Agreed, definitely malware. It may be Firefox specific, but it's likely that it's not only embedded in Firefox (i.e. strong possibility it's installed in your system and won't go away by just not using Firefox or uninstalling it). Uninstall Firefox, run an adware program like Malwarebytes or Emsisoft, then you can re-install Firefox and keep using it if you like it. Frankly, I like Chrome better and it's more secure since it sandboxes everything off from the OS, making it harder to actually infect the OS with anything bad... but if you like Firefox, you can certainly keep using it.
Right after I posted the problem, I reinstalled Firefox. The Google redirects went away, but I'm still getting the error on opening Firefox (but only when I bring up Firefox by opening a local html document). I also ran AdAware, and removed a few malicious processes. I'll give Malwarebytes a run too. Thanks! Oh, and I really want to switch to Chrome, but every time I try to there's always something that drives me nuts and back to Firefox. This time, it was the lack of customability as far as when new pages are brought up in a tab or a new window. I'm also using Firefox 3.5, because for the current version they moved the buttons around just to fuck with us, without fixing any of the browser's issues (ie, the process still hangs for several seconds after closing it, preventing you from closing and immediately reopening it).
Ran Malwarebytes, removed a couple of crappy items, rebooted... And now the Google hijacking issue is back. (sigh) Back to Chrome and mandatory tabs for now...
What firewall/router are you using? Sometimes they can be compromised and your machine can be sent to use the wrong DNS servers. Try setting your DNS in your computer and not relying on your router/firewall settings that are automatically provided to you. Also, be sure that your firewall has the latest firmware installed.
You can still customize the entire UI to your liking and pretty much recreate the old UI if you so wish. The only thing you can't do without a plugin that I've noticed, is having multiple new tab buttons. 4 & 5 are also a hell of a lot faster than 3.5-3.6.
It's a D-Link DIR-655. Firmware is current. Here's how I have it set. Am I correct in presuming that Firefox, Chrome, etc. (any browser other than IE) go from the settings in my TCP/IP properties? The preferred DNS is Cox's non-hijacking DNS server, the second is OpenDNS. Spoiler Also, this should help illustrate the hijacking issue in Firefox. Of course in the above picture I'm using Chrome, but below you can... Well, actually you can't see that my mouse pointer is over the second link, but take my word for that and look at the bar at the very bottom of the screen, and you can see the hijacked link. Before I initially clicked on it, that didn't show up; it showed the URL for epicfail.com . When I clicked on it, Avast blocked the resulting page as a reported malicious URL. Going back and hovering my pointer over it again shows the hijacked link: Spoiler Thanks, guys!
I would still bet that its a malware issue of some kind. Run your malware program again. If you notice the same trojan or whatever coming up that it supposedly removed the last time, then that is your issue. I know a lot of these things go around to manipulate affiliate programs and some use exploits that are pretty hard to completely remove. So lets try this. 1. Update everything . So run windows update and update everything. Then update all programs, be sure to include any adobe flash or java updates. These programs commonly use exploits in their code, which is why they have constant updates. 2. Run a complete malware scan, take a screen shot. Then do a search on what it found, sometimes you will need a 3rd party program to remove it. 3. Reboot, then rerun the scan, and see if the same shit pops up.
Maybe run HijackThis and post the log here. I'm not completely up on the latest malware removal though.
Definitely a malware issue from even just Googling the IP address that is showing up at the bottom of your screenshot. Download and install Malwarebytes. Update the definitions for it, and then run it in Safe Mode (tap F8 immediately after rebooting and select that). After that, run HijackThis, and post your results here.
Me and the stepson are trying to record some audio, but cannot get the computer to recognize both mikes...... It'll record with one mike, or the other,,,, but not both at the same time. I know its gotta be something simple, but I can't figure it out... Any help would be appreciated. I have no idea if it matters but I've got an Acer with Windows on it. We've tried two different sound recorders, which was the sound recorder that the computer came with, and the Pinnacle system that we bought as an aftermarket product. Thanks.
I wanted to try and set-up an automatic back-up program for my external hard drive. The HD I have didn't come with a program, so I was wondering if anyone can recommend a free, or inexpensive program that will automatically back-up a select group of files (say, just pictures, documents, videos, etc), rather than my entire hard drive? Thanks.
