Over 1 million tech questions and answers.

Random redirects when using Firefox (HijacK)

Q: Random redirects when using Firefox (HijacK)

Although I consider myself fairly astute at resolving computer issues, this one has gotten the best of me. When I do a Google search using Firefox 3.0.6, i get randomly redirected to non-related sites when i select a google provided link. Sometimes clicking on the link is successful; othertimes i'm redirecting to anything but what I was looking for.I've run (in safe mode) Malwarebytes anti-malware, Super AntiSpyware Free Edition, Spy-bot 1.6, AdAware, as well as McAfee. I've been "successful" in removing a few trojans (vundo), but nothing has helped the redirect problem.My HiJack log is:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:18:50 PM, on 2/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exeC:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exeC:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exeC:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\TpShocks.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exeC:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exeC:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exeC:\Program Files\ThinkVantage\AMSG\Amsg.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exeC:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeC:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeC:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\MXOALDR.EXEC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exeC:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\WINDOWS\system32\dllhost.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\mcafee.com\agent\mcagent.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exec:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Microsoft ActiveSync\WCESMgr.exeC:\WINDOWS\System32\vssvc.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wnR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helperO4 - HKLM\..\Run: [TpShocks] TpShocks.exeO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULERO4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exeO4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exeO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silentO4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeO4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitorO4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLogO4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeO4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeO4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXEO4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dllO9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exeO9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [JAVA_IBM] Java (IBM)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1231826137562O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)O23 - Service: McAfee Application Installer Cleanup (0143921234672280) (0143921234672280mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Howard\LOCALS~1\Temp\014392~1.EXEO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeO23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXEO23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXEO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exeO23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exeO23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exeO23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exeO23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe--End of file - 14051 bytesTHANKS, in advance for any assistance that can be offered!!!

RELEVANCY SCORE 200
Preferred Solution: Random redirects when using Firefox (HijacK)

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Random redirects when using Firefox (HijacK)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

Read other 2 answers
RELEVANCY SCORE 65.2

Hello,I have been lurking bleepingcomputer as a non-member for a while now. I typically am able to find the instructions to fix almost any problem a computer (be it mine or a friends) has from your forum. Now it seems I am unable to find the solution to my specific problem, so I finally signed up as a member! My problem is similar to all these redirect virus issues I have been reading, but slightly different and not quite the same.Here's the problem:Randomly when I am browsing the internet, every now and again a site that I come across (typically while using StumbleUpon [Firefox Add-On]) will redirect to some completely random site. It doesn't appear to follow any pattern, and has redirected to various different websites. The websites I am redirected to are rarely the same website I was redirected to before, the only exception being theclickcheck.com and yellowpages.com, both of these websites I have been redirected to more than once. Additionally, even if I don't have a browser open a pop-up will appear in a new window. If a browser is open, the pop-up window error will occur more frequently it seems(in a separate window, not a separate tab). Also, I noticed each redirect or pop-up goes through google-analytics.com, so this may still be the google redirect virus, but I am unsure.I have had this issue for about a week now, and I have been unable to get the time to really find the problem. I wish to do online banking, bill paying, and the what not but fear that... Read more

A:Random redirects and occasional pop-up while browsing with Firefox (particularly when using Firefox Add-On StumbleUpon)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

Read other 3 answers
RELEVANCY SCORE 64.4

EDIT: Split from here: http://www.bleepingcomputer.com/forums/t/311114/random-redirects-on-clicking-links-or-random-tab-pop-ups-in-firefox/ ~BPOk heres all the files. I skiped step 9 as i did not know if i need to create a new post or continue this topic.DDS.txt:DDS (Ver_10-03-17.01) - NTFSx86 Run by alex at 22:10:32.04 on Tue 04/20/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.367 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AirLink101\AWLL5026\WLService.exeC:\Program Files\AirLink101\AWLL5026\AWLL5026.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\ehome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\AVG\AVG9\avgnsx.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeC:\WINDOWS\sy... Read more

A:Random Redirects on Clicking Links or Random Tab Pop-ups In Firefox

Hi, qwertyasd Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------Double click on combofix.exe & follow the prompts.Install the Recovery Console if prompted.When finished, it will produce a report f... Read more

Read other 10 answers
RELEVANCY SCORE 64.4

Recently i have been getting a lot of random pop-ups that normally lead to sites trying to give me a virus. AVG Free Edition 9.0 always blocks these attacks but i really want to get rid of this because i can't ever get to the site i am trying to get to. About a week ago i had a rouge anti-virus (Windows Defender 2010) which i finally got rid of using Malyware Malbytes. After that my PC was acting weird and Just-In-Time Debugging keeps popping up. Sometimes SVChost or something like that crashes and then nothing works. Also after i removed the rogue anti-spyware none of the icons on desktop or in start folder would open. So i looked it up and i had to copy this into notepad and save it as fix.reg.

Pasted the following:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

This let me open all programs but then Mozilla Firefox would do random tabs and redirects.
Also i tried this.

Went to: C:\WINDOWS\system32\drivers\etc
Opened Hosts and deleted EVERYTHING. Then saved.
Deleted all backup hosts and thats about it.
A... Read more

A:Random Redirects on Clicking Links or Random Tab Pop-ups In Firefox

Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Make sure the Sections option is checked (in the right hand panel). Leave all other options unchecked!Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

Read other 6 answers
RELEVANCY SCORE 62

I have a similar problem to http://www.bleepingcomputer.com/forums/t/271417/google-redirect-both-ie-and-firefox/When I search in Google and click on a link in the organic search section I occasionally get redirected to another site. At first, I was being redirected to various Clickbank products. I did some research and found it was always a hoplink with a certain affiliate code. I alerted Clickbank and they have closed that account. But I'm still getting redirected, it just goes to an error page from Clickbank stating that the account has been closed or disabled. I also get redirected to Amazon. I'm assuming that it's probably the same guy. The redirects happen randomly (not every time). I use Firefox 3.5.5. I'm also using TrendMicro Internet Security Pro 17.1.1250 with the latest updates.I've run full scans with both TM and MalwareBytes, but neither find any problems. I don't see anything that pops out in my HighJackThis Log.Usually, I can find and remove these things on my own, but this is over my head. I'm stumped. I've seen other posts with similar problems that point to it being a rootkit and that's a little beyond my level of expertise.Please help. Thanksrbr451

