random sites

hi mayr,

Sorry for the delay. If you still need help simply reply to the post and we will get started.

Read other 1 answers
RELEVANCY SCORE 60.8

I started getting search redirects and random browser windows opening about 3 days ago. At first it wasnt very bad, a redirect here and there, a browser window occasionly. Now everytime i move to a different web page i get 3 - 5 browswer windows opening and get redirected on almost every search. I also think i may be getting fake browser crashes. When i load a topic on this forum i get an internet explorer has crashed would you like to send an error report, yet if i move the window asside i can still browse the page freely. Im in need of assistance so that i may get back to browsing the web freely. Going to bed so i'll get back to you in the morningHeres my hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:40:54 AM, on 11/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeD:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeD:\PROGRA~2 ... Read more

A:Redirects and random browser windows.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 9 answers
RELEVANCY SCORE 60.8

As the title says, I have been suffering from random redirects and browser launches (specifically Internet Explorer) while I was surfing the web. Just today I was redirected to freshbrowserupdate.com and on previous weeks I've been redirected to sites like url123.info while visiting forums. I don't know what could possibly be causing this, as MBAM found something and deleted it, but that did not stop the problem. I'll be checking up on this post frequently so that a solution may be reached. Thanks in advance and I'll post the logs below.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:04:44 AM, on 11/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\puush\puush.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Goo... Read more

Read other answers
RELEVANCY SCORE 60.8

Ok so i'm usually good with removing Trojans and all that good stuff but this virus/spyware has been bugging me. The what i think is a program opens up my browsers and are directed to random sites as im typing three links have popped open.... http://www.supercoupon-sales.com/m165651103.html, http://www.redemption-slip.com/m165651103.html and http://www.pr-omoting.com/m165651103.html.... its odd that all the URLS have "-" s and the litle icon next to the URL in the address bar is a checkered flag or black and white chess board in them anyway i've run all my spyware (spybot and defender CWSshredder) and virus scan (mcafee) and heres my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 4:40:56 PM, on 6/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WI... Read more

A:Browser Redirects/Random Openingss

Download combofix from one of these locations:http://www.techsupportforum.com/sectools/combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

Also post a new HJT log.

Read other 9 answers
RELEVANCY SCORE 60.4

Well, like the title says, Firefox keeps redirecting me to random sites. For instance I clicked on a wikipedia link and got sent to Travelocity.com. This just started happening earlier today, out of nowhere, and it's only Firefox that does this. The last things I remember downloading are Artweaver, Torsion, Notepad++, and Torsion, but that was all maybe over a week ago. I've used Malwarebytes' Anti-Malware and deleted four infected files. I've researched a few other threads but I'm still not exactly sure what I need to do. Can somebody please give me some direction? I'm using Windows XP by the way.
 

A:Mozilla Firefox Redirects to Random Sites

Read other 16 answers
RELEVANCY SCORE 60.4

Hi, as the topic says my problem is random redirects and Firefox isn't saving browsing history for more than a day, and that has nothing to do with settings.
The only redirect address I've noticed and remember is server2.mediajmp.com, but there have been others.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:59 AM, on 6/23/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Steam\steam.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Lovick\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aqworlds.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&... Read more

A:Random Redirects and Firefox not saving history

Read other 7 answers
RELEVANCY SCORE 60.4

For the past 3 days, this computer has had several problems with getting on the internet. I was able to solve some of the problems preventing Firefox from being opened, but two issues still remain.1) While using Firefox, and I am unable to use anything related to google.comGoing to google.com returns a white page with "404 Not Found" in large text, and "nginx" in smaller text below that.2) I randomly get redirected to advertising websites while viewing some of my favored sites.For an example of 2:
Spoiler
Earlier I was viewing Blizzard's Blue posts at http://blue.mmo-champion.com/1st: Went to http://blue.mmo-champion.com/2nd: I click a topic of interest, went to http://blue.mmo-champion.com/topic/191513/negative-ghostrider-the-pattern-is-fullThis next part is where I get redirected3rd: I click one of the buttons, the Blizz button with the arrow, which normally is supposed to take me to the source or the post itself.I'm supposed to go here: http://us.battle.net/wow/en/forum/topic/3048064944?page=19#371But instead, this shows up in my browsing history:http://allglobesales.com/aff?aff=http%3A%2F%2Fbridge2.admarketplace.net%2Fct%3Fversion%3D7.0.0%26key%3D62256396176.3275365%26ci%3D1313772378950.10158&i=HctLDoQgDADQdW_RC0iQj5Xj1AIOyQgTMOH6mtm-5JFTwSnjVmU2ME6DVtpY8kCwARkbJW-aD-Gd6BBKa7C7DzH4KDaDBLiutsiHr19pFRecrX8jtoyTu3TON9Y0B3KN2LnEUk8cd-c7nSUNfPOfx_vmAw~~http://bridge2.admarketplace.net/ct?version=7.0.0&key=62256396176.3275365&ci=131377... Read more

A:404 nginx google/firefox - random redirects

Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Read other 20 answers
RELEVANCY SCORE 60.4

My Windows XP Media Edition PC is infected with something. The most obvious symptoms are:
1) When using Firefox, new browser windows will randomly open -- to URLs that seem random. This happens often.
2) On occasion, audio will start playing -- as if some streaming internet audio was playing. I do not recognize the audio.

