Over 1 million tech questions and answers.

Firefox redirected, occasional new tabs opened, cannot utilize Google search

Q: Firefox redirected, occasional new tabs opened, cannot utilize Google search

Hi, thanks for being here. I have suddenly become unable to utilize Google as my search engine utilizing Firefox. In addition, a new tab will occasionally open on its own while I am online after I have chosen to go to a site - i.e., my site will open and an additional site will open as well - an ad site usually. Even the most rudimentary Google searches are redirected to some sort of generalized info hub - somewhat on topic - but not what I desired. Clicking on a site I find in the Google search results takes me to one of these web clearinghouse sort of pages immediately.Any help would be appreciated. My log file is below. Thank you.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:44:29 AM, on 12/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Sony\VAIO Event Service\VESMgr.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Intel\Wireless\Bin\EOUWiz.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exeC:\Program Files\Protector Suite QL\menusw.exeC:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exeC:\Program Files\Common Files\AOL\1175988889\ee\AOLSoftware.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\AOL9~1.1\waol.exeC:\Program Files\Sony\SmartWi Connection Utility\SmartWiTogglet.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exec:\program files\common files\aol\1175988889\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exeC:\Program Files\Common Files\AOL\1175988889\ee\aolsoftware.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\PROGRA~1\AOL9~1.1\shellmon.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeopleR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dllR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllR3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dllO2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dllO4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /StationaryO4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"O4 - HKLM\..\Run: [WCULauncher] "C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe"O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175988889\ee\AOLSoftware.exeO4 - HKLM\..\Run: [PartSeal] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.1\AOL.EXE" -bO4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exeO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF269~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeopleO15 - Trusted Zone: *.emdat.com (HKLM)O15 - Trusted Zone: *.mytranscriptions.com (HKLM)O15 - Trusted Zone: http://*.trymedia.com (HKLM)O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cabO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Trend Micro Central Control Component (SfCtlCom) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (file missing)O23 - Service: SmartWiService - Sony Electronics, Inc - C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (file missing)O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (file missing)O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeO23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exeO23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exeO23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exeO23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeO23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exeO23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeO23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeO23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 13099 bytes

RELEVANCY SCORE 200
Preferred Solution: Firefox redirected, occasional new tabs opened, cannot utilize Google search

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Firefox redirected, occasional new tabs opened, cannot utilize Google search

I wanted to post the log files you require and noticed I had not previously - my apologies - but here they are.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Kellie at 19:45:39.57 on Fri 12/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1331 [GMT -6:00]

AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\common files\aol\1175988889\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1175988889\ee\aolsoftware.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWiTogglet.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\AOL\1175988889\ee\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kellie\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sony.com/vaiopeople
uSearch Page =
uSearch Bar =
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar1.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VAIO Recovery] "c:\windows\sonysys\vaio recovery\PartSeal.exe"
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
mRun: [WCULauncher] "c:\program files\sony\smartwi connection utility\WCULauncher.exe"
mRun: [HostManager] c:\program files\common files\aol\1175988889\ee\AOLSoftware.exe
mRun: [PartSeal] "c:\windows\sonysys\vaio recovery\PartSeal.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
mRun: [sakafazag] Rundll32.exe "c:\windows\system32\vafedewe.dll",a
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\kellie\startm~1\programs\startup\scandisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi69df~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif269~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: emdat.com
Trusted Zone: mytranscriptions.com
Trusted Zone: trymedia.com
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: psfus - fusstub.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\windows\system32\vafedewe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: yefimarey - {a41a745e-c4d0-4032-9858-8b8f80796aa4} - c:\windows\system32\vafedewe.dll
STS: mujuzedij: {a41a745e-c4d0-4032-9858-8b8f80796aa4} - c:\windows\system32\vafedewe.dll
LSA: Notification Packages = scecli fusstub tehomake.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kellie\applic~1\mozilla\firefox\profiles\36e1r6w7.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
==================== Find3M ====================

2009-09-03 18:11:36 92160 --sha-w- c:\windows\system32\vafedewe.dll
2009-09-03 18:11:34 45568 --sha-w- c:\windows\system32\wodezoga.dll

============= FINISH: 19:48:51.51 ===============
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/04 20:14
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: H8SRTvnspliqfmp.sys
Image Path: C:\WINDOWS\system32\drivers\H8SRTvnspliqfmp.sys
Address: 0xB5799000 Size: 114688 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7335000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\curslib.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\h8srtcfg.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\H8SRTjxviqjdapp.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\H8SRTokvfwossft.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\wincert.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\config
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\H8SRT435d.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\H8SRT999e.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\H8SRT99ad.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\H8SRTa0a0.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\H8SRTe9de.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\H8SRTvnspliqfmp.sys
Status: Invisible to the Windows API!

Path: C:\Program Files\AskBarDis\bar\Settings\config.dat
Status: Invisible to the Windows API!