Read other answers
RELEVANCY SCORE 62

Don't know where I picked up a bug, but it randomly redirects every 25th click or so to sites like PCKeeper and feedbackexplorer. FWIW, I just switched to Windows 10 last week and the problems started a few days ago.  Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015Ran by Jerome (administrator) on HAL (07-12-2015 05:48:04)Running from C:\Users\Jerome\DownloadsLoaded Profiles: Jerome (Available Profiles: Jerome)Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe() C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(Qualcomm Atheros... Read more

A:Random Redirects in Firefox

Greetings DocWhoops and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter probl... Read more

Read other 12 answers
RELEVANCY SCORE 62

with MBAM currently installed, i wonder if it is interfering with SystemShield... I see in the DDS.txt log that SystemShield is disabled, but i can "see" that it is running.

when this is all over with, as much as i have enjoyed using Iolo system mechanic (utilities) and thus bought Systemshield to go with it... maybe you can make a recommendation for preferred/better virus protection SW... Is SystemShield not as good as i was lead to believe? Maybe It didn't matter, and any AV would have had this issue(?)

ok, talk to you soon...

A:Random Firefox redirects

fwiw.. i just got a redirect when i was trying to navigate to change my notification options on your site... took me to this address:

http://click.get-answers-fast.com/ads-clicktrack/click/jump2.do?affiliate=46831&subid=7_f8&terms=bleepingcomputer.com%20user%20cp

Read other 19 answers
RELEVANCY SCORE 62

occasionally, clicking a link in Firefox browser initiates a redirect... usually a page of links, or a yellowpages-type of site.

in a separate, but related thread, boopme asked me to run Fixtdss and aswmbr then MBAM and post the logs in a new topic thread....

brb with logs

A:Random Firefox Redirects

fixTDSSno infectionsaswmbr log:aswMBR version 0.9.9.1532 Copyright© 2011 AVAST SoftwareRun date: 2012-03-06 21:13:34-----------------------------21:13:34.355 OS Version: Windows x64 6.0.6002 Service Pack 221:13:34.355 Number of processors: 2 586 0x170621:13:34.356 ComputerName: OFFICE-PC UserName: Jim21:13:35.068 Initialize success21:16:28.653 AVAST engine defs: 1203060021:17:35.084 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-021:17:35.085 Disk 0 Vendor: WDC_WD6400AAKS-75A7B0 01.03B01 Size: 610480MB BusType: 321:17:35.106 Disk 0 MBR read successfully21:17:35.107 Disk 0 MBR scan21:17:35.124 Disk 0 Windows VISTA default MBR code21:17:35.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 126500 MB offset 204821:17:35.158 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 483977 MB offset 25907404821:17:35.161 Service scanning21:17:35.850 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 3221:17:36.386 Modules scanning21:17:36.388 Disk 0 trace - called modules:21:17:36.392 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80077f32c0]<<spnl.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 21:17:36.394 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008b05790]21:17:36.397 3 CLASSPNP.SYS[fffffa6000fccc33] -> nt!IofCallDriver -> [0xfffffa80079ed9b0]21:17:36.39... Read more

Read other 9 answers
RELEVANCY SCORE 61.2

Hi First time posting. So I don't know if this is the correct part of the forum to submit to so if its not, just let me know where to submit  it to  My problem is that I use Firefox (main browser Win 7) to browse and every so often it will redirect my websites to adware. For example when I "middle click" on a site at Google or Reddit, it usually opens a new tab but sometimes it opens this completely other site which im guessing is malware, I use Adblock Plus so not every malware site redirects to it, a lot of the time it is just a blank page with an obvisouly incorrect URL. I used to be able to browse just fine, but now it seems every so often that it wants to redirect me to this other site. MSE always pops up telling me it wants to send a ".tmp" file to Microsoft because it doesn't know what it is. But whenever I use MSE or Malware Bytes (even on the full trial version, or rootkit scan) it never picks up anything when it has been scanned. I have scanned it normally and on Windows safe mode. If anyone could help it would be much appreciated. Thanks.

A:Firefox redirects random websites

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create M... Read more

Read other 1 answers
RELEVANCY SCORE 60.8

Hi,Using TeamViewer, I am trying to get rid of Internet redirects that are happening on a friend's computer. I did many different scans, but they found nothing. Here's the hijackthis log. Any help would be appreciated. Thanks!!!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 6:56:12 PM, on 3/23/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:&#... Read more

A:HiJack this log - IE and firefox redirects

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

Read other 3 answers
RELEVANCY SCORE 60.4

Was having random browser redirects and popups in Firefox
AVG & Malwarebytes found nothing.
Ran some misc fixes based on forum entries.
Computer seems better but would like confirmation that there is nothing lurking.
Ran scans based on "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help"
DeFogger
DDS
GMER

Can you review the attached scans, and let me know if any further action
is required.

Thanks

A:Random browser redirects and popups in Firefox

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 60.4

Well, like the title says, Firefox keeps redirecting me to random sites. For instance I clicked on a wikipedia link and got sent to Travelocity.com. This just started happening earlier today, out of nowhere, and it's only Firefox that does this. The last things I remember downloading are Artweaver, Torsion, Notepad++, and Torsion, but that was all maybe over a week ago. I've used Malwarebytes' Anti-Malware and deleted four infected files. I've researched a few other threads but I'm still not exactly sure what I need to do. Can somebody please give me some direction? I'm using Windows XP by the way.
 

