Over 1 million tech questions and answers.

Random redirects in Firefox

Q: Random redirects in Firefox

I have a similar problem to http://www.bleepingcomputer.com/forums/t/271417/google-redirect-both-ie-and-firefox/When I search in Google and click on a link in the organic search section I occasionally get redirected to another site. At first, I was being redirected to various Clickbank products. I did some research and found it was always a hoplink with a certain affiliate code. I alerted Clickbank and they have closed that account. But I'm still getting redirected, it just goes to an error page from Clickbank stating that the account has been closed or disabled. I also get redirected to Amazon. I'm assuming that it's probably the same guy. The redirects happen randomly (not every time). I use Firefox 3.5.5. I'm also using TrendMicro Internet Security Pro 17.1.1250 with the latest updates.I've run full scans with both TM and MalwareBytes, but neither find any problems. I don't see anything that pops out in my HighJackThis Log.Usually, I can find and remove these things on my own, but this is over my head. I'm stumped. I've seen other posts with similar problems that point to it being a rootkit and that's a little beyond my level of expertise.Please help. Thanksrbr451

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Random redirects in Firefox

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 65.2

Hello,I have been lurking bleepingcomputer as a non-member for a while now. I typically am able to find the instructions to fix almost any problem a computer (be it mine or a friends) has from your forum. Now it seems I am unable to find the solution to my specific problem, so I finally signed up as a member! My problem is similar to all these redirect virus issues I have been reading, but slightly different and not quite the same.Here's the problem:Randomly when I am browsing the internet, every now and again a site that I come across (typically while using StumbleUpon [Firefox Add-On]) will redirect to some completely random site. It doesn't appear to follow any pattern, and has redirected to various different websites. The websites I am redirected to are rarely the same website I was redirected to before, the only exception being theclickcheck.com and yellowpages.com, both of these websites I have been redirected to more than once. Additionally, even if I don't have a browser open a pop-up will appear in a new window. If a browser is open, the pop-up window error will occur more frequently it seems(in a separate window, not a separate tab). Also, I noticed each redirect or pop-up goes through google-analytics.com, so this may still be the google redirect virus, but I am unsure.I have had this issue for about a week now, and I have been unable to get the time to really find the problem. I wish to do online banking, bill paying, and the what not but fear that... Read more

A:Random redirects and occasional pop-up while browsing with Firefox (particularly when using Firefox Add-On StumbleUpon)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

Read other 3 answers
RELEVANCY SCORE 64.4

Recently i have been getting a lot of random pop-ups that normally lead to sites trying to give me a virus. AVG Free Edition 9.0 always blocks these attacks but i really want to get rid of this because i can't ever get to the site i am trying to get to. About a week ago i had a rouge anti-virus (Windows Defender 2010) which i finally got rid of using Malyware Malbytes. After that my PC was acting weird and Just-In-Time Debugging keeps popping up. Sometimes SVChost or something like that crashes and then nothing works. Also after i removed the rogue anti-spyware none of the icons on desktop or in start folder would open. So i looked it up and i had to copy this into notepad and save it as fix.reg.

Pasted the following:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

This let me open all programs but then Mozilla Firefox would do random tabs and redirects.
Also i tried this.

Went to: C:\WINDOWS\system32\drivers\etc
Opened Hosts and deleted EVERYTHING. Then saved.
Deleted all backup hosts and thats about it.
A... Read more

A:Random Redirects on Clicking Links or Random Tab Pop-ups In Firefox

Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Make sure the Sections option is checked (in the right hand panel). Leave all other options unchecked!Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

Read other 6 answers
RELEVANCY SCORE 64.4

EDIT: Split from here: http://www.bleepingcomputer.com/forums/t/311114/random-redirects-on-clicking-links-or-random-tab-pop-ups-in-firefox/ ~BPOk heres all the files. I skiped step 9 as i did not know if i need to create a new post or continue this topic.DDS.txt:DDS (Ver_10-03-17.01) - NTFSx86 Run by alex at 22:10:32.04 on Tue 04/20/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.367 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AirLink101\AWLL5026\WLService.exeC:\Program Files\AirLink101\AWLL5026\AWLL5026.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\ehome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\AVG\AVG9\avgnsx.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeC:\WINDOWS\sy... Read more

A:Random Redirects on Clicking Links or Random Tab Pop-ups In Firefox

Hi, qwertyasd Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------Double click on combofix.exe & follow the prompts.Install the Recovery Console if prompted.When finished, it will produce a report f... Read more

Read other 10 answers
RELEVANCY SCORE 62

occasionally, clicking a link in Firefox browser initiates a redirect... usually a page of links, or a yellowpages-type of site.

in a separate, but related thread, boopme asked me to run Fixtdss and aswmbr then MBAM and post the logs in a new topic thread....

brb with logs

A:Random Firefox Redirects

fixTDSSno infectionsaswmbr log:aswMBR version 0.9.9.1532 Copyright© 2011 AVAST SoftwareRun date: 2012-03-06 21:13:34-----------------------------21:13:34.355 OS Version: Windows x64 6.0.6002 Service Pack 221:13:34.355 Number of processors: 2 586 0x170621:13:34.356 ComputerName: OFFICE-PC UserName: Jim21:13:35.068 Initialize success21:16:28.653 AVAST engine defs: 1203060021:17:35.084 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-021:17:35.085 Disk 0 Vendor: WDC_WD6400AAKS-75A7B0 01.03B01 Size: 610480MB BusType: 321:17:35.106 Disk 0 MBR read successfully21:17:35.107 Disk 0 MBR scan21:17:35.124 Disk 0 Windows VISTA default MBR code21:17:35.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 126500 MB offset 204821:17:35.158 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 483977 MB offset 25907404821:17:35.161 Service scanning21:17:35.850 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 3221:17:36.386 Modules scanning21:17:36.388 Disk 0 trace - called modules:21:17:36.392 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80077f32c0]<<spnl.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 21:17:36.394 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008b05790]21:17:36.397 3 CLASSPNP.SYS[fffffa6000fccc33] -> nt!IofCallDriver -> [0xfffffa80079ed9b0]21:17:36.39... Read more