Path: C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\win
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kellie\Application Data\Mozilla\Firefox\Profiles\36e1r6w7.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat
Status: Invisible to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: H8SRTjxviqjdapp.dll]
Process: svchost.exe (PID: 1544) Address: 0x10000000 Size: 65536

Hidden Services
-------------------
Service Name: H8SRTd.sys
Image Path: C:\WINDOWS\system32\drivers\H8SRTvnspliqfmp.sys

==EOF==

Read other 3 answers
RELEVANCY SCORE 87.2

Hi.I have some sort of trojan which redirects any link from google to a random site and then pops open a new tab opened to a random site. I have scanned my system with zonealarm, adaware, malwarebytes, and hijackthis and nothing seems to find it. I have uninstalled and reinstalled firefox.I don't see a way to attach the text and log files, per your directions, so I will post them.**************************HERE IS DDS.TXTDDS (Ver_09-12-01.01) - NTFSx86 Run by David A. Fields at 10:38:33.57 on Sat 12/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1427 [GMT -5:00]AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exesvchost.exeC:\WINDOWS\SYSTEM32\WISPTIS.EXEsvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\WINDOWS\... Read more

A:firefox/google gets redirected and additional tabs open

Ran Malewarebytes again and it shows nothing... Firefox is still hijacked, though

Malwarebytes' Anti-Malware 1.42
Database version: 3345
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

12/12/2009 6:37:11 PM
mbam-log-2009-12-12 (18-37-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 183057
Time elapsed: 48 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Read other 4 answers
RELEVANCY SCORE 85.2

I am having a strange problem where occasionally after a Google search the site I click on will redirect to a dummy search site. If I go back to my search results (back button) and reload the page, the link to the site I'm trying to get to will work. The problem does not seem to be very repeatable (many searches will work, then another redirect will occur). The redirect link does show up in the status bar of Firefox when I hover over a link that will be redirected. The link usually always begins with the URL like:
http://googleads.g.doubleclick.net/...

I ran GMER, but many of the selections that were supposed to be enabled were grayed out. Only "Services", "Registry", "Files", "C:\", and "ADS" were checked - all the others I could not enable. GMER reported:
---------------------------
GMER
---------------------------
GMER hasn't found any system modification.
---------------------------
OK
---------------------------

Thank you for any help!

Here is the DDS log:

DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by Matt at 22:27:35.56 on Tue 12/07/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.8190.4962 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\... Read more

A:Occasional redirect to dummy sites after a Google Search in Firefox

Hi methomas, and welcome to Bleeping Computer.Your log reveals a malicious Add-on for Firefox installed...Download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all.

Read other 12 answers
RELEVANCY SCORE 84

Okay this is driving me nuts because I use that search bar far more often than any one person probably should...

Whenever I try to use it though, it will do the search in the current tab AND open up a new tab and do the search there too. Quite aggravating.

What'd I do and how can I fix it?
LOL
 

A:Firefox tabs + google search bar

Do you have any tabbed browsing extensions? Normally Firefox will search in the current tab and not open a new tab unless you have an extension installed such as Tabbrowser Preferences (which I use). In any case check any options for that extension and check under Tools > Options.. to see if there is an option to disable it.

EDIT: Just realized you're using Google toolbar not the integrated one. Still check any extension settings though.
 

Read other 2 answers
RELEVANCY SCORE 80.8

Recently my Google Search results have been getting hijacked to ad websites. Whenever I delete my cookies it goes away for awhile, then comes back. I also have occasional audio advertisements play on my computer, I found whatever trojan is doing this, is using iexplore.exe. I ran a scan with Spybot S&D, and it found some things, but things are still being redirected. I ran a scan with HijackThis, and the log is pasted below. If you could have a look at this, and see what could be doing this. I am running Windows 7 32bit Ultimate, with everything updated, all updates. I have Kaspersky IS 2010 installed. All help is appreciated. If you need any more information, just send me a message.LOG FROM HIJACKTHIS:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:19:54 PM, on 11/25/2009Platform: Unknown Windows (WinNT 6.01.3504) ----> (Windows 7 Ultimate 32bit)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:Windowssystem32taskhost.exeC:Windowssystem32taskeng.exeC:ProgramDataLaplinkLaplink Goldtsircusr.exeC:Windowssystem32Dwm.exeC:Program FilesASUSAI SuiteEnergySavingPwSave.exeC:WindowsExplorer.EXEC:Program FilesVMwareVMware Playerhqtray.exeC:Program FilesAnalog DevicesSoundMAXSoundTray.exeC:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exeC:Program FilesJavajre6binjusched.exeC:Windowssystem32ctfmon.exeC:Program FilesSpybot - Search & DestroyTeaTimer.exeC:Program FilesSpybot - Search & DestroySDFiles.exeC:Program... Read more

A:Google Chrome and Firefox Google Search Results keep getting redirected

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.*If you have since resolved the original problem you were having, we would appreciate you letting us know. *If not please perform the following steps below so we can have a look at the current condition of your machine. *If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.**If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following: 1. Click on the My C... Read more

Read other 2 answers
RELEVANCY SCORE 80.4

I woke up this morning to all my Firefox browser tabs not responding. I did a restart on Firefox, the home page never loaded, just got the spinning cursor. Opened Chrome to see if it was a connectivity issue, and my home page was hijacked to avg secure search. Did a search in program manager in control panel, but did not find any instance of the AVG toolbar installed (not sure if it actually is or not, or if the browser just got hijacked). Log files attached/included below:

------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2
Run by John at 7:07:34 on 2014-05-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.3594 [GMT -7:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32... Read more

A:AVG search redirect in Google Chrome, Firefox browser tabs non responsive

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Read other 6 answers
RELEVANCY SCORE 80

Hey all,

I use Firefox 8.0 and have been having my Google results redirected to bogus sites. MBAM, ESET, AVG all show clean, but still the redirects continue. No unusual extensions, HJT is clean. Can't figure it out. Thought FF was supposed to be safer than IE

Any help is appreciated.
 