A:Mozilla Firefox Redirects to Random Sites

Read other 16 answers
RELEVANCY SCORE 60.4

A few days ago, I started to get browser redirects in both IE and Firefox - it seems random in Firefox; in IE, it's about every second or third link that redirects in a Google search. I'm also getting random popups from both IE and Firefox. I have ran Malwarebytes, Adaware, Trend Micro's Housecall, Spybot, SuperAntispyware. I had upgraded Adaware to their paid service, and it found trojans, but did not take care of the popup and redirect problems. Now, nothing is being found by any of the anti-malware, but I'm still having the same issues. I'm having issues getting into Adaware to give details on the trojans. Additionally, I downloaded CA Anti-Virus Plus Anti-Spyware 2010, but the install failed and now I can't get rid of it off of my computer. I am hoping I'm doing this right, here is my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:38:38 AM, on 4/11/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program File... Read more

A:Browser redirects in both IE and Firefox - random pops also

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%appdata%\*.exe%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exenetsvcsmsconfig/md5startproquota.exesfcfiles.dlleventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dllbeep.sysiaStor.sysnvstor.sysatapi.sysnvatabus.sysviamraid.sysnvata.sysiastorv.sys/md5stopCREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

Read other 35 answers
RELEVANCY SCORE 60.4

For the past 3 days, this computer has had several problems with getting on the internet. I was able to solve some of the problems preventing Firefox from being opened, but two issues still remain.1) While using Firefox, and I am unable to use anything related to google.comGoing to google.com returns a white page with "404 Not Found" in large text, and "nginx" in smaller text below that.2) I randomly get redirected to advertising websites while viewing some of my favored sites.For an example of 2:
Spoiler
Earlier I was viewing Blizzard's Blue posts at http://blue.mmo-champion.com/1st: Went to http://blue.mmo-champion.com/2nd: I click a topic of interest, went to http://blue.mmo-champion.com/topic/191513/negative-ghostrider-the-pattern-is-fullThis next part is where I get redirected3rd: I click one of the buttons, the Blizz button with the arrow, which normally is supposed to take me to the source or the post itself.I'm supposed to go here: http://us.battle.net/wow/en/forum/topic/3048064944?page=19#371But instead, this shows up in my browsing history:http://allglobesales.com/aff?aff=http%3A%2F%2Fbridge2.admarketplace.net%2Fct%3Fversion%3D7.0.0%26key%3D62256396176.3275365%26ci%3D1313772378950.10158&i=HctLDoQgDADQdW_RC0iQj5Xj1AIOyQgTMOH6mtm-5JFTwSnjVmU2ME6DVtpY8kCwARkbJW-aD-Gd6BBKa7C7DzH4KDaDBLiutsiHr19pFRecrX8jtoyTu3TON9Y0B3KN2LnEUk8cd-c7nSUNfPOfx_vmAw~~http://bridge2.admarketplace.net/ct?version=7.0.0&key=62256396176.3275365&ci=131377... Read more

A:404 nginx google/firefox - random redirects

Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Read other 20 answers
RELEVANCY SCORE 60.4

Recently purchased new laptop this thing has had next to none internet exposure however its seems i've still managed to pick somthing up....

Simply put everytime i open a new search in firefox i'm redirected to sites i've not searched for an example of would be searched facebook clicked on the link and found myself at ebay.. I have installed mcafee security center run a full scan and found nothing i have noticed there is another thread on the forum with the exact same problem so it nice to know i'm not the only person in this boat....

DDS (Ver_09-05-14.01) - NTFSx86
Run by Tim at 23:46:12.16 on 28/05/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.44.1033.18.894.200 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C: ... Read more

A:Browser (firefox) Redirects to random sites.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 60.4

Hi, as the topic says my problem is random redirects and Firefox isn't saving browsing history for more than a day, and that has nothing to do with settings.
The only redirect address I've noticed and remember is server2.mediajmp.com, but there have been others.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:59 AM, on 6/23/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Steam\steam.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Lovick\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aqworlds.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&... Read more

A:Random Redirects and Firefox not saving history

Read other 7 answers
RELEVANCY SCORE 60

A while ago I got the fake antivirus malware. I ran Malware Bytes that seemed to have solved the problem. Then after a while I started noticing random redirects after I search on Google. I've ran GMER and Hijack this and have attached the logs. I super appreciate it, thanks for your help in advance!GMER Scan Log:=====================GMER 1.0.15.15281 - http://www.gmer.netRootkit quick scan 2010-07-28 16:53:57Windows 6.1.7600 Running: 5m4tw2w6.exe; Driver: C:\Users\philyuen\AppData\Local\Temp\fxldipog.sys---- System - GMER 1.0.15 ----Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x90329B9C]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x903299C0]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x90329AFA]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSectionCode \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Micr... Read more

A:Spyware that does random redirects in Firefox Google Search

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 22 answers
RELEVANCY SCORE 60

Hi,

I recently had a virus/rootkit or some type of malware installed on my computer. Basically because I accidentally clicked yes to one of those "you're computer is infected" links. I ran Malwarebytes and AD-Aware before hand and I thought I got rid of everything, unfortunately I did not as Firefox still opens random tabs.

I read the first steps, my logs are attached below. Unfortunately I do not have a Windows Install CD, I think it's forever lost somewhere.

I read the previous posts similar to mine but was not able to figure out what exactly to do. Any help would be greatly appreciated!




DDS (Ver_10-03-17.01) - NTFSx86
Run by Gov at 18:12:00.67 on Thu 05/13/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.1727 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe ... Read more

A:Firefox opens random tabs / redirects sites

Hi ettes and welcome to TSF.

If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

** Note: Please stick with me until I declare that your system is free from malware. Even though your system may not have any symptoms of malware, it may still be infected. **

--------------------------------------------------------------
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can find instructions HERE.

