Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

website redirecting? (not search engine redirect)?


  • This topic is locked This topic is locked
26 replies to this topic

#1 orangejello42

orangejello42

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:manlius ny
  • Local time:01:10 AM

Posted 22 April 2013 - 04:01 PM

hey all,

so i am sure this topic has come up a number of times, with the infamous redirect virus. i have tried several programs (tdss killer, combofix, otl, malwarebytes anti-malware, etc), and other walkthroughs to get this to work, and am having no luck.

i also noticed that this redirect does not happen in my search engine (i use bing to search, and single clicks usually send me to the right website) but when within the website itsself (it even happened here for me!) when clicking on a link, i have to click 3-4 times to get the correct link to register, or else i am redirected to a search site of some such (some i have noticed are sortspecial, findplex, smartsuggestor, and premiumxml).

about a year ago, i did have the actuall tdss redirect virus, which i was able to remove successfully. i am at a loss with this one, since noone seems to have anything on being redirected in a website rather than a search engine.

my laptop is kind of old (i am running a dell inspiron 2200, windows xp home edition sp3, will post any other info you need!) but i cant afford a new one, so if there is anything i can do to get rid of this issue, please help! also, i am sorry if this is in the wrong topic, i did read the intro post and attempted to search for an answer/self help, but could not find what i am looking for. thank you in advance!!



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:10 AM

Posted 25 April 2013 - 08:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 orangejello42

orangejello42
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:manlius ny
  • Local time:01:10 AM

Posted 26 April 2013 - 10:13 PM

thank you for helping!

 here is the combofix log:

 