A:Firefox Google Search Redirected

Read other 6 answers
RELEVANCY SCORE 80

For the past several days my Google search results on Firefox 3.6 are being randomly redirected to other sites. I have tried disabling the Firefox extensions but that does not change the search behavior. I am running Win 7 Home Premium on a three month old x64 computer; security software is McAfee Security Center which has not detected a problem.Successfully ran dds.scr and created both reports. Ran gmer.exe but did not run to completion: error message said "C:\Windows\System32\config\system: the system cannot find the file specified"Here is the dds file. Attach.zip is attached.DDS (Ver_09-12-01.01) - NTFSX64 Run by Rob at 14:07:14.37 on Tue 02/23/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.5956 [GMT -8:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program... Read more

A:Google search being redirected in Firefox

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,I am thcbytes and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to your computer unless ... Read more

Read other 21 answers
RELEVANCY SCORE 80

IE 8.0.6001.18702 and Firefox 3.5.9 both are being redirected when selecting a google search link. Bookmarks and manually entered URLs have no problem. I ran McAfee (latest updates) and Malwarebytes. Malewarebytes did detect multiple Trojans which were removed. However the problem persists. I did run Combofix as I have used this in the past. However, I got a blue screen. I did not write down the exact message but it basically said a critical error was detected and windows shut down.I then found your web site and went through the process you outline. I was not able to create the ark.txt file as the system crashed and I received another blue screen. See attached jpg for exact message. I have also attached the windows logs from this event.DDS (Ver_10-03-17.01) - NTFSx86 Run by Bair at 20:56:16.48 on Sun 06/06/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1386 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\COMMO... Read more

A:IE and Firefox being redirected from Google Search

Hi wayah,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Download HostsXpert.zipExtract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpertDouble-click HostsXpert.exe to run the program.Click "Make Hosts Writable?" in the upper right corner (If available).Click "Restore Microsoft's Hosts file" and then click "OK".Click the X to exit the program.Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.Check if the issue is resolved.

Read other 21 answers
RELEVANCY SCORE 80

when I use the google option in the firefox search toolbar, the search takes me to hxxp://search.search-go.net. it's not really showing up in any obvious (to me, anyway) ways in my logs or registry, so i'm at a bit of a loss. It's more irksome than dangerous, but that can quickly change.DDS (Ver_10-03-17.01) - NTFSX64 Run by Nick at 19:14:55.07 on Mon 08/16/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6347 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:&... Read more

A:Google redirected in firefox search bar

Hi kazinstrife,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will... Read more

Read other 2 answers
RELEVANCY SCORE 80

This seems to be a frequent problem to others but is new to me. For the past several days my Google searches on Firefox 3.6 are being randomly redirected every two or three times. I have tried disabling the extensions but that does not change the search behavior. I am running Win 7 Home Premium on a three month old x64 computer; security software is McAfee Security Center which has not detected a problem. Any help gratefully welcomed.

A:Google search being redirected in Firefox

Hello,Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/298055/google-search-being-redirected-in-firefox/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.Please be patient. It may take several days ... Read more

Read other 1 answers
RELEVANCY SCORE 80

Hello Everyone. My problem is that wn i do a search on google it directs me to other sites instead of the search results. Ive seen other people have had the same problem on this site. any help would be greatly appreciated
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:47 AM, on 3/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32... Read more

A:Firefox Google search is being redirected

Hello tmac4183,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

Read other 2 answers
RELEVANCY SCORE 79.6

I don't know if these are related, which is why I'm posting this in the same thread and I honestly don't know what to do.
 
I have a pretty good feeling this is malicious since the ads starting showing up at the bottom of every webpage and look the same. The ad says "Brought to you by ...".
 
Each day around 7am I get a popup window on my desktop that tells me that I need to update Flash, yet I've already downloaded and installed Flash from the adobe website and verified that it is up to date. So I close the reminder since I don't know if it is a virus or not.
 
I scanned using hijackthis so I could have a log handy if needed. However when I ran it, there was a warning window that said:
 
For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.
 
If that happens, you need to edit the file yourself. To do this, click Start, Run and type:
 
   notepad C:\Windows\System32\drivers\etc\hosts
 
and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.
 
For Vista and above: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'.
 

 

 
Any help would be appreciated. Thanks!
 

A:Firefox has new suspicious ads and opens 3 tabs every time Firefox is opened. Da

Welcome aboard  HJT is not allowed in this forum.  Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you alr... Read more

Read other 14 answers
RELEVANCY SCORE 79.2

Hi,

As per the request, I've made a new thread with the logs necessary.

I got several viruses on my computer yesterday. McAfee found nothing, but MalwareBytes found 14 threats, which were promptly removed. Among them were Qhexia.exe and Qfc.exe. Can't remember the others..

However, in Firefox, Google and Yahoo search results are redirected to blank pages.

E.g. I'll search for "blue", go to the Wiki entry on it and end up on a blank page with this address: thewebtimes.net/?n=1306894929

I've run MalwareBytes again and nothing was found. I downloaded and ran SuperAntiSpyware and IObit Security 360 and a bunch of tracking cookies were found, but removing them has not helped. I've uninstalled Firefox completely and reinstalled and yet I'm still having the same problem

Can anyone help me with this frustrating problem?

Thanks!