Reply back with the following: C:\ComboFix.txt

Read other 19 answers
RELEVANCY SCORE 60

Hi,

I seem to have picked up a nasty trojan. I use Firefox 3.5 to browse (though the issue happens with IE too).. For the past several days, while clicking on a google search result (or links on other pages), I get a new firefox window opened with 3 tabs. The first 2 tabs are just urls with weird characters. The 3rd tab is usually pointing to a mozilla folder followed by funny characters: Message: Firefox can't find the file at /C:/Program Files/Mozilla Firefox/<funny characters>

I have VirusScan OnAccess enbled and it constantly seems to be cleaning a file iaStor.sys, which it detects as a trojan. But cannout seem to fix it. I ran MBA-M and it does not detect anything. VirusScan on-demand also detects nothing.

This is my work laptop and am afraid to lose anything. Please help !!

At wits end.
Saandy

A:Google search results and FireFox/IE random redirects

This is my work laptop and I am really worried. Can someone please respond and help ? Do I need to run HJT and post the logs first ?

Worried...
Saandy3

Read other 1 answers
RELEVANCY SCORE 60

Hi, I suspect I'm infected with spyware. Wierd web pages redirects started after I went to a friend's lan party.

Another friend told me to run Malwarebytes' Anti-Malware, which I did. It found 11 infections which it promptly removed. It seem better for a day or two but now it seems to have resumed.

I have no idea what to do next. Any help would be greatly appreciated.

I am running Windows XP Pro SP2 (x64).

Here are the information requested in the forum :

>>> HijackThis >>>
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:21, on 26-02-2011
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Boot mode: Normal

Running processes:
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\TÚlÚchargements\_CLEANT_IT_\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit,
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Vis... Read more

Read other answers
RELEVANCY SCORE 60

Hey, i tried using a windows vista recovery disc, but that does me no good, i get google redirects almost 90% of the time i click a link, and when i want to shut down my computer, i cant because it just shows a blue screen warning, then restarts. My computer is also very slow now, any help?
 

A:I get google redirects, random firefox tab ads and blue screens

Read other 16 answers
RELEVANCY SCORE 59.6

I am getting redirects from google searches. Both in firefox and IE. It seems to also be slowing down my browsing. Seems to happen more when searching from the search tool located to the right of the address input. DDS (Ver_09-10-26.01) - NTFSx86 Run by Bret at 13:36:39.43 on Wed 10/28/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.117 [GMT -4:00]AV: Total Protection Service *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}FW: Total Protection Service *enabled* {259FBE35-46BE-45F3-8F2F-4DB67BBBC614}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC: ... Read more

A:Browswer Hijack, Redirects from Searches Firefox and IE

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.*If you have since resolved the original problem you were having, we would appreciate you letting us know. *If not please perform the following steps below so we can have a look at the current condition of your machine. *If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.**If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following: 1. Click on the My C... Read more

Read other 33 answers
RELEVANCY SCORE 59.2

Hi folks I seem to have the usual unknown malware pest attack!I've been away from my computer (was traveling and using the laptop) and noticed that internet was so slow. I have 1MB plan but I get 256kbps or something. Then occasionally I would have random pop-ups when I click on some websites, I use firefox and when I open a blank page I get a Pesar website instead. I hope someone can help me! Thank you in advance!!! Here is my log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:23:03 AM, on 4/23/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18904)Boot mode: NormalRunning processes:C:\Windows\Domino.exeC:\Program Files (x86)\Rainlendar2\Rainlendar2.exeC:\Program Files (x86)\Launchy\Launchy.exeC:\Program Files (x86)\DestroyTwitter\DestroyTwitter.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\SonarPM\SonarPM\sonar_gui.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files (x86)\Trillian\trillian.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\... Read more

A:SLOW INTERNET, RANDOM POP-UPS, FIREFOX REDIRECTS TO SPAM WEBSITES

hi Tengal,Your log is a few days old. If you still need help simply reply to my post.

Read other 3 answers
RELEVANCY SCORE 59.2

Hi,

I've recently discovered what I believe is a trojan horse, which is hijacking links, and taking me to different sites from the one that I requested. This does not happen every single time, but is obviously causing a lot of worry and stress about whether the sites I am looking at are the correct ones. If anyone could help, that would be very appreciated.

My DDS log:
DDS (Ver_09-05-14.01) - NTFSx86
Run by Matt Tremayne at 10:28:26.65 on 20/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1023.371 [GMT 1:00]

AV: PC Tools AntiVirus 5.0.0.16 *On-access scanning enabled* (Updated) {832E7172-E406-4BB2-8B19-6D29F2C93A98}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program... Read more

A:Using IE7 or Firefox, clicking on links redirects me to totally random sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 38 answers
RELEVANCY SCORE 58.8

My Firefox has been hijacked yesterday. When loading Firefox, the program attempts to open four additional windows that all guide to InfoMoneyService.com. In addition, Google search results all guide to pages with advertisement and not the proper page that is listed in the results page.I have scanned my box with McAfee Anti Virus and Malware Bytes to no avail. Neither program found any malware, spyware and/or viruses.Can somebody please jump on this case to assist me in cleaning this PC?Thank you in advance.DDS log pasted below and attached as a Rich Text file - DDS.txtDDS (Ver_10-03-17.01) - NTFSx86 Run by milanb at 11:23:58.91 on Wed 08/04/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1123 [GMT -4:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:WINDOWSsystem32svchost -k DcomLaunchsvchost.exeC:WINDOWSSystem32svchost.exe -k netsvcssvchost.exesvchost.exeC:WINDOWSsystem32spoolsv.exeC:Program FilesHPQIAMbinasghost.exeC:Program FilesAdobeAdobe Version Cue CS2binVersionCueCS2.exeC:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exeC:WINDOWSSystem32svchost.exe -k CognizanceC:Program FilesBonjourmDNSResponder.exeC:Program FilesExecutive SoftwareDiskeeperDkService.exeC:WINDOWSsystem32inetsrvinetinfo.exeC:Program FilesJavajre6binjqs.exeC:... Read more