Read other 9 answers
RELEVANCY SCORE 62

with MBAM currently installed, i wonder if it is interfering with SystemShield... I see in the DDS.txt log that SystemShield is disabled, but i can "see" that it is running.

when this is all over with, as much as i have enjoyed using Iolo system mechanic (utilities) and thus bought Systemshield to go with it... maybe you can make a recommendation for preferred/better virus protection SW... Is SystemShield not as good as i was lead to believe? Maybe It didn't matter, and any AV would have had this issue(?)

ok, talk to you soon...

A:Random Firefox redirects

fwiw.. i just got a redirect when i was trying to navigate to change my notification options on your site... took me to this address:

http://click.get-answers-fast.com/ads-clicktrack/click/jump2.do?affiliate=46831&subid=7_f8&terms=bleepingcomputer.com%20user%20cp

Read other 19 answers
RELEVANCY SCORE 62

Don't know where I picked up a bug, but it randomly redirects every 25th click or so to sites like PCKeeper and feedbackexplorer. FWIW, I just switched to Windows 10 last week and the problems started a few days ago.  Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015Ran by Jerome (administrator) on HAL (07-12-2015 05:48:04)Running from C:\Users\Jerome\DownloadsLoaded Profiles: Jerome (Available Profiles: Jerome)Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe() C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(Qualcomm Atheros... Read more

A:Random Redirects in Firefox

Greetings DocWhoops and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter probl... Read more

Read other 12 answers
RELEVANCY SCORE 61.2

Although I consider myself fairly astute at resolving computer issues, this one has gotten the best of me. When I do a Google search using Firefox 3.0.6, i get randomly redirected to non-related sites when i select a google provided link. Sometimes clicking on the link is successful; othertimes i'm redirecting to anything but what I was looking for.I've run (in safe mode) Malwarebytes anti-malware, Super AntiSpyware Free Edition, Spy-bot 1.6, AdAware, as well as McAfee. I've been "successful" in removing a few trojans (vundo), but nothing has helped the redirect problem.My HiJack log is:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:18:50 PM, on 2/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Lo... Read more

A:Random redirects when using Firefox (HijacK)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 61.2

Hi First time posting. So I don't know if this is the correct part of the forum to submit to so if its not, just let me know where to submit  it to  My problem is that I use Firefox (main browser Win 7) to browse and every so often it will redirect my websites to adware. For example when I "middle click" on a site at Google or Reddit, it usually opens a new tab but sometimes it opens this completely other site which im guessing is malware, I use Adblock Plus so not every malware site redirects to it, a lot of the time it is just a blank page with an obvisouly incorrect URL. I used to be able to browse just fine, but now it seems every so often that it wants to redirect me to this other site. MSE always pops up telling me it wants to send a ".tmp" file to Microsoft because it doesn't know what it is. But whenever I use MSE or Malware Bytes (even on the full trial version, or rootkit scan) it never picks up anything when it has been scanned. I have scanned it normally and on Windows safe mode. If anyone could help it would be much appreciated. Thanks.

A:Firefox redirects random websites

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create M... Read more

Read other 1 answers
RELEVANCY SCORE 60.4

Was having random browser redirects and popups in Firefox
AVG & Malwarebytes found nothing.
Ran some misc fixes based on forum entries.
Computer seems better but would like confirmation that there is nothing lurking.
Ran scans based on "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help"
DeFogger
DDS
GMER

Can you review the attached scans, and let me know if any further action
is required.

Thanks

A:Random browser redirects and popups in Firefox

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 60.4

A few days ago, I started to get browser redirects in both IE and Firefox - it seems random in Firefox; in IE, it's about every second or third link that redirects in a Google search. I'm also getting random popups from both IE and Firefox. I have ran Malwarebytes, Adaware, Trend Micro's Housecall, Spybot, SuperAntispyware. I had upgraded Adaware to their paid service, and it found trojans, but did not take care of the popup and redirect problems. Now, nothing is being found by any of the anti-malware, but I'm still having the same issues. I'm having issues getting into Adaware to give details on the trojans. Additionally, I downloaded CA Anti-Virus Plus Anti-Spyware 2010, but the install failed and now I can't get rid of it off of my computer. I am hoping I'm doing this right, here is my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:38:38 AM, on 4/11/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program File... Read more

A:Browser redirects in both IE and Firefox - random pops also

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%appdata%\*.exe%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exenetsvcsmsconfig/md5startproquota.exesfcfiles.dlleventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dllbeep.sysiaStor.sysnvstor.sysatapi.sysnvatabus.sysviamraid.sysnvata.sysiastorv.sys/md5stopCREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

Read other 35 answers
RELEVANCY SCORE 60.4

Hi, as the topic says my problem is random redirects and Firefox isn't saving browsing history for more than a day, and that has nothing to do with settings.
The only redirect address I've noticed and remember is server2.mediajmp.com, but there have been others.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:59 AM, on 6/23/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Steam\steam.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Lovick\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aqworlds.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&... Read more

A:Random Redirects and Firefox not saving history

Read other 7 answers
RELEVANCY SCORE 60.4

Well, like the title says, Firefox keeps redirecting me to random sites. For instance I clicked on a wikipedia link and got sent to Travelocity.com. This just started happening earlier today, out of nowhere, and it's only Firefox that does this. The last things I remember downloading are Artweaver, Torsion, Notepad++, and Torsion, but that was all maybe over a week ago. I've used Malwarebytes' Anti-Malware and deleted four infected files. I've researched a few other threads but I'm still not exactly sure what I need to do. Can somebody please give me some direction? I'm using Windows XP by the way.
 