Here's the first DDS log.
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by cat at 16:17:45 on 2011-06-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2023.751 [GMT 10:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\W... Read more

A:Google search results being redirected in Firefox (with log)

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Windows 7, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

Are you also redirected in IE? Please let me know in your next reply.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop ma... Read more

Read other 2 answers
RELEVANCY SCORE 79.2

It appears to be a common problem, but it looks like there are multiple ways to attack it. Here is my hijackthis log file, in hopes that someone can tell me what method to use to fix this virus/malware.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:03:14 PM, on 2/21/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\windows\System32\smss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\windows\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\windows\system32\LEXBCES.EXEC:\windows\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exeC:\windows\system32\CSHelper.exeC:\windows\system32\svchost.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\Program Files\MagicTune Premium\MagicTuneEngine.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Microsoft SQL Serve... Read more

A:Google search results being redirected in Firefox

Hi dewce,My name is Syler and I will be helping you to solve your Malware issues. We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exenetsvcsmsconfig/md5startproquota.exeeventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.sys/md5stopCREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized

Read other 11 answers
RELEVANCY SCORE 79.2

When I do a Google search using my Firefox browser the links redirect me to various sales, porn, etc sites. Malwarebytes and AVG failed to find anything.DDS (Ver_09-12-01.01) - NTFSx86 Run by Chente Benavides at 10:44:49.21 on Sat 02/27/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_03Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1652 [GMT -8:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exesvchost.exeC:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS&#... Read more

A:Google Search Items Redirected in FireFox

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 14 answers
RELEVANCY SCORE 79.2

Hi,

I got several viruses on my computer yesterday. McAfee found nothing, but MalwareBytes found 14 threats, which were promptly removed. Among them were Qhexia.exe and Qfc.exe. Can't remember the others..

However, in Firefox, Google and Yahoo search results are redirected to blank pages.

E.g. I'll search for "blue", go to the Wiki entry on it and end up on a blank page with this address: thewebtimes.net/?n=1306894929

I've run MalwareBytes again and nothing was found. I downloaded and ran SuperAntiSpyware and IObit Security 360 and a bunch of tracking cookies were found, but removing them has not helped. I've uninstalled Firefox completely and reinstalled and yet I'm still having the same problem

Can anyone help me with this frustrating problem?

Thanks!

A:Google search results being redirected in Firefox

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 79.2

After searching for something via Google(This only happens on Firefox. I've been using Chrome in the mean time.), some of the links get redirected to other spam sites. I have Microsoft Security Essentials and it catches nothing. I've also ran Spybot a couple of times and didn't find anything either. Other than the redirecting, my computer seems slow lately and I fear I have some very unpleasant malware. I was going to install and run ComboFix but it says in the instructions not to do so without help. If anyone would help me with this I would be very grateful.Here is a screen shot I snagged as I was being rerouted to another site: http://i.imgur.com/k1JIV.png

A:Firefox: Google search links redirected.

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKillerDouble-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Read other 10 answers
RELEVANCY SCORE 78.4

I was an idiot and picked up some nasty maleware that continues to redirect me through cs102175.com and possible some other sites can't tell. I have since scanned with Spybot S&D, Malwarebytes' Anti-Malware, Spyware Doctor and Bitdefender. They all removed the trojans they found but I'm still being redirected. The problem is, in Firefox, when i use Google search, (no matter what i search), sometimes when I click a result, instead of going to the result's URL, it will instead redirect me to random pages that again redirect me to other pages until I eventually end up at some sort of ad page. The redirects happen very fast, so it's hard for me to determine what they all are, but one example is a redirect through cs102175.com.

I am having much the same problem of as this fellow, I borrowed from his explanation but I am a different user with the same problem.

I don't know what to do...all the antivirus and antispyware tools I've tried say my system is clean, but my firefox is being redirected to random ad sites.

Thanks,
Chris

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:12 PM, on 4/29/2009
Platform: Windows Vista SP2, v.286 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.20613)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Software602\Print2... Read more

Read other answers
RELEVANCY SCORE 78.4

I have a 32-bit version of Windows. My OS is Vista. My internet browser is FireFox. When I go to www.google.com, type in a search item, press enter, and then click on a search result, the website opens in a new tab (regardless of whether or not I have chosen to open the link in a new tab or in the current tab) but then I am redirected to some other page. When I click on the google search result a second time, it opens correctly. When I am redirected it says a variety of things--sometimes it says 8cad.r.google.com (something like that). It's always some variety of a combination of numbers and letters in the redirect address. The pop-up problem appears to be a separate problem from the google issue as the pop-up problem has been occurring for about 2 weeks and the google redirect problem just started yesterday. The pop-ups are random pages--usually for games or for apartmentfinder.com. I run TrendMicro and usually TrendMicro prevents the pop-up from actually loading if it is deemed a "harmful" page. This problem only appears to be getting worse. I have run SuperAntiSpyware and Malwarebytes, as well as TrendMicro, numerous times. And while they have found a few Trojans and a lot of cookies/adware, the problem persists. Thank you so much for any help you can provide!!
DDS (Ver_10-12-12.02) - NTFSx86
Run by Jenny at 23:19:43.71 on Mon 01/31/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Business 6.0.6002.2.... Read more

A:Google search results are getting redirected in FireFox; also having problems with pop-ups

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 5 answers
RELEVANCY SCORE 78.4

The search results I get when searching through the Mozilla browser's google search box are being redirected to websites like http://shopcompareus.com/ and http://netshoppers.com/. This happens periodically. When you go back to the search results and click on the link a second time, it then goes to the correct URL. The only other strange activity on my PC is that the screens seem to refresh themselves a bit too often.

My System Info is as Follows:
Hewlett-Packard HPE-170f
Intel Core i7 920 @ 2.67GHz
9 GB RAM
64-bit OS
Windows 7 Home Premium

Steps I have already taken:
Run Malwarebytes
Run Symantec
Run Spywareblaster
Run Spybot S&D
Run Adaware
Run SuperAntiSpyware
Run TDSKiller
Uninstalled and Re-Installed Java
Installed the latest Jave Mozilla Plugin and Deactivated the 2 old versions

Hijack This Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:39:27 PM, on 1/11/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Mozilla F... Read more

A:Google Search Results Redirected In Mozilla Firefox

Read other 6 answers
RELEVANCY SCORE 78.4

When I select a site to go to from Google search results, or from a hyperlink within an article my firefox browser is redirected to a different site than the one selected. Sometimes the sites appear to be more search results, sometimes the site simply some other site that is totally unrelated and commercial site. The words "redirect" appear in the address bar while this is going on. The words "google-analytics" often but not always also appear.