ComboFix 13-04-19.01 - Alisha 04/22/2013   0:15.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.503.231 [GMT -4:00]
Running from: c:\documents and settings\Alisha\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Trend Micro PC-cillin Internet Security *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\intellidownload\gunzip.exe
C:\torrent.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-22 to 2013-04-22  )))))))))))))))))))))))))))))))
.
.
2013-04-22 04:33 . 2013-04-22 04:33    --------    d-----w-    c:\program files\AVAST Software
2013-04-22 04:31 . 2013-04-22 04:33    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVAST Software
2013-04-22 03:50 . 2013-03-06 22:33    29816    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-04-22 03:50 . 2013-03-06 22:33    368176    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-04-22 03:50 . 2013-03-06 22:33    49760    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2013-04-22 03:50 . 2013-03-06 22:33    62376    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-04-22 03:50 . 2013-03-06 22:33    765736    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-04-22 03:50 . 2013-03-06 22:33    164736    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-04-22 03:49 . 2013-03-06 22:33    49248    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-04-22 03:49 . 2013-03-06 22:33    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-04-22 03:49 . 2013-03-06 22:32    228600    ----a-w-    c:\windows\system32\aswBoot.exe
2013-04-22 03:45 . 2013-03-06 22:32    41664    ----a-w-    c:\windows\avastSS.scr
2013-04-09 23:29 . 2013-04-09 23:29    --------    d-----w-    c:\documents and settings\Alisha\Application Data\AVG10
2013-04-09 23:22 . 2013-04-09 23:22    377856    ----a-w-    C:\y1k11498.exe
2013-04-09 23:19 . 2013-04-04 18:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-09 23:19 . 2013-04-09 23:20    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-04-09 23:15 . 2013-04-22 03:45    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVG10
2013-04-09 23:11 . 2013-04-09 23:11    --------    d-----w-    c:\program files\AVG
2013-04-09 22:54 . 2013-04-09 22:54    --------    d-----w-    C:\_OTL
2013-04-04 01:26 . 2013-04-04 01:26    --------    d-----w-    c:\program files\iPod
2013-04-04 01:25 . 2013-04-04 01:28    --------    d-----w-    c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-04-04 01:25 . 2013-04-04 01:28    --------    d-----w-    c:\program files\iTunes
2013-04-04 01:09 . 2013-04-04 01:09    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2013-04-04 01:09 . 2013-04-04 01:09    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2013-04-04 01:09 . 2013-04-04 01:09    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-04-04 01:09 . 2013-04-04 01:09    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-04-04 01:09 . 2013-04-04 01:09    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-04-04 01:09 . 2013-04-04 01:09    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-04-04 01:09 . 2013-04-04 01:09    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-04-04 01:08 . 2013-04-04 01:09    --------    d-----w-    c:\program files\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-04 01:07 . 2012-04-01 04:04    693976    -c--a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-04 01:07 . 2011-06-15 03:41    73432    -c--a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2004-08-10 18:51    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:28 . 2004-08-10 18:51    2193408    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-04 04:59    2070016    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-10 18:51    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-10 18:51    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-10 18:51    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-10 18:51    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-10 18:51    385024    ------w-    c:\windows\system32\html.iec
2013-02-27 07:56 . 2004-08-10 19:01    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-09-03 08:57    12928    ------w-    c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-10 18:51    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2004-08-10 18:51    552448    ----a-w-    c:\windows\system32\oleaut32.dll
2013-04-09 23:07 . 2013-04-09 23:06    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{b120ff10-b57b-45ff-bfde-64c6253f1922}]
2013-01-17 22:45    93696    ----a-w-    c:\progra~1\SoundFrost\SoundFrost.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32    121968    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-12-09 86016]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-23 823362]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-3 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21    548352    ----a-w-    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^Alisha^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Alisha\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk
backup=c:\windows\pss\KODAK Picture Transfer Software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop iCalendar Lite.exe]
2012-06-07 01:52    957440    ----a-w-    c:\program files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 16:35    152392    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 07:12    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02    254696    -c--a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"NTService1"=2 (0x2)
"MaxBackServiceInt"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"avgwd"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"gupdate"=2 (0x2)
"Dcfssvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"CiSvc"=3 (0x3)
"Bonjour Service"=3 (0x3)
"Apple Mobile Device"=3 (0x3)
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"PcCtlCom"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\DVDVideoSoft\\FreeStudioManager.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\KODAK\\KODAK Picture Software and Apple QuickTime\\Kodak.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18969:TCP"= 18969:TCP:BitComet 18969 TCP
"18969:UDP"= 18969:UDP:BitComet 18969 UDP
"65432:TCP"= 65432:TCP:BitComet 65432 TCP
"65432:UDP"= 65432:UDP:BitComet 65432 UDP
"49422:TCP"= 49422:TCP:BitComet 49422 TCP
"49422:UDP"= 49422:UDP:BitComet 49422 UDP
"3658:TCP"= 3658:TCP:BitComet 3658 TCP
"3658:UDP"= 3658:UDP:BitComet 3658 UDP
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [4/21/2013 11:49 PM 49248]
R0 WinRoute;WinRoute;\SystemRoot\\SystemRoot\system32\drivers\winroute.sys --> \SystemRoot\\SystemRoot\system32\drivers\winroute.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/21/2013 11:50 PM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/21/2013 11:50 PM 368176]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/21/2013 11:50 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/21/2013 11:49 PM 66336]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [4/20/2011 12:21 AM 4807536]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2/18/2005 7:04 PM 205328]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/18/2005 7:04 PM 36368]
S2 OxSer;PCI Serial Driver;c:\windows\system32\drivers\OxSer.sys [8/2/2006 5:03 PM 54584]
S2 PARXPORT;PCI Parallel Driver;c:\windows\system32\drivers\parxport.sys [8/2/2006 5:05 PM 13608]
S2 WinRServ;Softex WinRoute Service;c:\program files\Softex\winroute\WinRServ.exe [8/2/2006 5:22 PM 63920]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [4/21/2013 11:50 PM 164736]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S4 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/22/2005 9:31 PM 290889]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [4/25/2005 5:39 PM 585792]
S4 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [4/25/2005 5:41 PM 262215]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 01:07]
.
2013-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-04-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-22 22:32]
.
2012-10-09 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-10 11:00]
.
2013-02-13 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-10 00:12]
.
2012-08-12 c:\windows\Tasks\jucheck.job
- c:\program files\Java\j2re1.4.2_03\bin\jucheck.exe [2003-11-19 23:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://support.dell.com/support/topics/global.aspx/support/security/security?c=us&cs=19&l=en&s=dhs&appindex=ds
uInternet Settings,ProxyOverride = <local>;*.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download with &Shareaza - c:\program files\BearShare MP3\Plugins\RazaWebHook.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
Trusted Zone: bandcamp.com\badreligion
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://208.105.231.210/Ctl/WinWebPush.cab
FF - ProfilePath - c:\documents and settings\Alisha\Application Data\Mozilla\Firefox\Profiles\1okuek85.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-21 23:46; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2011-04-21 10:31; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-22 00:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(500)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2013-04-22  00:41:10
ComboFix-quarantined-files.txt  2013-04-22 04:41
ComboFix2.txt  2013-04-22 04:21
.
Pre-Run: 7,303,880,704 bytes free
Post-Run: 7,260,114,944 bytes free
.
- - End Of File - - 59AB40624D61DF1E23F3E17CC0905AE0
 