A:Mozilla Firefox Redirects to Random Sites

Read other 16 answers
RELEVANCY SCORE 60.4

For the past 3 days, this computer has had several problems with getting on the internet. I was able to solve some of the problems preventing Firefox from being opened, but two issues still remain.1) While using Firefox, and I am unable to use anything related to google.comGoing to google.com returns a white page with "404 Not Found" in large text, and "nginx" in smaller text below that.2) I randomly get redirected to advertising websites while viewing some of my favored sites.For an example of 2:
Spoiler
Earlier I was viewing Blizzard's Blue posts at http://blue.mmo-champion.com/1st: Went to http://blue.mmo-champion.com/2nd: I click a topic of interest, went to http://blue.mmo-champion.com/topic/191513/negative-ghostrider-the-pattern-is-fullThis next part is where I get redirected3rd: I click one of the buttons, the Blizz button with the arrow, which normally is supposed to take me to the source or the post itself.I'm supposed to go here: http://us.battle.net/wow/en/forum/topic/3048064944?page=19#371But instead, this shows up in my browsing history:http://allglobesales.com/aff?aff=http%3A%2F%2Fbridge2.admarketplace.net%2Fct%3Fversion%3D7.0.0%26key%3D62256396176.3275365%26ci%3D1313772378950.10158&i=HctLDoQgDADQdW_RC0iQj5Xj1AIOyQgTMOH6mtm-5JFTwSnjVmU2ME6DVtpY8kCwARkbJW-aD-Gd6BBKa7C7DzH4KDaDBLiutsiHr19pFRecrX8jtoyTu3TON9Y0B3KN2LnEUk8cd-c7nSUNfPOfx_vmAw~~http://bridge2.admarketplace.net/ct?version=7.0.0&key=62256396176.3275365&ci=131377... Read more

A:404 nginx google/firefox - random redirects

Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Read other 20 answers
RELEVANCY SCORE 60.4

Recently purchased new laptop this thing has had next to none internet exposure however its seems i've still managed to pick somthing up....

Simply put everytime i open a new search in firefox i'm redirected to sites i've not searched for an example of would be searched facebook clicked on the link and found myself at ebay.. I have installed mcafee security center run a full scan and found nothing i have noticed there is another thread on the forum with the exact same problem so it nice to know i'm not the only person in this boat....

DDS (Ver_09-05-14.01) - NTFSx86
Run by Tim at 23:46:12.16 on 28/05/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.44.1033.18.894.200 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C: ... Read more

A:Browser (firefox) Redirects to random sites.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 60

Hi, I suspect I'm infected with spyware. Wierd web pages redirects started after I went to a friend's lan party.

Another friend told me to run Malwarebytes' Anti-Malware, which I did. It found 11 infections which it promptly removed. It seem better for a day or two but now it seems to have resumed.

I have no idea what to do next. Any help would be greatly appreciated.

I am running Windows XP Pro SP2 (x64).

Here are the information requested in the forum :

>>> HijackThis >>>
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:21, on 26-02-2011
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Boot mode: Normal

Running processes:
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\TÚlÚchargements\_CLEANT_IT_\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit,
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Vis... Read more

Read other answers
RELEVANCY SCORE 60

Hey, i tried using a windows vista recovery disc, but that does me no good, i get google redirects almost 90% of the time i click a link, and when i want to shut down my computer, i cant because it just shows a blue screen warning, then restarts. My computer is also very slow now, any help?
 

A:I get google redirects, random firefox tab ads and blue screens

Read other 16 answers
RELEVANCY SCORE 60

Hi,

I seem to have picked up a nasty trojan. I use Firefox 3.5 to browse (though the issue happens with IE too).. For the past several days, while clicking on a google search result (or links on other pages), I get a new firefox window opened with 3 tabs. The first 2 tabs are just urls with weird characters. The 3rd tab is usually pointing to a mozilla folder followed by funny characters: Message: Firefox can't find the file at /C:/Program Files/Mozilla Firefox/<funny characters>

I have VirusScan OnAccess enbled and it constantly seems to be cleaning a file iaStor.sys, which it detects as a trojan. But cannout seem to fix it. I ran MBA-M and it does not detect anything. VirusScan on-demand also detects nothing.

This is my work laptop and am afraid to lose anything. Please help !!

At wits end.
Saandy

A:Google search results and FireFox/IE random redirects

This is my work laptop and I am really worried. Can someone please respond and help ? Do I need to run HJT and post the logs first ?