A:Firefox Hijack: Redirects / Infomoneyservice.com Malware (Help Needed)

*** Computer Has Been Reformatted ***Please delete this topic. Thank you.

Read other 2 answers
RELEVANCY SCORE 58.4

http://www.bleepingcomputer.com/forums/topic459101.html
as an add-on, firefox in general runs sluggishly

I skipped step 8 in the preparation guide: http://www.bleepingcomputer.com/forums/topic34773.html since I have a 64 bit computer

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Rajiv Desikan at 23:53:58 on 2012-07-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8106.5432 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program... Read more

A:Firefox google redirects to webhp after a search/opens up random links

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 16 answers
RELEVANCY SCORE 58.4

I've recently had many trojans get downloaded onto my computer when AVG crashed while detecting several threats. I remember my pc being locked out where I could not open any programs or task manager unless I download the fake anti-malware program. I had several types but I could only remember anti-malware doctor being present. I removed most of the stuff with malwarebytes, spybot and SUPERantispyware in safe mode but it doesn't seem to get rid of my firefox browser directing me to a random site periodically. I scan multiple times a day and each time I find a trojan which I thought I had already removed. Also GMER.exe seems to freeze whenever I try to scan and my CPU goes to 100% whenever the program is opened.Any help would be much appreciated,- JennyDDS (Ver_10-03-17.01) - NTFSx86 Run by User at 1:56:35.90 on Tue 09/14/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1202 [GMT 10:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.... Read more

A:Firefox opens/redirects to a random ad website randomly, as well as infections with various trojans

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 13 answers
RELEVANCY SCORE 58.4

Firstly, I think I probably got this from some shady porno sites while in private browsing, fwiw

basically, whenever I google stuff using firefox on my laptop (64 bit windows 7, dell xp), oftentimes, when I click on the links, it opens up some random spam website. It takes numerous clicks to actually get the actual link to open. Also, when this doesn't happen, clicking on any google searches redirects the browser to google.com/webhp. I have to exit this tab and open a new tab for google to work after this. Finally, firefox now uses up to 25% of my cpu performance when I check my task manager. So far, these problems only exist on firefox, and IE is fine, but I'd still like to get rid of this possible malware. Thanks!

A:Firefox google redirects to webhp after a search/opens up random links

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

Read other 6 answers
RELEVANCY SCORE 58

my friend's computer acquired a very complex infection on the morning of the 28th. i'm a fairly sophisticated user (your worst nightmare?) and so have tried to remove it. at this point i want to post here for possible help as well as to alert you, and others, to the impressive complexity of this infection.

to the best of my friend's recollection:
- the infection seemingly started when visiting a professional site (with firefox) that had been hacked (unfortuantely she doesn't recall which site..., but it was a site that came up in google when searching for "Understanding the Immune System How It Works". the site in question doesn't seem to come up in a seach that i did just now.
- surprisingly firefox launched IE!
- then all sorts of other popups started popping up.
at this point i came onto the scene:
- rebooted. once firefox was started, about every two minutes a new firefox window would open browing to a certain site (sorry don't recall the name of this either and i now have the infected computer offline so that it doesn't reinfect fully). however i saw mention of this site on other posts that i can't now find. it was a short name like 7 characters .com. starting with i i think....
- if firefox is not running then this doesn't happen. however all browsers and other apps are blocked from a number of sites (virus & help related)
- anyway, even tho i verified (by adding a entry) that the usual hosts file is in use, many virus removal sites (mcaffe.com for in... Read more

A:Firefox popups, hostfile-like redirects, hijack can't remove possible infection, and more

forgot to mention that i tried removing the mlJDVPJD.dll using hijackthis' remove file at reboot function. even that doesn't get rid fo the file!

am now attaching the dds logs that i just ran. not sure why your instructions ask that the dds.txt be inserted directly into the conversation here?? i'll do that if important. otherwise, i would just as soon keep the discussion itself cleaner by attaching logs.

also from the attach.txt, it seems that this infection even ran a system savepoint as the savepoints are at just at the time of infection.

we had already found an issue with the savepoints as that's one of the 1st things that i wanted to try, reverting to previous savepoint. indeed my friend thought that she had made other savepoints. but none were to be found. did the infection get rid of them? this is really a nasty creature!!!

Read other 4 answers
RELEVANCY SCORE 58

Hi,A couple days ago I got a virus or something that would pop up a fake Windows AntiSpyware (don't remember exact name) program. I was finally able to get rid of it using AVG and MalwareByte's Anti-Malware.Now Firefox will open up random tabs on it's on (don't have to click on anything) and when I click on links sometimes it will redirect me for like 5 clicks of the link and then after that allow me to go to the site and then it will repeat this action maybe 10 minutes later.It also will not let me go to the microsoft update site (in IE and Firefox), and when I search w i n d o w s u p d a t e . m i c r o s o f t (without the spaces) in google or any text field that I submit (tried it in a forum) (in IE or Firefox) it will just bring up a page that says connection was reset or page failed to load. I have also tried it in safe mode and I get the same symptoms.I have tried running MalwareByte's Anti-Malware, Spybot S&D, AVG, and HJT. At one time MalwareBtyes said something about a tcipip.sys thing but I don't remember too much about what was wrong.I followed the prep guide but I cannot get a full gmer scan to run. It either just restarts my computer, freezes, shuts down the program, or locks down my computer (have to do a hard reset).Thanks for any and all helpEDIT: One of the pop-up tabs lingered on a site for a second before going to an ad site, the url of this site was..hxxp://apachejct.com/key/?qs=9434cd09aed34cc216c628c7eac958b4aa78b00b6706ac1a... Read more

A:Firefox opens random tabs and redirects, blocks microsoft update - rootkit?