I'm going to assume Windows here. In that case, I'd just use the built-in Windows backups. They're free and easy to set up. The new version with Windows Vista and Windows 7 is a little more attractive but it works fine in XP too. Just head to the "Accessories" folder in the start menu and open the Backup program (under XP it's in "system tools" under "accessories" but I can't remember what it is in Vista/7 and I'm not home right now to check). Both the XP and Vista/7 applications have a wizard that is fairly easy to navigate though Vista/7 is far nicer in this regard. You can set up a schedule to do it weekly.
In Win7 it's located: Start>Control Panel>Backup and Restore Or, you can just type backup in the search bar on both Win7 and Vista. Win7/Vista: http://www.howtogeek.com/howto/1838/using-backup-and-restore-in-windows-7/ http://www.microsoft.com/athome/setup/backupdata.aspx XP: http://support.microsoft.com/?kbid=308422
Okaydoke: I first ran OTS, which removed some stuff (can't find the log from that for the life of me). I then ran Malwarebytes in Safe Mode, and found/removed the following: Spoiler Malwarebytes' Anti-Malware 1.51.0.1200 <a class="postlink" href="http://www.malwarebytes.org" onclick="window.open(this.href);return false;">http://www.malwarebytes.org</a> Database version: 6705 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 6.0.2900.5512 7/6/2011 5:17:51 PM mbam-log-2011-07-06 (17-17-51).txt Scan type: Quick scan Objects scanned: 162795 Time elapsed: 14 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\localservice\application data\020000003ce1603a1363c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\020000003ce1603a1363o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\020000003ce1603a1363p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\020000003ce1603a1363s.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000003ce1603a1363c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000003ce1603a1363o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000003ce1603a1363p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000003ce1603a1363s.manifest (Malware.Trace) -> Quarantined and deleted successfully. Finally, I rebooted in regular mode, and installed and ran Hijackthis this which yielded the following: Spoiler Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:25:59 PM, on 7/6/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avast5\AvastUI.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Subsonic\subsonic-agent.exe C:\Documents and Settings\YHWH\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Subsonic\subsonic-service.exe C:\Program Files\UltraVNC\WinVNC.exe C:\Program Files\UltraVNC\WinVNC.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Cerberus FTP Server\CerberusGUI.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a class="postlink" href="http://google.com/" onclick="window.open(this.href);return false;">http://google.com/</a> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - Startup: Dropbox.lnk = C:\Documents and Settings\YHWH\Application Data\Dropbox\bin\Dropbox.exe O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: avast! Free Antivirus.lnk = C:\Program Files\Avast5\AvastUI.exe O4 - Global Startup: Cerberus.lnk = C:\Program Files\Cerberus FTP Server\CerberusGUI.exe O4 - Global Startup: Subsonic.lnk = C:\Program Files\Subsonic\subsonic-agent.exe O4 - Global Startup: winvnc4.lnk = C:\Program Files\RealVNC\VNC4\winvnc4.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - <a class="postlink" href="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;">http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab</a> O17 - HKLM\System\CCS\Services\Tcpip\..\{7D88A054-BF2A-4A50-BA52-C0E906B65D2B}: NameServer = 68.105.22.13,208.67.220.220 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cerberus FTP Server - Cerberus, LLC - C:\Program Files\Cerberus FTP Server\CerberusGUI.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Subsonic - Unknown owner - C:\Program Files\Subsonic\subsonic-service.exe O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 5804 bytes Edit: ...And whuddya know, no error message on opening local files in Firefox. Thanks!!
If I were you, I'd remove "R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577" in Hijackthis. I've had instances where a proxy setting was fucking with search results.
So... the proxy server is likely a problem, but don't remove it through the registry. Navigate to Control Panel > Internet Options > Connections > LAN Settings and uncheck all of the boxes in the list. Firefox has its own proxy server settings that's in the Tools > Options section somewhere, check to make sure there are no proxies set in there either.
Uh yeah, Note the address? Local interface, port 5577. Some anti-virus/anti-malware software (mostly stuff released more than 5 years ago) will run a local proxy like that. Modern solutions do the same thing transparently, there's almost no good reason to run a proxy on the local interface that you have to configure in your browser - it's either sloppy dev, or a sophisticated testing setup, which seems unlikely given the questions leading us to this conversation. The only things I'm aware of that runs a local proxy on 5577 in current version are fake anti-virus products like AV Suite and AntiVirus pro. Have fun getting rid of that shit.
Wondering if anyone can help me with this: I converted some songs from youtube to mp3s yesterday and put them into my itunes. Put them on my ipod from there and they play fine. But today I went to burn a CD of the stuff I converted and itunes says they can't find the files. Checked in my itunes folder and had the computer search for them, no joy. Any ideas where they might be?