Worried...
Saandy3

Read other 1 answers
RELEVANCY SCORE 60

A while ago I got the fake antivirus malware. I ran Malware Bytes that seemed to have solved the problem. Then after a while I started noticing random redirects after I search on Google. I've ran GMER and Hijack this and have attached the logs. I super appreciate it, thanks for your help in advance!GMER Scan Log:=====================GMER 1.0.15.15281 - http://www.gmer.netRootkit quick scan 2010-07-28 16:53:57Windows 6.1.7600 Running: 5m4tw2w6.exe; Driver: C:\Users\philyuen\AppData\Local\Temp\fxldipog.sys---- System - GMER 1.0.15 ----Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x90329B9C]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x903299C0]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x90329AFA]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSectionCode \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Micr... Read more

A:Spyware that does random redirects in Firefox Google Search

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 22 answers
RELEVANCY SCORE 60

Hi,

I recently had a virus/rootkit or some type of malware installed on my computer. Basically because I accidentally clicked yes to one of those "you're computer is infected" links. I ran Malwarebytes and AD-Aware before hand and I thought I got rid of everything, unfortunately I did not as Firefox still opens random tabs.

I read the first steps, my logs are attached below. Unfortunately I do not have a Windows Install CD, I think it's forever lost somewhere.

I read the previous posts similar to mine but was not able to figure out what exactly to do. Any help would be greatly appreciated!




DDS (Ver_10-03-17.01) - NTFSx86
Run by Gov at 18:12:00.67 on Thu 05/13/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.1727 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe ... Read more

A:Firefox opens random tabs / redirects sites

Hi ettes and welcome to TSF.

If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

** Note: Please stick with me until I declare that your system is free from malware. Even though your system may not have any symptoms of malware, it may still be infected. **

--------------------------------------------------------------
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can find instructions HERE.

Reply back with the following: C:\ComboFix.txt

Read other 19 answers
RELEVANCY SCORE 59.2

Hi folks I seem to have the usual unknown malware pest attack!I've been away from my computer (was traveling and using the laptop) and noticed that internet was so slow. I have 1MB plan but I get 256kbps or something. Then occasionally I would have random pop-ups when I click on some websites, I use firefox and when I open a blank page I get a Pesar website instead. I hope someone can help me! Thank you in advance!!! Here is my log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:23:03 AM, on 4/23/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18904)Boot mode: NormalRunning processes:C:\Windows\Domino.exeC:\Program Files (x86)\Rainlendar2\Rainlendar2.exeC:\Program Files (x86)\Launchy\Launchy.exeC:\Program Files (x86)\DestroyTwitter\DestroyTwitter.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\SonarPM\SonarPM\sonar_gui.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files (x86)\Trillian\trillian.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\... Read more

A:SLOW INTERNET, RANDOM POP-UPS, FIREFOX REDIRECTS TO SPAM WEBSITES

hi Tengal,Your log is a few days old. If you still need help simply reply to my post.

Read other 3 answers
RELEVANCY SCORE 59.2

Hi,

I've recently discovered what I believe is a trojan horse, which is hijacking links, and taking me to different sites from the one that I requested. This does not happen every single time, but is obviously causing a lot of worry and stress about whether the sites I am looking at are the correct ones. If anyone could help, that would be very appreciated.

My DDS log:
DDS (Ver_09-05-14.01) - NTFSx86
Run by Matt Tremayne at 10:28:26.65 on 20/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1023.371 [GMT 1:00]

AV: PC Tools AntiVirus 5.0.0.16 *On-access scanning enabled* (Updated) {832E7172-E406-4BB2-8B19-6D29F2C93A98}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program... Read more

A:Using IE7 or Firefox, clicking on links redirects me to totally random sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 38 answers
RELEVANCY SCORE 58.4

http://www.bleepingcomputer.com/forums/topic459101.html
as an add-on, firefox in general runs sluggishly

I skipped step 8 in the preparation guide: http://www.bleepingcomputer.com/forums/topic34773.html since I have a 64 bit computer

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Rajiv Desikan at 23:53:58 on 2012-07-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8106.5432 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program... Read more

A:Firefox google redirects to webhp after a search/opens up random links

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 16 answers
RELEVANCY SCORE 58.4

Firstly, I think I probably got this from some shady porno sites while in private browsing, fwiw

basically, whenever I google stuff using firefox on my laptop (64 bit windows 7, dell xp), oftentimes, when I click on the links, it opens up some random spam website. It takes numerous clicks to actually get the actual link to open. Also, when this doesn't happen, clicking on any google searches redirects the browser to google.com/webhp. I have to exit this tab and open a new tab for google to work after this. Finally, firefox now uses up to 25% of my cpu performance when I check my task manager. So far, these problems only exist on firefox, and IE is fine, but I'd still like to get rid of this possible malware. Thanks!

A:Firefox google redirects to webhp after a search/opens up random links

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

Read other 6 answers
RELEVANCY SCORE 58.4

I've recently had many trojans get downloaded onto my computer when AVG crashed while detecting several threats. I remember my pc being locked out where I could not open any programs or task manager unless I download the fake anti-malware program. I had several types but I could only remember anti-malware doctor being present. I removed most of the stuff with malwarebytes, spybot and SUPERantispyware in safe mode but it doesn't seem to get rid of my firefox browser directing me to a random site periodically. I scan multiple times a day and each time I find a trojan which I thought I had already removed. Also GMER.exe seems to freeze whenever I try to scan and my CPU goes to 100% whenever the program is opened.Any help would be much appreciated,- JennyDDS (Ver_10-03-17.01) - NTFSx86 Run by User at 1:56:35.90 on Tue 09/14/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1202 [GMT 10:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.... Read more

A:Firefox opens/redirects to a random ad website randomly, as well as infections with various trojans