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 8 answers
RELEVANCY SCORE 57.2

Ok so i've noticed that firefox randomly will open ad pages in new tabs and redirect my google searches.

I have run complete scans with superantisypware, avira, spybot, malwarebytes, iobit security 360 and inbuilt windows malware scanner. Some of which came up with detections which i got rid yet the problem remains. I tried to restore my comp but it failed, obviously one of the malwares clever tricks.

Here is my DDS log. The attach.txt file is attached but i could not get the GMER rootkit scanner to work. It would complete the scan but as soon as i tried to save it it would give a blue screen and restart...not good i would say. So hence i dont have an ark.txt.

Really starting to worry. I read that these things are usually to direct internet traffic to specific sites to increase ad revenue for the malware people. I havn't done any internet banking cos i am not that foolish but is there much of a chance they will get control of my gmail or facebook accounts? How paranoid should i be in terms of infections spreading to other networked computers and external hard drives?


DDS (Ver_09-12-01.01) - NTFSx86
Run by Darren at 16:35:42.58 on Wed 13/01/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.3323.2523 [GMT 10.5:30]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system... Read more

A:Due to adware/spyware/malware firefox opens random tabs and google redirects pages

BUMP, please

Read other 12 answers
RELEVANCY SCORE 54

Hi, and thanks in advance for helping. It really is a great service of you guys.Anyway, I do my best to keep my computer very clean. But low and behold, random websites open every few minutes, I'll turn on the computer and hear ads for condoms, etc., without seeing any browser open (the firefox process will be running though), and I keep getting error messages telling me firefox or I.E. or some other program has to quit. In fact, I just received one saying that the media center store has stopped working:Problem signature: Problem Event Name: APPCRASH Application Name: mcupdate.EXE Application Version: 6.0.6002.18005 Application Timestamp: 49e02324 Fault Module Name: StackHash_27f2 Fault Module Version: 0.0.0.0 Fault Module Timestamp: 00000000 Exception Code: c0000005 Exception Offset: 0001197d OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 1033 Additional Information 1: 27f2All other information, including root repeal, is below or attached. I am just exhausted and it's taking forever to complete). I have run a norton scan, a bit Defender scan, a windows live scan (that seemed to fail at the last step), a Malwarebytes scan, an ad-aware scan, and a spybot scan. Nothing has helped except that the bit defender scan pointed out a possibly infected file labeled 86.tmp and mentioned Trojan.TDss. However, I followed all directions and the problem remains, though the file is gone as bit defender deleted it. Thanks much for helping me. I really do appreciate it.DDS (Ve... Read more

A:Malware -- Site Redirects/Random Ads invisibly running/Firefox stops running (I.E. Too)

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 31 answers
RELEVANCY SCORE 51.2

Hi:

My computer is brand new out of the box couple days ago. Bought it because my other machine was atacked by malware. I did not download anything from old machine onto new. I did go to my aol email account and signed in. Imediately after this new machine is redirecting google searches, randomly, and also seems to redirect the second I try to sign on to my aol email.

Here are my highjackthis logs. Please advise and help!
The highjackthis scan also says: 'YOUR SYSTEM DENIED ACCESS TO THE WRITE FILE". Wants me to do something about this myself.
I am a newbie and know nothing.

Thank you,

A

A:Search Redirects, Random redirects, AOL email sign on highjack

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Hi folks,

Thought I may need to start a new thread, I noticed other threads have similar issues to what I'm seeing and didn't want to confuse by re-posting in the same thread.

I have Windows 7 Enterprise and just started having many random windows blue screens. I think it started as soon as I tried to run a trainer for a game Company of Heroes, since McAfee said it was a trojan and I tried to restore it after seeing online by other folks that the file was legit.

Anyway, since then I think, i started to see many BSoDs, not always the same BSoD message and they would occur during normal windows usage, a few times in Safe mode with networking. But most of the time, usually within 5 to 30min of running normally.

Anyways, I ran the McAfee virusscan and it found a few viruses, also ran spybot and malware bytes, and Stinger. I ran them from safe mode and was able to clean out the affected files.

I still see fewer BSoDs, but mainly now my google chrome browser won't work. I've tried uninstall/reinstall and every time I load it, it never works. sometimes freezes and I have to do a hard power off/on on my laptop. I have a lenovo w510.

Other problems is that my windows randomly freezes. Also, so far I can use Internet Explorer and Firefox, not able to install Opera. But when using Firefox or IE, i sometimes get random redirects.

I have ran hijackthis and can provide the log file. I can also provide the windows minidump files.

Please help! I greatly appreciate... Read more

A:Windows 7 - malware, random BSoDs, browsing redirects, random freezes

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Hi i'm new to this forum and need help removing whatever it is I have. I am running Windows 7 and have tried Malwarebytes/Super Anti-Spyware/AVG even in safemode and none of them find anything other than cookies. Any help will be appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by steve at 2:20:52 on 2012-02-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6142.4765 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files&... Read more

A:Website Redirects/Random Pop-Ups/Random Music and Clicking Noises

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Hi. Can you please help. My internet browsers, Internet Explorer and Firefox, keep on shutting down unexpectedly especially when I try to load a new page. In addition, when I use google in Firefox I am redirected to ad pages instead of the actual website. SInce I started having this problem, sometimes my computer freezez and the clock on my computer stops. I've run Malwarebytes Anti-Malware,Ad-Adware and even though they found some viruses it hasn't fixed the problem. Below is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:17 AM, on 4/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:... Read more

Read other answers
RELEVANCY SCORE 48

Hello,

I'm having an issue where when I click on the result of an internet search, I am redirected to a non-related advertising type site. Also occasionally I will have the browser directed at some website and then all of the sudden a random window pops up with the same type of advertising type site as above.