#4 orangejello42

orangejello42
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:manlius ny
  • Local time:01:10 AM

Posted 26 April 2013 - 10:25 PM

here is the security check log. i noticed it was checking my antivirus and whatnot, until a few days ago, i was running trend micro pc-cillin 12 i believe, and it was very outdated since i had not renewed it in a while. i just installed avast! at the recommendation of a friend. if you have a better suggestion for a free or relatively inexpensive antivirus/internet security, please send me a link or let me know. thank you!

 

 Results of screen317's Security Check version 0.99.63  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 avast! Free Antivirus    
 Trend Micro PC-cillin Internet Security 12
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java™ 6 Update 33  
 Java 2 Runtime Environment, SE v1.4.2_03
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player     11.6.602.180  
 Adobe Reader XI  
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#5 orangejello42

orangejello42
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:manlius ny
  • Local time:01:10 AM

Posted 26 April 2013 - 11:09 PM

  • here is the adwcleaner log. after running this, i had to restart my computer again after it restarted from running it. it is running very slow, one of my svchost.exe system programs is maxing my cpu to 100%. am having trouble typing this.  if you have a link to help  clean/optimize please share!! :(

# AdwCleaner v2.202 - Logfile created 04/22/2013 at 00:06:01
# Updated 23/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Alisha - MUFFIN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Alisha\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\2vefli2j.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Alisha\Application Data\Mozilla\Firefox\Profiles\1okuek85.default\prefs.js

C:\Documents and Settings\Alisha\Application Data\Mozilla\Firefox\Profiles\1okuek85.default\user.js ... Deleted !

Deleted : user_pref("extensions.aniweather.timeShifted", 289389);

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0b6g1udh.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Alisha\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3265 octets] - [22/04/2013 00:06:01]

########## EOF - C:\AdwCleaner[S1].txt - [3325 octets] ##########
 

 



#6 orangejello42

orangejello42
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:manlius ny
  • Local time:01:10 AM

Posted 26 April 2013 - 11:13 PM

sadly, i just tried to click a link in this website, and it still redirected me as well :(



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:10 AM

Posted 27 April 2013 - 07:22 AM

Avast is good. Keep it up-to-date.

Run the Trend Micro completely using this uninstaller.
http://esupport.trendmicro.com/solution/en-us/1037161.aspx
===

Try this to stop the redirection.

Go StartBtn.gif > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.
Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop, DO NOT ATTACH THE LOG.

#8 orangejello42

orangejello42
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:manlius ny
  • Local time:01:10 AM

Posted 28 April 2013 - 09:25 AM

here is the roguekiller results!

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Alisha [Admin rights]
Mode : Scan -- Date : 04/28/2013 09:50:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK4026GAX +++++
--- User ---
[MBR] a00fd3e96e20554fb449e64e6b0f1397
[BSP] 7fe52d7fe465e0e6005b0ba19f807eb1 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 34844 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 71457120 | Size: 3255 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04282013_02d0950.txt >>
RKreport[1]_S_04282013_02d0950.txt


 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:10 AM

Posted 28 April 2013 - 09:30 AM

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these item below and uncheck the rest: (if found)

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND


Now click Delete on the right hand column under Options

Post back the report which should be located on your desktop.
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
Keep me posted on the redirect.