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 13 answers
RELEVANCY SCORE 58

Hi,A couple days ago I got a virus or something that would pop up a fake Windows AntiSpyware (don't remember exact name) program. I was finally able to get rid of it using AVG and MalwareByte's Anti-Malware.Now Firefox will open up random tabs on it's on (don't have to click on anything) and when I click on links sometimes it will redirect me for like 5 clicks of the link and then after that allow me to go to the site and then it will repeat this action maybe 10 minutes later.It also will not let me go to the microsoft update site (in IE and Firefox), and when I search w i n d o w s u p d a t e . m i c r o s o f t (without the spaces) in google or any text field that I submit (tried it in a forum) (in IE or Firefox) it will just bring up a page that says connection was reset or page failed to load. I have also tried it in safe mode and I get the same symptoms.I have tried running MalwareByte's Anti-Malware, Spybot S&D, AVG, and HJT. At one time MalwareBtyes said something about a tcipip.sys thing but I don't remember too much about what was wrong.I followed the prep guide but I cannot get a full gmer scan to run. It either just restarts my computer, freezes, shuts down the program, or locks down my computer (have to do a hard reset).Thanks for any and all helpEDIT: One of the pop-up tabs lingered on a site for a second before going to an ad site, the url of this site was..hxxp://apachejct.com/key/?qs=9434cd09aed34cc216c628c7eac958b4aa78b00b6706ac1a... Read more

A:Firefox opens random tabs and redirects, blocks microsoft update - rootkit?

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 8 answers
RELEVANCY SCORE 57.2

Ok so i've noticed that firefox randomly will open ad pages in new tabs and redirect my google searches.

I have run complete scans with superantisypware, avira, spybot, malwarebytes, iobit security 360 and inbuilt windows malware scanner. Some of which came up with detections which i got rid yet the problem remains. I tried to restore my comp but it failed, obviously one of the malwares clever tricks.

Here is my DDS log. The attach.txt file is attached but i could not get the GMER rootkit scanner to work. It would complete the scan but as soon as i tried to save it it would give a blue screen and restart...not good i would say. So hence i dont have an ark.txt.

Really starting to worry. I read that these things are usually to direct internet traffic to specific sites to increase ad revenue for the malware people. I havn't done any internet banking cos i am not that foolish but is there much of a chance they will get control of my gmail or facebook accounts? How paranoid should i be in terms of infections spreading to other networked computers and external hard drives?


DDS (Ver_09-12-01.01) - NTFSx86
Run by Darren at 16:35:42.58 on Wed 13/01/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.3323.2523 [GMT 10.5:30]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system... Read more

A:Due to adware/spyware/malware firefox opens random tabs and google redirects pages

BUMP, please

Read other 12 answers
RELEVANCY SCORE 54

Hi, and thanks in advance for helping. It really is a great service of you guys.Anyway, I do my best to keep my computer very clean. But low and behold, random websites open every few minutes, I'll turn on the computer and hear ads for condoms, etc., without seeing any browser open (the firefox process will be running though), and I keep getting error messages telling me firefox or I.E. or some other program has to quit. In fact, I just received one saying that the media center store has stopped working:Problem signature: Problem Event Name: APPCRASH Application Name: mcupdate.EXE Application Version: 6.0.6002.18005 Application Timestamp: 49e02324 Fault Module Name: StackHash_27f2 Fault Module Version: 0.0.0.0 Fault Module Timestamp: 00000000 Exception Code: c0000005 Exception Offset: 0001197d OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 1033 Additional Information 1: 27f2All other information, including root repeal, is below or attached. I am just exhausted and it's taking forever to complete). I have run a norton scan, a bit Defender scan, a windows live scan (that seemed to fail at the last step), a Malwarebytes scan, an ad-aware scan, and a spybot scan. Nothing has helped except that the bit defender scan pointed out a possibly infected file labeled 86.tmp and mentioned Trojan.TDss. However, I followed all directions and the problem remains, though the file is gone as bit defender deleted it. Thanks much for helping me. I really do appreciate it.DDS (Ve... Read more

A:Malware -- Site Redirects/Random Ads invisibly running/Firefox stops running (I.E. Too)

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 31 answers
RELEVANCY SCORE 51.2

Hi:

My computer is brand new out of the box couple days ago. Bought it because my other machine was atacked by malware. I did not download anything from old machine onto new. I did go to my aol email account and signed in. Imediately after this new machine is redirecting google searches, randomly, and also seems to redirect the second I try to sign on to my aol email.

Here are my highjackthis logs. Please advise and help!
The highjackthis scan also says: 'YOUR SYSTEM DENIED ACCESS TO THE WRITE FILE". Wants me to do something about this myself.
I am a newbie and know nothing.

Thank you,

A

A:Search Redirects, Random redirects, AOL email sign on highjack

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Hi folks,

Thought I may need to start a new thread, I noticed other threads have similar issues to what I'm seeing and didn't want to confuse by re-posting in the same thread.

I have Windows 7 Enterprise and just started having many random windows blue screens. I think it started as soon as I tried to run a trainer for a game Company of Heroes, since McAfee said it was a trojan and I tried to restore it after seeing online by other folks that the file was legit.

Anyway, since then I think, i started to see many BSoDs, not always the same BSoD message and they would occur during normal windows usage, a few times in Safe mode with networking. But most of the time, usually within 5 to 30min of running normally.