Thanks

Richard Anderson (nrajr1)

DDS.TXT

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dick at 17:45:29.40 on Mon 05/09/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.466 [GMT -6:00]
.
AV: Webroot Internet Security Complete *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot Internet Security Complete *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\NVIDIA Corporation\NetworkAc... Read more

A:Firefox browser redirected after google search direction

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 22 answers
RELEVANCY SCORE 78.4

My browser or Google search seems to have a mind of it's own lately. I click on a topic but often it will show up in the search bar that it is redirecting to some ad site. If I cancel that and click the topic again it will then go to the correct site.AVG has quarantined an IDP.virus.CCE37861(or RUNDLL.32.exe), Win 32/Crytor and today found ProxyCheck.exe. I did not see the last one in there until I ran your program Rkill which also found it.I first tried using system restore but then had problems with the system errors with LogonUI.exe and CredUI.dll and finally ended up with a black screen. Had to physically unplug from power to restart into repair mode to get my desktop back. Then I uninstalled Firefox and finally was able to restore back. But when I reinstalled a fresh Firefox still I had the redirect problem.I have run Malwarebytes which found some Win32 things, the Rkill which found the ProxyCheck. I uninstalled the Firefox previously using RevoUninstaller in the advanced mode but did not use the delete personal settings in the Firefox Uninstaller.I want to know that hopefully after the Rkill and some Revo Uninstaller Junk files remover that maybe this thing is gone? How can I be sure? What do you recommend or can we look at to see if I'm okay now?Thanks Everyone for your help.

A:Firefox Google Search Redirected Often-IDP virus and ProxyCheck

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 9 answers
RELEVANCY SCORE 78.4

i have kept the original homepage that came with firefox which is http://www.google.com.au/firefox?client=firefox-a&rls=org.mozilla:en-US:official and has worked up until the redirection to ecata.info. when i search in google everything is redirected through ecata.info where sometimes the real page from google is displayed and sometimes it is a completely unrelated page. either way it severely decreases my browsing speed. i think this is some sort of spyware which i picked up from a bad torrent that came up with an error when i ran it and since then this has been happening. i ran spyware doctor scans, spybot search and destroy scans and avira antivirus scans and although infections where found and repaired (or removed) this issue still occurs. i have noticed that a lot of other people have been having a similar problem to me so i was wondering if there was some universal fix.

the attach.zip is attached.

here is the dds report:

DDS (Version 1.1.0) - NTFSx86
Run by Dellboy at 20:39:29.09 on Tue 06/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2455 [GMT 9:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
FW: ZoneAlarm Pro Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svch... Read more

A:firefox redirected to ecata.info on google search

Hello and welcome to TSF.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 78.4

The search results I get when searching through the Mozilla browser's google search box are being redirected to websites like hxxp://shopcompareus.com/ and hxxp://netshoppers.com/. This happens periodically. When you go back to the search results and click on the link a second time, it then goes to the correct URL. The only other strange activity on my PC is that the screens seem to refresh themselves a bit too often. Attached are all requested logs and I also have a HiJack This Log if needed.My System Info is as Follows:Hewlett-Packard HPE-170fIntel Core i7 920 @ 2.67GHz9 GB RAM64-bit OSWindows 7 Home PremiumSteps I have already taken:Run MalwarebytesRun SymantecRun SpywareblasterRun Spybot S&DRun AdawareRun SuperAntiSpywareRun TDSKillerUninstalled and Re-Installed JavaInstalled the latest Jave Mozilla Plugin and Deactivated the 2 old versionsSymantec found and deleted the following:DDS.txt Log:DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by suckerpunch at 12:41:28.14 on Fri 01/21/2011Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.9207.7066 [GMT -5:00]AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB7... Read more

A:Google Search Results Redirected In Mozilla Firefox

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 22 answers
RELEVANCY SCORE 78.4

Hi,

Most of the time when running a Google search on Firefox, I get redirected to Findstuff, shopica, etc... I think I have a piece of malware on my system. I did a search and saw similar post with the same symptoms and it looked like GooredFix and Combofix were used.

Can I get some assistance with this?

Thanks for any help

Read other answers
RELEVANCY SCORE 77.2

Clicking on google search results will redirect to spam/malware sites. Not every time however, I sometimes need to click cache on the results to get to the actual site. Only occurs in Firefox, not IE. Using V3.5.5

Spyware programs do not detect any issues. Reviewing the Hijack this log below doesnt clue me in on anything either. Any solutions?

----------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:57 PM, on 12/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMain... Read more

Read other answers
RELEVANCY SCORE 77.2

Hi there,I use Mozilla Firefox and when I click on a google search result, I am redirected to other pages. I used ComboFix (I know I shouldn't have) before actually asking for help on here because I saw another thread stating to use it in a google search. I have followed all the steps from the 'Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help'.So here's the requested information...DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 17:28:05.78 on 08/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1014.367 [GMT 1:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exesvchost.exeC:\Program Files&... Read more

A:Firefox infected causing Google Search Results to be Redirected

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 14 answers
RELEVANCY SCORE 77.2