It used to happen in both IE and firefox on both google and yahoo (possibly others, I only tried those 2). I have tried running Antivirus scans, malwarebytes and SAS. They found and removed a couple things, but no help. I then tried a system restore back to 2 weeks ago before I had any issues, but that also did not help. I've noticed now that it is only when I search using the integrated search area in the top right corner of IE (which is set to google). If I type in www.google.com in the address window, and then search from there, it does not redirect when I click on the results.

Thanks so much in advance!

Win XP Pro SP3, IE8

A:Random pop-ups and Search Result redirects to random sites.

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Read other 1 answers
RELEVANCY SCORE 44

My Windows XP Media Edition PC is infected with something. The most obvious symptoms are:
1) When using Firefox, new browser windows will randomly open -- to URLs that seem random. This happens often.
2) On occasion, audio will start playing -- as if some streaming internet audio was playing. I do not recognize the audio.

The above behavior started yesterday, Dec 26. Until then, I had no knowledge that something was wrong. However, once this started, I looked at Norton's log. (I have Norton 2008 running on the system.) On Dec 22, Norton discovered Virtumonde -- and thought it had removed it. On Dec 23, Norton again discovered Virtumonde and again thought it removed it. Since then, Norton does not find Virtumonde.

After I discovered that my system was having problems, I took the following steps:

Yesterday (Dec 26) I installed Spybot S&D. Spybot discovered Virtumonde (even though Norton no longer does). Spybot thought it successfully removed the infected keys. On a subsequent reboot, Virtumonde was again detected by Spybot.

I then installed MBAM. MBAM found additional evidence of Virtumonde. MBAM removed what it found. Subsequent reboots and rescans show that MBAM and Spybot think my system is clean of all issues they can detect.

Nonetheless, my system is continuing to exhibit the behaviors listed at the top. (#1, for sure; I do not yet know if #2 is resolved.)

The PC is networked in a LAN; the LAN is connected to the WAN via a DLink router. Two o... Read more

A:Random new browser windows when using Firefox, and random audio

Disconnect from the net. Reset your router and give it a strong password.If you use Spybot's Teatimer, disable it for now----------------------------Update Malwarebytes. This time do a FULL scan and post the new log here for us to look at

Read other 2 answers
RELEVANCY SCORE 43.2

I recently built a new desktop PC running a clean install of Windows 7 Ultimate 64-bit retail version (see my system specs). All hardware was purchased new, and all software installed were fresh installs. All Windows Updates were applied successfully, including SP1. I have also updated all drivers using manufacturer supplied drivers online as well as through Windows Update. BIOS is flashed to latest manufacturer version, and RAM timings were tightened to rated specs (default 9-9-9-24 at 1.5V, rated for 7-7-7-21 at 1.5V).

After using my system for a day or two, I started getting frequent Firefox application crashes (several times a day). These manifested themselves by abruptly exiting out of Firefox and bringing up the Crash Report manager; no freezing up or unresponsiveness of any sort was involved. I am using Firefox 4 with no third-party add-ons except for AdBlock Plus. I also received several BSOD's (three, I believe), one of which is MEMORY_MANAGEMENT (0x1A). The BSOD's occurred randomly while browsing or doing other tasks, and did not appear to be triggered by any given event. My uTorrent application also crashed once not long after a Firefox crash, but this was a one-time event.

I have run memtest86+ for one pass on each of my sticks of ram individually, and 5+ passes on the two sticks together, with no errors. This is my first time building a PC, and I have previously only used Windows 7 32-bit. Since all of the hardware is new, I am wondering whether there could be ... Read more

A:Random BSODs; Firefox 4 random crashes

  
Quote: Originally Posted by Klarerwind


I recently built a new desktop PC running a clean install of Windows 7 Ultimate 64-bit retail version (see my system specs). All hardware was purchased new, and all software installed were fresh installs. All Windows Updates were applied successfully, including SP1. I have also updated all drivers using manufacturer supplied drivers online as well as through Windows Update. BIOS is flashed to latest manufacturer version, and RAM timings were tightened to rated specs (default 9-9-9-24 at 1.5V, rated for 7-7-7-21 at 1.5V).

After using my system for a day or two, I started getting frequent Firefox application crashes (several times a day). These manifested themselves by abruptly exiting out of Firefox and bringing up the Crash Report manager; no freezing up or unresponsiveness of any sort was involved. I am using Firefox 4 with no third-party add-ons except for AdBlock Plus. I also received several BSOD's (three, I believe), one of which is MEMORY_MANAGEMENT (0x1A). The BSOD's occurred randomly while browsing or doing other tasks, and did not appear to be triggered by any given event. My uTorrent application also crashed once not long after a Firefox crash, but this was a one-time event.

I have run memtest86+ for one pass on each of my sticks of ram individually, and 5+ passes on the two sticks together, with no errors. This is my first time building a PC, and I have previously only used Windows 7 32-b... Read more

Read other 8 answers
RELEVANCY SCORE 43.2

stats:

xp pro sp2 (legal copy)
eset nod32 anti virus

amd athlon 64x2 dual core 3800 2.01ghz
2 gigs ram

problem:

can get to myspace, but no login
can get to google, but searchs do not work.
can get to msn search, and that works fine.
most "popular" websites take very long time to load if at all...
pop ups for registrydefender.com, spicy or sweet.com, winning baccarat system.com, etc.

firefox is primary web browser.
Hijack this log is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:52 PM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
H:\Program Files\Eset\nod32krn.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\TeamViewer3\TeamViewer_Host.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
H:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
H:\Program Files\Eset\nod32kui.exe
H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
H:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
H:\Program Fi... Read more

A:ie/firefox redirects, pop ups, etc.

Hi, welcome to tsf!

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
C:\Qoobox\Add-Remove Programs.txt
New HijackThis log.