Anyways, I ran the McAfee virusscan and it found a few viruses, also ran spybot and malware bytes, and Stinger. I ran them from safe mode and was able to clean out the affected files.

I still see fewer BSoDs, but mainly now my google chrome browser won't work. I've tried uninstall/reinstall and every time I load it, it never works. sometimes freezes and I have to do a hard power off/on on my laptop. I have a lenovo w510.

Other problems is that my windows randomly freezes. Also, so far I can use Internet Explorer and Firefox, not able to install Opera. But when using Firefox or IE, i sometimes get random redirects.

I have ran hijackthis and can provide the log file. I can also provide the windows minidump files.

Please help! I greatly appreciate... Read more

A:Windows 7 - malware, random BSoDs, browsing redirects, random freezes

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Hi i'm new to this forum and need help removing whatever it is I have. I am running Windows 7 and have tried Malwarebytes/Super Anti-Spyware/AVG even in safemode and none of them find anything other than cookies. Any help will be appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by steve at 2:20:52 on 2012-02-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6142.4765 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files&... Read more

A:Website Redirects/Random Pop-Ups/Random Music and Clicking Noises

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Hi. Can you please help. My internet browsers, Internet Explorer and Firefox, keep on shutting down unexpectedly especially when I try to load a new page. In addition, when I use google in Firefox I am redirected to ad pages instead of the actual website. SInce I started having this problem, sometimes my computer freezez and the clock on my computer stops. I've run Malwarebytes Anti-Malware,Ad-Adware and even though they found some viruses it hasn't fixed the problem. Below is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:17 AM, on 4/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:... Read more

Read other answers
RELEVANCY SCORE 48

Hello,

I'm having an issue where when I click on the result of an internet search, I am redirected to a non-related advertising type site. Also occasionally I will have the browser directed at some website and then all of the sudden a random window pops up with the same type of advertising type site as above.

It used to happen in both IE and firefox on both google and yahoo (possibly others, I only tried those 2). I have tried running Antivirus scans, malwarebytes and SAS. They found and removed a couple things, but no help. I then tried a system restore back to 2 weeks ago before I had any issues, but that also did not help. I've noticed now that it is only when I search using the integrated search area in the top right corner of IE (which is set to google). If I type in www.google.com in the address window, and then search from there, it does not redirect when I click on the results.

Thanks so much in advance!

Win XP Pro SP3, IE8

A:Random pop-ups and Search Result redirects to random sites.

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Read other 1 answers
RELEVANCY SCORE 44

My Windows XP Media Edition PC is infected with something. The most obvious symptoms are:
1) When using Firefox, new browser windows will randomly open -- to URLs that seem random. This happens often.
2) On occasion, audio will start playing -- as if some streaming internet audio was playing. I do not recognize the audio.

The above behavior started yesterday, Dec 26. Until then, I had no knowledge that something was wrong. However, once this started, I looked at Norton's log. (I have Norton 2008 running on the system.) On Dec 22, Norton discovered Virtumonde -- and thought it had removed it. On Dec 23, Norton again discovered Virtumonde and again thought it removed it. Since then, Norton does not find Virtumonde.

After I discovered that my system was having problems, I took the following steps:

Yesterday (Dec 26) I installed Spybot S&D. Spybot discovered Virtumonde (even though Norton no longer does). Spybot thought it successfully removed the infected keys. On a subsequent reboot, Virtumonde was again detected by Spybot.

I then installed MBAM. MBAM found additional evidence of Virtumonde. MBAM removed what it found. Subsequent reboots and rescans show that MBAM and Spybot think my system is clean of all issues they can detect.

Nonetheless, my system is continuing to exhibit the behaviors listed at the top. (#1, for sure; I do not yet know if #2 is resolved.)

The PC is networked in a LAN; the LAN is connected to the WAN via a DLink router. Two o... Read more

A:Random new browser windows when using Firefox, and random audio

Disconnect from the net. Reset your router and give it a strong password.If you use Spybot's Teatimer, disable it for now----------------------------Update Malwarebytes. This time do a FULL scan and post the new log here for us to look at

Read other 2 answers
RELEVANCY SCORE 43.2

I recently built a new desktop PC running a clean install of Windows 7 Ultimate 64-bit retail version (see my system specs). All hardware was purchased new, and all software installed were fresh installs. All Windows Updates were applied successfully, including SP1. I have also updated all drivers using manufacturer supplied drivers online as well as through Windows Update. BIOS is flashed to latest manufacturer version, and RAM timings were tightened to rated specs (default 9-9-9-24 at 1.5V, rated for 7-7-7-21 at 1.5V).

After using my system for a day or two, I started getting frequent Firefox application crashes (several times a day). These manifested themselves by abruptly exiting out of Firefox and bringing up the Crash Report manager; no freezing up or unresponsiveness of any sort was involved. I am using Firefox 4 with no third-party add-ons except for AdBlock Plus. I also received several BSOD's (three, I believe), one of which is MEMORY_MANAGEMENT (0x1A). The BSOD's occurred randomly while browsing or doing other tasks, and did not appear to be triggered by any given event. My uTorrent application also crashed once not long after a Firefox crash, but this was a one-time event.