Hello everybody,I am having horrible problems with my PC recentlyI have followed the step and have tried to collect some data to analyzePlease review first log and then HiJackThis one I ran DDS.scr but there is no log file created, neither attach.txtThanks in advance for your helpRespectfullyEdwardROOTREPEAL © AD, 2007-2009==================================================Scan Start Time: 2009/11/18 00:58Program Version: Version 1.3.5.0Windows Version: Windows XP Media Center Edition SP3==================================================Drivers-------------------Name: ACPI.sysImage Path: ACPI.sysAddress: 0xF738F000 Size: 187776 File Visible: - Signed: -Status: -Name: ACPI_HALImage Path: \Driver\ACPI_HALAddress: 0x804D7000 Size: 2150400 File Visible: - Signed: -Status: -Name: afd.sysImage Path: C:\WINDOWS\System32\drivers\afd.sysAddress: 0xAA52E000 Size: 138496 File Visible: - Signed: -Status: -Name: atapi.sysImage Path: atapi.sysAddress: 0xF7321000 Size: 96512 File Visible: - Signed: -Status: -Name: ATMFD.DLLImage Path: C:\WINDOWS\System32\ATMFD.DLLAddress: 0xBFFA0000 Size: 286720 File Visible: - Signed: -Status: -Name: audstub.sysImage Path: C:\WINDOWS\system32\DRIVERS\audstub.sysAddress: 0xF7BB4000 Size: 3072 File Visible: - Signed: -Status: -Name: Beep.SYSImage Path: C:\WINDOWS\System32\Drivers\Beep.SYSAddress: 0xF7A0E000 Size: 4224 File Visible: - Signed: -Status: -Name: BOOTVID.dl... Read more

A:Very slow PC, and IE and firefox Google search results get redirected (Probably hijacked)

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

Read other 2 answers
RELEVANCY SCORE 77.2

When I run a google search in Firefox, it returns a valid list. However, when I click on any of the links, they get redirected to bogus sites such as yellow pages, can't find web page, etc. When I hit the back button, it just returns the same page. I have to search again to find the links, copy them and paste them to get the information I need.

I've also had issues where GTalk and google desktop will not sign in. They keep trying to connect and get disconnected.

I ran Ccleaner to clean up cache. No luck. I have run spybot. It didn't correct the issue. AVG didn't find the issue. I'm at a bit of a loss on where to go.

I've attached the required logs....thank you for any assistance you can provide.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 3891 Mb
Graphics Card: Intel(R) HD Graphics, 1721 Mb
Hard Drives: C: Total - 294042 MB, Free - 176943 MB; Q: Total - 9999 MB, Free - 2384 MB;
Motherboard: LENOVO, 4313CTU
Antivirus: AVG Anti-Virus Business Edition 2012, Updated and Enabled

HiJackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:57:37 AM, on 4/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBan... Read more

A:Firefox 11 google search links redirected to bogus sites

A friend suggested trying Malwarebytes.

The following was found and quarantined but did not address the problem I am having.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
nicklombardi :: NICKLTHINKPAD [administrator]

Protection: Enabled

4/6/2012 10:19:56 AM
mbam-log-2012-04-06 (10-19-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 528966
Time elapsed: 1 hour(s), 22 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Temp\Utilities\Zwinky.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\nicklombardi\AppData\Local\Temp\9A74.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 

Read other 2 answers
RELEVANCY SCORE 77.2

Since last week whenever i do a search in google and then click on the links, they get redirected to random advertising websites. I have ran cclearner and Malwarebytes a few times each and have deleted the trojans that i have found from them. Even though malwarebytes and my ad-aware spyware dont find anything anymore, the problem still exists. I really need to get rid of this problem fast. While preparing to make this thread, i followed the directions. I got the DDS.txt and Attach.txt. I was not able to get the gmer log. I got GMER to run for about 5 minutes. While it was scanning, the computer crashed in the middle and restarted by itself.Here is my DDS log and attached it my ATTACH.txt:DDS (Ver_10-03-17.01) - NTFSx86 Run by Fine Star USA at 11:39:25.62 on Tue 08/10/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1058 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============H:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeH:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeH:\Program Files\AVG\AVG9\avgchsvx.exeH:\Program Files\AVG\AVG9\avgrsx.exeH:\Program Files\AVG\AVG9\avgcsrvx.exeH:\WINDOWS\system32&#... Read more

A:Google search links get redirected to other random sites in firefox

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 76.4

Please help! I am exhauseted trying to find a fix for this problem. I have tried all kinds of things with limited results. It is above my knowledge level and capabilities to resolve. I need somone with professional skills to help me resolve this problem.I did a bunch of s/w and driver updates and somehow my system became infected. It may have also been from Limewire / Frostwire (since removed). Also, I recall being prompted to install a plug-in or update a codec or something for Quicktime because my sytem was unable to process a file. After the download nothing happened, at least nothing appeared to have happened, but something else was installed. I think I have fixed part of the problem but have not been able to resolve everything. I removed Quicktime but have had nothing but problems since this download incident.I started getting random window pop-ups. Then I noticed that search results from from Google were getting redirected to marketing sites, alternative search engines, etc. I was using Internet Explore so decided to try Firefox in case it was only IE Explorer that was affected. Firefox had the same problem with Google search results getting redirected. I decided to try a malware removal software but needed to boot into safe mode to use it effectively. This was when discovered I could no longer boot into safe mode. Every time I select safe mode (no network) it appears to start listing a bunch of files but then stops and goes back to rebooting again which brings ... Read more

A:Google & Firefox search results redirected plus can't boot into safe mode

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exenetsvcsmsconfig/md5startproquota.exeeventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.sys/md5stopCREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

Read other 12 answers
RELEVANCY SCORE 72.4

Hi,

I spent a few painful hours at my inlaws house last night with no luck. Symptoms are as follows:
Occasional 100% CPU usage from two processes: rng.exe and NotifyAlert.exe (Might be unrelated, I uninstalled some Dell Support stuff and haven't seen this any longer)
Browsers (IE and FF) are redirecting search results to spam sites.

