Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect


  • This topic is locked This topic is locked
16 replies to this topic

#1 gt_isa_bee

gt_isa_bee

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 26 November 2012 - 07:02 PM

Usual problem: some sort of rootkit installed that I can't locate.

Below is DDS.txt.

I've run TDSSKiller.exe then Combofix, Malwarebytes, HitmanPro, etc. (http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller). After catching a rootkit, it seems Combofix can't get it removed.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2000.1317 [GMT -8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r205445\stacsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {3F777025-3835-4117-B9FA-5E5230669310} - hxxp://law.lexisnexis.com/resources/fyi/dataflight_fyi.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxps://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348410457343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 128.111.1.1 128.111.1.2
TCP: Interfaces\{2491040F-D3F8-4F34-9262-BEC9965C2766} : DHCPNameServer = 128.111.1.1 128.111.1.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kca\application data\mozilla\firefox\profiles\ogtvr41g.default\
FF - prefs.js: browser.startup.homepage - c:\\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-6-3 386328]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-7-31 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-7-31 21352]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-8-18 455960]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-4-9 112128]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-4-9 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-4-9 244368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-9 110080]
S1 A2DDA;A2 Direct Disk Access Support Driver;\??\c:\documents and settings\kca\desktop\emsisoftemergencykit\run\a2ddax86.sys --> c:\documents and settings\kca\desktop\emsisoftemergencykit\run\a2ddax86.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2011-3-23 17432]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-26 21:09:33 256000 ----a-w- c:\windows\PEV.exe
2012-11-26 12:00:05 -------- d-----w- c:\documents and settings\kca\local settings\application data\Temp
2012-11-25 21:18:13 -------- d-----w- c:\program files\HitmanPro
2012-11-25 20:35:20 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-11-24 17:25:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-24 17:25:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-24 04:29:33 -------- d-sha-r- C:\cmdcons
.
==================== Find3M ====================
.
2012-11-24 17:24:35 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-24 17:24:35 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-09 16:23:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-09 16:23:58 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-25 11:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 11:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-22 08:43:24 1875328 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 15:47:00.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 AM

Posted 26 November 2012 - 10:24 PM

Hello gt_isa_bee,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.


Can you please post The logs from TdssKiller, Combofix.txt, And HitmanPro. Is it redirecting in all your browser or a specific one? Google Chrome, Internet Explorer, Firefox?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 gt_isa_bee

gt_isa_bee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 27 November 2012 - 11:29 AM

I'm mostly using firefox. I just tried a few pages with IE and it seemed to work fine, but I'm not sure the sample size is large enough to convince me it is firefox specific. Logs attached.

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 AM

Posted 27 November 2012 - 06:52 PM

1.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

2.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 gt_isa_bee

gt_isa_bee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 27 November 2012 - 10:38 PM

Two log files attached.

Attached Files



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 AM

Posted 28 November 2012 - 10:03 PM

1.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Things to include in your next reply::
AdwCleaner.txt
Still redirecting? In Firefox only?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 gt_isa_bee

gt_isa_bee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 28 November 2012 - 10:41 PM

Still re-directing... happens about 1 out of 10 times.

Attached Files



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 AM

Posted 29 November 2012 - 11:18 PM

Go ahead and uninstall Firefox and reinstall it. Make sure to let it delete anything it asks to delete.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 gt_isa_bee

gt_isa_bee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 30 November 2012 - 04:37 PM

I didn't allow it to delete my personal settings, etc. Still re-directing. I can re-install and delete everything, but that is going to truly be a pain.

Any clue where the problem is? Is ComboFix incorrectly detecting that a RootKit is installed?

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 AM

Posted 01 December 2012 - 12:43 AM

Are you connected to the internet through a router ?


Download the yorkyt.exe disinfection tool (1,31 MB).

Save the file to your hard disk; to the Windows Desktop, for example.
Double click the yorkyt.exe file.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 gt_isa_bee

gt_isa_bee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 01 December 2012 - 11:36 AM

Yes, connected to the Internet through a router... though I've been using this laptop from lots of different routers, all with the same behavior (so I don't think it is a router-based re-direct).

Log attached.

Attached Files



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 AM

Posted 02 December 2012 - 11:30 AM

Hello,

Did you run the yorkyt.exe disinfection tool from my previous post? If so please post its log. If not please run it and post its log.


I didn't allow it to delete my personal settings, etc. Still re-directing. I can re-install and delete everything, but that is going to truly be a pain.

Please uninstall Firefox again. This time make sure to let it delete any personal settings. This is the key. It must be a complete fresh reinstall of Firefox.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 gt_isa_bee

gt_isa_bee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 02 December 2012 - 07:49 PM

Ran it before but forgot to post log. Sorry. It's attached now.

Attached Files



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 AM

Posted 03 December 2012 - 04:38 PM

Did you uninstall Firefox and let it delete any personal settings this time. Is it still redirecting once you did so?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 gt_isa_bee

gt_isa_bee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 04 December 2012 - 07:40 AM

Searching around the web:

http://support.mozilla.org/en-US/questions/939017

Go into the Add-on's Manager (Tools..Add-ons) and disable (or delete) the Printing Helper 2.5 addon. The problem went away after I did this. If I re-enabled the addon, the problem was again present. I'm not sure where I picked up this addon (I don't ever remember installing it) or if it came with firefox, but it seems to be the culprit for me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users