Read other 1 answers
RELEVANCY SCORE 43.2

I have been having problems after accidentaly download a video clip then downloaded a 'codec' which ended up filling my system up with spyware, i though i got rid of it all with malwarebyes (after renaming the file as it wouldnt run otherwise) anyway here are my logs. i can see a few things look a bit wrong but not sure exactly what to do. Thanks in advance

p.s the gmer file was a bit big for upload here so i had to rar it up, just rename the extention

A:Redirects (Even in firefox?)

its there anything i can do? this service is not loading up windows properly now. it just shows a black background & the mouse. im posting this using the asus splashtop browser... its getting worse & worse. sorry for the bump but im having bad trouble and i need the pc for work, many thanks in advanceedit: im back into windows after about 8 reboots... not going to shut it off any time soon but MSIVXdlmlkyrujkyxfenpkxlqpsboyljxjsan.sys seems to be the problem===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempte... Read more

Read other 8 answers
RELEVANCY SCORE 43.2

Please, help me, i have a malware on my computer. If my english is poor, zorry, i'm Spanish.
The problem is the next: I have downloaded a pdf to my computer, AVG warned me about a malware on it. I treated to delete it, but AVG, Ad-Aware don't find it. I downloaded Malware Bytes for delete it, and it did that, but the Malware remains here in some form. The Malware redirects Firefox & Explorer to Webpages:
hxxp://adsense.previewmediastation.com/r.php?r=ZjcxN2MwOGRkNjZkMTU4YTJkNTM5ODAwMzJlZWNiM2Z8aHR0cDovL2ZyZWUtdGlvIHBldHJvcy1mb3IteW91LmNvbXxmOGI1NzE3NDY2M2Q4MjVkZmE5N2U1YWRkYTA1MThkM3wwLjAwMDM4MA==&rhcpre=aHR0cDovL2FwcHNleHNwcmVzc2VkLmNvbS9zZWFyY2gucGhwP3E9dGlvK3BldHJvcw==

qujdvqlh.co.cc/scan3/53

The second has another virus.

I have, from DDS & Rootkit Unhooker this information:

 Rootkit Unhooker.txt   19.95KB
  3 downloads

 DDS.txt   9.75KB
  3 downloads

 Attach.txt   11.56KB
  1 downloads

A:Firefox & IE Redirects Me

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 43.2

First off, thank you for the help. This has been a vexing problem. It is difficult enough to be a US manufacturer with out having productivity killed for three days.I have run Malwarebytes and Spybot, both would repeatedly find 7-12 items then delete them.Then they would scan consistantly as clean, only to have more crap appear the next day.I then ran "Trojan Remover" and it found something in C:\Pgm Files\IE\ called wmpscfgs.exe. Trojan remover found it was scheduled to run every hour for the next two days. This was eliminated. Since then, the scans have been clean.I looked for the common .xul redirect file/code, but the problem occurs in IE as well, so it's not isolated to Firefox.I logged in as administrator and that profile also suffers from same, so is a global problem.My firewall settings appear to be not adjustable, as they appear to be set-up from the server (or this is a virus disguise).Here is the DDS.DDS (Ver_10-03-17.01) - NTFSx86 Run by kkrivanec at 7:57:31.63 on Thu 04/22/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.423 [GMT -4:00]FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled* {6A44CFD9-B177-457E-BB54-DF1C85C3C6FD}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\... Read more

A:IE & Firefox Redirects.

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 7 answers
RELEVANCY SCORE 43.2

Greetings. I'm new to the site but I have seen your work and have high hopes! Trend Micro, Spynomore, and Malware Bytes do not find the virus that's causing my concerns.

For a while now I've been getting random redirects to feed.bizzclick... when I click on a link from a Google search. I am running WIndows 7 on a Dell Inspiron 1525 with a wireless connection. An example of the redirect URL is:
hxxp://feed.bizzclick.com/click.php?id=8SHwF618s3IAYAS0nIp6euMgAfkj2I4r4LxsmXbhHcuemR8qeBDn_EFeriF69xegOwbud4r7UbDTT5lr-fnRG5xSeh9ZPgBxpMXr

I can't confirm that it is always this though I would guess the feed.bizzclick.com is constant and the rest is some sort of ID. I'm not sure that it is related, but I very occasionally get redirected to Happili.com when I select a link from a Google search. This is not as common as the problem I'm posting.

Best Regards,
Dylan

A:Firefox Redirects

Hello and welcome. Is this a 64 bit Win7 system?Please read and follow all these instructions.Please download GooredFix and save it to your Desktop.Double-click GooredFix.exe to run it.A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).Now do an Online scan.Please perform a scan with Eset Online Antiivirus Scanner.This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.Click the green button.Read the End User License Agreement and check the box: Check .Click the button.Accept any security warnings from your browser.Check Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)Click the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer.If offered the option to get information or buy software at any point, just close the window.The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.When the scan completes, push Push , and save the file to your desktop as ESETScan.txt. Push the button, then Finish.Copy and paste the contents of ESETScan.txt in your next reply.Note: A log.txt... Read more

Read other 20 answers
RELEVANCY SCORE 43.2

Hi,

I'm getting Firefox redirects occasionally and Malwarebytes has found nothing. Trojankiller found a few things but nothing that solved the redirects.

Can someone please help me?

Thanks
Joel

A:Firefox Redirects

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 8 answers
RELEVANCY SCORE 43.2

When I do searches on YAHOO and click a link it often redirects to INFO.COM. I get random pop-ups now even though the firefox blocker is on. Randomly when I click my AIM messenger out of the system tray, it will open IE and I get 100 pop ups a minute, the only way to stop it is to open the task manager and shut AIM down.




-----------------------------------------------------------------------
HJT LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:06 PM, on 11/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.co... Read more

A:Firefox redirects and pop-ups

Hello YSRRider,

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a probl... Read more

Read other 19 answers