I'm out of the loop as far as good malware removal strategies since I thankfully haven't had any problems with any of my own PCs. I ran SUPERAntiSpyware and MalwareBytes, also installed Microsoft Security Essentials. Previously they had AVG 9 which was up to date, but didn't catch this. I've also tried rolling back to a previous restore point with no luck.

Here's the logs, any help would be appreciated!

Thanks,
-Brett.




DDS (Ver_09-12-01.01) - NTFSx86
Run by The Voleskis at 18:50:44.06 on Thu 12/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.121 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsv... Read more

A:Unknown infection. Search results redirected, occasional 100% processor usage.

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT


Click the "Quick Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

Read other 3 answers
RELEVANCY SCORE 70.4

Hi guys,

I had a problem with XP Defender which I managed to remove but since then if I click on google search results I am being redirected to random sites. I am also getting new tabs open in Firefox with random sites on.

Since today my laptop can't seem to read any memory sticks or memory cards. It will appear in my computer but if I try and open it, it says it is not formatted, do I want to format it now. I have tried 3 different memory sticks and one memory card, all of which are working in another computer. Not sure if this problem is related but it has happened at the same time.

I have run C Cleaner, Super Antispyware and Malwarbytes but they aren't picking anything up.

Hijack this log is below.

Thanks in advance for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:13, on 10/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.ex... Read more

A:Getting redirected from google and popup tabs

Read other 16 answers
RELEVANCY SCORE 70

Hello,

Thank you for your help. It is truly appreciated. I tried numerous programs, such as Malwarebytes, to remove whatever it is my computer caught.
Symptoms: Hijacked browsers: IE, Mozilla and Chrome
When I perform a search and click on the search engine results, the page is being redirected or new tabs are opening up with scam websites.

Below, you will find the DDS text file. I tried running GMER, which scanned my computer for 1.5 hours, but the computer crashed before it could finish.

Thanks again.

Katrin

+++++++++++++++++++++++++++++

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Dell at 9:32:38 on 2011-12-05
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.1021 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system3... Read more

A:Hijacked browsers - new tabs up, search results are being redirected

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430918 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 68.4

i accidentally downloaded a keygen the other day (was supposed to click serial -.-) and have now ended up with one hell of an infection that keeps opening random tabs with search results in them of things i've typed, and it keeps redirecting google searches to really nasty sites and also sites like ask.com and ebay ;s oh and ever since this has been happening Google Chrome has stopped working? so i'm forced to use the ridiculous search virus infected firefoxhere is my hijack this log;QUOTELogfile of Trend Micro HijackThis v2.0.4Scan saved at 09:10:01, on 14/06/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18904)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Windows\RtkA... Read more

A:Google search redirect and random search tabs problem :( help!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 67.2

Hello, came to this site after being frustrated by my laptop. Also motivated by the fact that a similar (same?) problem was solved on the thread http://www.bleepingcomputer.com/forums/ind...850&hl=db76It started three days ago when I noticed that my google searches (on firefox) were leading me (when I clicked on them) to random websites. One of them is toseeka, and a couple were pages non-existent, and I believe a couple were shopping sites. 1. I ran full scans using symantec and spybot S&D, nothing came up.2. I downloaded and ran Malwarebyte's anti-malware program, and Superantispyware. Both of them found something, and they seemed to quarantine/remove the infection. However, when I used google again, the problem persisted. I ran both the programs again and they found nothing. I tried running them in the safe mode and they still did not find anything.In frustration, earlier today, I completely un-installed firefox and reinstalled it (version 3.5). It initially seemed not to redirect anymore, but that did not last. Around this point, my attempts to reboot were followed, some times, by the blue screen at startup asking me to remove any new software/hardware that I have installed. I resisted the temptation to remove the new anti-malware software that I have downloaded. I am able to always boot into the safe mode.In the normal mode, it gives me the blue screen some times. After a couple attempts, I was able to get into the normal mode, get online, download DDS.scr and ru... Read more

A:Firefox google redirect followed by occasional blue screen

Hello frustration_persist,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

Read other 2 answers
RELEVANCY SCORE 67.2

When I use Google the search links redirect to other sites about 50% of the time and will go away and return without any obvious reason. I will click on the search result and be taken to a site like informationgetter.com, bcckools.com, "randomnumber".blueseek.com, etc. I am running Windows Vista Ultimate.

I've tried combofix, Avast, AVG, Ad-Aware, IObit, and Malwarebytes in both regular and safe modes. Below is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:17 AM, on 12/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C... Read more

A:Occasional Redirects to other Sites from Google Search Links

Read other 6 answers
RELEVANCY SCORE 66.8

I don't use many other browsers than google chrome, and I have recently run into a strange redirect. When I click on a google search result, every now and then (maybe 1 in 6 times) the search result i click on will have that search result searched for in another website i get redirected to called butterfly search engine. I have trilled tsskiller and malware bytes scan, nothing detected anything. Here is my hijack this log and dds log.

hijack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:58:33, on 2012/06/11
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\excellence\Desktop\S4League\HGWC.exe
C:\Users\excellence\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\excellence\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\excellence\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\excellence\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\excellence\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\excellence\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\excel... Read more

Read other answers
RELEVANCY SCORE 65.2

Hi, I am having trouble with using google on a computer running Windows XP SP3. The links from search results are being redirected through the pages "basic-search.net", "get-answers-fast.com" and "easyA-Z.com".

Steps taken so far:
1)
Attempted manual removal of files after searching for this problem on google. Located and removed files in
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader
"qmgr0.dat" and "qmgr1.dat".