I have run memtest86+ for one pass on each of my sticks of ram individually, and 5+ passes on the two sticks together, with no errors. This is my first time building a PC, and I have previously only used Windows 7 32-bit. Since all of the hardware is new, I am wondering whether there could be ... Read more

A:Random BSODs; Firefox 4 random crashes

  
Quote: Originally Posted by Klarerwind


I recently built a new desktop PC running a clean install of Windows 7 Ultimate 64-bit retail version (see my system specs). All hardware was purchased new, and all software installed were fresh installs. All Windows Updates were applied successfully, including SP1. I have also updated all drivers using manufacturer supplied drivers online as well as through Windows Update. BIOS is flashed to latest manufacturer version, and RAM timings were tightened to rated specs (default 9-9-9-24 at 1.5V, rated for 7-7-7-21 at 1.5V).

After using my system for a day or two, I started getting frequent Firefox application crashes (several times a day). These manifested themselves by abruptly exiting out of Firefox and bringing up the Crash Report manager; no freezing up or unresponsiveness of any sort was involved. I am using Firefox 4 with no third-party add-ons except for AdBlock Plus. I also received several BSOD's (three, I believe), one of which is MEMORY_MANAGEMENT (0x1A). The BSOD's occurred randomly while browsing or doing other tasks, and did not appear to be triggered by any given event. My uTorrent application also crashed once not long after a Firefox crash, but this was a one-time event.

I have run memtest86+ for one pass on each of my sticks of ram individually, and 5+ passes on the two sticks together, with no errors. This is my first time building a PC, and I have previously only used Windows 7 32-b... Read more

Read other 8 answers
RELEVANCY SCORE 43.2

When I do searches on YAHOO and click a link it often redirects to INFO.COM. I get random pop-ups now even though the firefox blocker is on. Randomly when I click my AIM messenger out of the system tray, it will open IE and I get 100 pop ups a minute, the only way to stop it is to open the task manager and shut AIM down.




-----------------------------------------------------------------------
HJT LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:06 PM, on 11/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.co... Read more

A:Firefox redirects and pop-ups

Hello YSRRider,

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a probl... Read more

Read other 19 answers
RELEVANCY SCORE 43.2

I have been having problems after accidentaly download a video clip then downloaded a 'codec' which ended up filling my system up with spyware, i though i got rid of it all with malwarebyes (after renaming the file as it wouldnt run otherwise) anyway here are my logs. i can see a few things look a bit wrong but not sure exactly what to do. Thanks in advance

p.s the gmer file was a bit big for upload here so i had to rar it up, just rename the extention

A:Redirects (Even in firefox?)

its there anything i can do? this service is not loading up windows properly now. it just shows a black background & the mouse. im posting this using the asus splashtop browser... its getting worse & worse. sorry for the bump but im having bad trouble and i need the pc for work, many thanks in advanceedit: im back into windows after about 8 reboots... not going to shut it off any time soon but MSIVXdlmlkyrujkyxfenpkxlqpsboyljxjsan.sys seems to be the problem===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempte... Read more

Read other 8 answers
RELEVANCY SCORE 43.2

Greetings. I'm new to the site but I have seen your work and have high hopes! Trend Micro, Spynomore, and Malware Bytes do not find the virus that's causing my concerns.

For a while now I've been getting random redirects to feed.bizzclick... when I click on a link from a Google search. I am running WIndows 7 on a Dell Inspiron 1525 with a wireless connection. An example of the redirect URL is:
hxxp://feed.bizzclick.com/click.php?id=8SHwF618s3IAYAS0nIp6euMgAfkj2I4r4LxsmXbhHcuemR8qeBDn_EFeriF69xegOwbud4r7UbDTT5lr-fnRG5xSeh9ZPgBxpMXr

I can't confirm that it is always this though I would guess the feed.bizzclick.com is constant and the rest is some sort of ID. I'm not sure that it is related, but I very occasionally get redirected to Happili.com when I select a link from a Google search. This is not as common as the problem I'm posting.

Best Regards,
Dylan

A:Firefox Redirects

Hello and welcome. Is this a 64 bit Win7 system?Please read and follow all these instructions.Please download GooredFix and save it to your Desktop.Double-click GooredFix.exe to run it.A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).Now do an Online scan.Please perform a scan with Eset Online Antiivirus Scanner.This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.Click the green button.Read the End User License Agreement and check the box: Check .Click the button.Accept any security warnings from your browser.Check Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)Click the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer.If offered the option to get information or buy software at any point, just close the window.The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.When the scan completes, push Push , and save the file to your desktop as ESETScan.txt. Push the button, then Finish.Copy and paste the contents of ESETScan.txt in your next reply.Note: A log.txt... Read more

Read other 20 answers
RELEVANCY SCORE 43.2

I have tried multiple anti-virus programs, Nortin, AdAware, AVG, etc, and while they have gotten trojans and spyware pretty well, there is some sort of ware that is hijacking firefox. My best guess is an add-on, which gives me no option of removing, called Play Pickle Textlinks. There are pop-ups with a wide variety of 'anti-virus' programs and fake 'your computer may be infected' things and most every link in any google search is redirected to another search site. There are no pop-ups or warnings when the browser is closed.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Angel Lathem at 10:30:31.21 on Fri 05/13/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.431 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\... Read more

A:Pop-ups and redirects in firefox

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 4 answers
RELEVANCY SCORE 43.2

I run weekly scans, but somehow, it seems ive gotten a rootkit or something. Chrome works fine, but firefox redirects to crappy search engines. I have glanced through a few other posts with similar issues, but felt it would be best to post my own threadLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:04:00 PM, on 12/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files... Read more

A:Firefox redirects

i've been following the steps of people with similar problems and found you often ask for the following attached logs.