#10 orangejello42

orangejello42
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:manlius ny
  • Local time:01:10 AM

Posted 28 April 2013 - 09:55 PM

okay, here is the latest rkreport. after deleting the three files, "my computer" ended up on my desktop o_O it is usually hidden and i access it from the start menu. about to run junkware, tried to click to download and it still is redirecting me.  i wish i could post a video or some images maybe, the tab reads "about:blank" and it continues to send me to ranom search websites.

 

**edit** hold that thought, roguekiller may have worked....still have to run junkware and am going to post it shortly.

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Alisha [Admin rights]
Mode : Remove -- Date : 04/28/2013 22:50:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK4026GAX +++++
--- User ---
[MBR] a00fd3e96e20554fb449e64e6b0f1397
[BSP] 7fe52d7fe465e0e6005b0ba19f807eb1 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 34844 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 71457120 | Size: 3255 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_04282013_02d2250.txt >>
RKreport[1]_S_04282013_02d0950.txt ; RKreport[2]_S_04282013_02d2250.txt ; RKreport[3]_D_04282013_02d2250.txt
 


Edited by orangejello42, 28 April 2013 - 09:59 PM.


#11 orangejello42

orangejello42
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:manlius ny
  • Local time:01:10 AM

Posted 28 April 2013 - 10:15 PM

here is the jrt log. in regards to the svchost, i looked it up for possible issues, found a suggestion to fun tdss killer, zbotkiller, and hitman pro, they mostly found nothing, hitman cleared a couple registry things, and at least things are loading a little better, it doesnt seem to be maxing out my cpu anymore (although it is still slow). if you didnt see the edit in the post before this, the redirecting seems to be gone, but will keep an eye out for a bit. junkware also said at one point it couldnt open a file, but this was the end result of the scan.

 

***edit again*** it seems to be on and off now, was clicking around on things and still got redirected a couple times, but not as frequently as before :/ it is still as described in the previous post, i see "about:blank" and get sent to a mystery search site.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.1 (04.27.2013:1)
OS: Microsoft Windows XP x86
Ran by Alisha on Sun 04/28/2013 at 23:02:32.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\driver-soft"



~~~ FireFox

Emptied folder: C:\Documents and Settings\Alisha\Application Data\mozilla\firefox\profiles\1okuek85.default\minidumps [8 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/28/2013 at 23:06:15.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Edited by orangejello42, 28 April 2013 - 11:24 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:10 AM

Posted 29 April 2013 - 06:58 AM

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push the esetFinish.png button.
Let me know if the redirection is in Firefox, or Internet Explorer.

#13 orangejello42

orangejello42
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:manlius ny
  • Local time:01:10 AM

Posted 29 April 2013 - 09:07 PM

eset found no threats, and it did not show the "list of found threats" button, and i was not able to export to a text file. i am running firefox. i have internet explorer that never gets used (it was on the computer to start with), i noticed in a log that google chrome was on here somewhere? i have no idea where it is, if it is installed on here. one of the main places it seems to redirect is though microsoft websites, i was looking through their help pages on one occasion, and on expertzone for work (i work at a gamestop) on another, and it is the same thing every time. everything else seems alright, its just a pain when trying to get things done for work.
on another note, now that i have all these programs on my computer, should they be left there, or uninstalled? or maybe leave them a bit longer?  thank you for all of your help so far!

Edited by orangejello42, 29 April 2013 - 09:09 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:10 AM

Posted 30 April 2013 - 08:49 AM

I think you should remove Firefox using the Add/Remove Programs list.
Restart the computer and reinstall Firefox.

When all is well I will give you my cleaning speech.

Keep me posted.

#15 orangejello42

orangejello42
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:manlius ny
  • Local time:01:10 AM

Posted 01 May 2013 - 08:41 PM

alright! well, i finally got a chance to remove and reinstall firefox. played around in the trouble sites for a while, and....it seems to have worked so far! saw the "about:blank" once, but it actually went to where it was supposed to! fighting with internet explorer wasnt fun (kept getting pop-ups about having a secure connection) but as long as im not getting redirected it was worth it! hoping for no more issues!!

thank you!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users