The above behavior started yesterday, Dec 26. Until then, I had no knowledge that something was wrong. However, once this started, I looked at Norton's log. (I have Norton 2008 running on the system.) On Dec 22, Norton discovered Virtumonde -- and thought it had removed it. On Dec 23, Norton again discovered Virtumonde and again thought it removed it. Since then, Norton does not find Virtumonde.

After I discovered that my system was having problems, I took the following steps:

Yesterday (Dec 26) I installed Spybot S&D. Spybot discovered Virtumonde (even though Norton no longer does). Spybot thought it successfully removed the infected keys. On a subsequent reboot, Virtumonde was again detected by Spybot.

I then installed MBAM. MBAM found additional evidence of Virtumonde. MBAM removed what it found. Subsequent reboots and rescans show that MBAM and Spybot think my system is clean of all issues they can detect.

Nonetheless, my system is continuing to exhibit the behaviors listed at the top. (#1, for sure; I do not yet know if #2 is resolved.)

The PC is networked in a LAN; the LAN is connected to the WAN via a DLink router. Two o... Read more

A:Random new browser windows when using Firefox, and random audio

Disconnect from the net. Reset your router and give it a strong password.If you use Spybot's Teatimer, disable it for now----------------------------Update Malwarebytes. This time do a FULL scan and post the new log here for us to look at

Read other 2 answers
RELEVANCY SCORE 60.4

Hello,
Anything other than typing the website address in firefox address bar, like a search term, redirects to smartwebsearch.net. I guess it has something to do with a faulty youtube downloader that i had installed sometime ago.
DDR suddenly exits the screen when running, hence i am attaching two logs from hijack this - running processes and uninstall list. Please let me know if there is any other log that i could generate.
I get a blue screen midway when I run GMER

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:54:15 AM, on 8/13/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Co... Read more

A:Firefox browser address bar redirects to smartwebsearch.net

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 18 answers
RELEVANCY SCORE 60.4

Hello,
 
This is just one of the problems I am having with my internet browsing on Firefox.  What can I do to remove it?  I am running Windows XP and use Kapersky as my anti-virus tool. 
 
Thanks, Teddy V.
 
 

A:"Outdated Browser Detected" redirects from Firefox

Hello tmv, run these, post the logs and see how it is.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the toolClick on the Sca... Read more

Read other 5 answers
RELEVANCY SCORE 60.4

Seems like a topic that has come up more than once - I'm having the same problem. Random redirects to various websites, some that ask me to install antiviral software, others to sale sites. Multiple website addresses show in the redirect process and all from google links.

C&P'd is my DDS.txt, the other 2 are attached.


---------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by Nidhogg at 21:08:27.12 on Thu 12/03/2009
Internet Explorer: 7.0.6001.18000
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [AdobeBridge]
uRun: [Pla... Read more

A:Browser search engine redirects (Firefox and IE)

Also as an update: For Firefox, my scrollbar (always on the right side of my screen) has been flipped to the left, and whenever I try to do a google search a warning window pops up letting me know that I'm about to send information over an unencrypted website and asks me if I really want to do that. If I click yes nothing happens, if I click no nothing happens. My firefox is basically useless atm.

Read other 13 answers
RELEVANCY SCORE 60.4

Howdy folks. I am having issues with my Firefox...... When clicking a link from a google search results page, I get randomly redirected to some other, completely unrelated page. Generally advertising of some sort. I have been researching this problem for a while, and have tried numerous methods of repairing it, all to no avail. (short of uninstalling, and then re-installing firefox.... that's my last ditch resort though.) I have scanned my machine, and cleaned it off, with AdAware, SuperAntiSpyware, CCleaner, Malwarebytes, and TrendMicro's housecall. (and even used hijackthis to see what all was in the registry, nuked a couple things out of there, but, still, no soap.) Even when completely cleaned, the problem persists. I have seen folks recommend the use of ComboFix... but, I have a 64 bit version of XP, and that does not appear to be supported. I have used UnHackMe, and it found some additional infections, (three, to be precise...), but, that didn't fix it either.At this point, I am at a loss. I haven't the faintest idea of how to proceed, short of nuking Firefox, and reinstalling it, and if THAT doesn't work.... Nuking the entire harddrive, and reinstalling EVERYTHING. I REALLY don't wanna go there thankyouverymuch.......Suggestions? Comments? Complaints? Shoe size?Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Browser Redirects in Firefox from search pages.

Hello,please do these, post logs and update me.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.Run TFC by OT (Temp File Cleaner)Please download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open progra... Read more

Read other 1 answers