Also i've found that i get a blue error screen when trying to go into safemode, combo fix doesn't work correctly, (i followed the instructions and it freezes at "creating restore point")

I know your busy, but i appreciate the help

Read other 3 answers
RELEVANCY SCORE 43.2

First off, thank you for the help. This has been a vexing problem. It is difficult enough to be a US manufacturer with out having productivity killed for three days.I have run Malwarebytes and Spybot, both would repeatedly find 7-12 items then delete them.Then they would scan consistantly as clean, only to have more crap appear the next day.I then ran "Trojan Remover" and it found something in C:\Pgm Files\IE\ called wmpscfgs.exe. Trojan remover found it was scheduled to run every hour for the next two days. This was eliminated. Since then, the scans have been clean.I looked for the common .xul redirect file/code, but the problem occurs in IE as well, so it's not isolated to Firefox.I logged in as administrator and that profile also suffers from same, so is a global problem.My firewall settings appear to be not adjustable, as they appear to be set-up from the server (or this is a virus disguise).Here is the DDS.DDS (Ver_10-03-17.01) - NTFSx86 Run by kkrivanec at 7:57:31.63 on Thu 04/22/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.423 [GMT -4:00]FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled* {6A44CFD9-B177-457E-BB54-DF1C85C3C6FD}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\... Read more

A:IE & Firefox Redirects.

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 7 answers
RELEVANCY SCORE 43.2

Had some sort of malware or spyware and I removed it by using Malwarebytes and Spybot Search and destroy. I am still getting redirects in firefox and want to make sure my computer is clean. Need help as soon as possible. Thanks

A:firefox redirects still appear

Hello,Please follow the instructions in ==>This Guide<==. If you can't complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 43.2

Hello,I have the problem of what seems to be random redirects when clicking on a search result in both Firefox and IE. It happens on Google, Yahoo, and other search engines. I have run Malwarebytes earlier this week and it found Anitvirus2010. However, after that removal, the redirects still happen and Malwarebytes comes up clean. I ran Combofix and here is the log:ComboFix 10-08-25.01 - Neil 08/26/2010 9:41.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1310 [GMT -5:00]Running from: c:\documents and settings\Neil\Desktop\ComboFix.exeCommand switches used :: /uAV: avast! antivirus 4.8.1368 [VPS 100826-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}.((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 ))))))))))))))))))))))))))))))).2010-08-26 14:34 . 2010-08-26 14:34 -------- d-----w- c:\program files\Common Files\Java2010-08-26 14:33 . 2010-08-26 14:33 -------- d-----w- c:\program files\Java2010-08-24 12:46 . 2010-08-24 12:46 63488 ----a-w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll2010-08-24 12:46 . 2010-08-24 12:46 52224 ----a-w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll2010-08-24 12:46 . 2010-08-24 12:46 117760 ----a-w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL2010-08-24 12:45 . 2010-08-24 12:45 ... Read more

A:Firefox and IE redirects

Hi helplessgeek,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I wil... Read more

Read other 1 answers
RELEVANCY SCORE 43.2

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:10:30 AM, on 11/6/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\hp\support\hpsysdrv.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\WINDOWS\RtHDVCpl.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\AIM6\aim6.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exeC:\Windows\System32\mobsync.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\AIM6\aolsoftware.exeC:\Progra... Read more

A:Firefox redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 43.2

The problems started sometime this past week. I've run AVG, Malwarebytes, Spybot, and Ad-Aware to no avail. When I go to some websites, I'm re-directed to a website called local-news-online.cxm, and google searches re-direct me to various websites such as cheapstuff, localpages, and rc(dot)php. I've run goored, and that seems to have solved nothing.

I must note that I followed the directions in the "Read This Before Posting" thread, and DDS is not working for me. I've tried several times to open it, and when I do it will stay open for a few seconds without producing any type of result log. I was able to run GMER and that log is attached. I have HJT downloaded to my computer already, so if you would like me to attach that log, I certainly will.

Thank you for any help you can provide.

A:Firefox and IE Redirects

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.



Combofix
Download ComboFix from one of these locations:

Link 1
Link 2


and rename it to glasgow.exe before saving it to your desktop.

Double click on the renamed ComboFix.exe & follow the prompts.
When finished it will produce a log at C:\ComboFix.txt for you
Please include the log in your next reply.

Read other 18 answers
RELEVANCY SCORE 43.2

Have caught a virus or two on this machine and cleaned them up with malwarebytes. I also could not turn on updates and a to run rk-proxy.reg to fix that. But I still have redirects. I have a ad-aware scan from today that is below.

Logfile created: 6/12/2011 10:59:26
Ad-Aware version: 9.0.6
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: The Rents

*********************** Definitions database information ***********************
Lavasoft definition file: 150.442
Genotype definition file version: 2011/06/07 08:06:28
Extended engine definition file: 9561.0

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 148866
Objects detected: 18
Type Detected
==========================
Processes.......: 0
Registry entries: 1
Hostfile entries: 0
Files...........: 12
Folders.........: 0
LSPs............: 0
Cookies.........: 5
Browser hijacks.: 0
MRU objects.....: 0

Skipped items:
Description: c:\documents and settings\the rents\application data\dwm.exe Family Name: DD32!Retrost/a Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: ebe3e081540f0045cd52553478ccb471
Description: c:\docume~1\theren~1\locals~1\temp\csrss.exe Family Name: DD32!Retrost/a Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: 78399c2f139194ae7e96b911d5cc6e7... Read more

A:IE and Firefox redirects

Also I am finding that my connection is being routed thru proxy on occasion and I have to change it back.

Read other 5 answers