These had to be removed in safe mode - upon restarting they were back again.

2)
Scanned computer using malwarebytes and spybot s&d. Other than tracker cookies, no problems were detected.
Scanned computer using TDSSkiller, which found nothing either. Some unregistered drivers were found when the optional settings were enabled.
Attempted scan using combofix, based on the success story here:
http://www.bleepingcomputer.com/forums/topic412458.html/page__st__45
although this stalls soon after it starts scanning for infected files.

Any help would be greatly appreciated.

A:google search results redirected (basic-search.net, get-answers.fast.com and easya-z.com)

Hello and welcome pezboytom! We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Include a link back to this topic.Let me know if that went well.

Read other 5 answers
RELEVANCY SCORE 65.2

My windows and other programs will not update and Windows update redirects to Google. Any searches in google will redirect when I click on a link. I have run Malwarebytes, Superantisyware and Hyjackthis.This is the latest Hijack this log. I would appreciate any help you can give me.Thanks,PaulLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:48:59 PM, on 2/10/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\WINDOWS\mHotkey.exeC:\WINDOWS\CNYHKey.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\WINDOW... Read more

A:Windows update redirects to google, and other search results being redirected to different search engines

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 2 answers
RELEVANCY SCORE 65.2

Logfile of random's system information tool 1.06 (written by random/random)Run by Naitik Bhatt at 2009-06-29 14:10:11Microsoft Windows XP Professional Service Pack 2System drive C: has 17 GB (46%) free of 38 GBTotal RAM: 2038 MB (57% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:10:15 PM, on 6/29/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.ex... Read more

A:Infected with trojan malware, google search redirected (search-tracker.net)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 64.8

When doing google searches in Firefox or IE the links will get redirected when clicked on.
When the redirect is happening www.search-tracker.net appears in the bottom bar of firefox and the page displayed is wrong.
If I copy the link from the page (right click/copy link location) and paste it into the tile bar it always works correctly.
AVG does not show any issues.
Comcast cable network offers free install of McAfee security suite that I use to run.
When this issue showed up I found I could no longer do a virus scan with McAfee as the computer would reboot when the scan started.
All the management functions of McAfee worked fine but start a scan and the computer reboots.
I uninstalled McAfee and installed AVG.
AVG did one round of cleaning and now can't find anything.
I don't remember what AVG found other then tracking cookies. If it leaves a log behind that may still be around.
I have tried to install and run Malwarebytes' Anti-Malware.
It seems to install fine but will not run. Double click the icon and nothing.
I have uninstalled and reinstalled several times but nothing. Never tries to do the update either.
I have uninstalled and reinstalled Firefox but that did not help.
I just copied the the mbam.exe file to a new name and double clicked that and it started up. Cool.
I have attached the attach.txt file.
The Malwarebytes run finished. 1 Trogan.Agent was found. I have attached that log file also.
I will send this and then have Malwarebytes remove it. I will then ... Read more

A:Links in google search results get redirected / www.search-tracker.net

Hello dchoyt,Uninstall these old versions of Java, as they are malware magnets. Java™ 6 Update 2Java™ 6 Update 3Java™ 6 Update 5Java™ 6 Update 7Java™ SE Runtime Environment 6Java™ SE Runtime Environment 6 Update 1We will run ComboFix. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member. You need to disable your AVG Antivirus before running ComboFix, as it will prevent it from running. To disable AVG antivirus: Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this ... Read more

Read other 15 answers
RELEVANCY SCORE 64.8

ok, I have tried to fix this for days and ready to shoot myself or my computer. I have tried avira, malwarebytes (found Defender), Avg9, and HitMan Pro. None of these are tackling this. I'm on XP using Firefox 3.6.3When I search for something, the link redirects me to a bogus site.Also, additional tabs open up (without my aid) in Firefox that are bogus sites.Though it has been inconsistent I have also had problems with the blocking of the internet where the connection just give me a message that it's trying to get the IP address.Any help would be amazingly appreciated. I've been fighting this for 5 days now.Below is the HJT log I just ran.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:46:56 PM, on 6/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files\AVG\AVG9\avgcsrvx... Read more

A:Firefox Search Redirection and additional window tabs

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appe... Read more

Read other 15 answers
RELEVANCY SCORE 64.8

I accidentally downloaded iMesh with a Firefox upgrade and now can't get rid of it. I have Windows 7 on my Dell Studio XPS desktop, but this is not a systems problem. I first went to the Control Panel and uninstalled iMesh through Add/Delete Programs, but still find that iMesh is embedded somewhere, as it now controls the new tabs portion of the Firefox browser where I used to have my 9 most favorite websites listed. Any new tab will now show the iMesh search engine. I can't get rid of it. Help!
 

A:Solved: iMesh search controls Firefox tabs

Read other 11 answers
RELEVANCY SCORE 64.8

I have tried on my own for a few days to clear this mess up. I see quite a few people that have had the same issue as me. I run Windows Xp Home EditionSo far I have:Ran AVG full scanRan Malwarebytes full scanRan Spybot Search & DestroyRan Superantispyware free editionRan Disc clean UpInitially I had that 2010 Anti Virus (I forget the name) virus downloaded (changed my desktop wallpaper too...since fixed). Luckily, I had all of the tools listed above. I just did another scan with everything above...nothing was found. I am still getting random tabs opening in my firefox that open strange web sites. I also cannot click on search links through google or I get redirects to strange sites. Here is my HijackThis log. Thank you in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:14:00 PM, on 1/25/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Fil... Read more

A:Tabs Pop Up, Redirects From Google Search

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS or GMER log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

Read other 2 answers