Facebook redirecting me to Pricegrabber.com

[wompwomp]

Every now and then, for some strange reason, whenever I try to check my facebook, it will redirect me to pricegrabber.com.

It will only probably happen like once a week and only for that day. I've scanned my computer numerous times with avast-free and even downloaded a anti-malware program and still nothing.

I have purchased malwarebytes and this is still occuring. I've reset my proxy and cleared all of my cookies and nothing.

I then downloaded hijackthis and maybe you guys can assist me with this:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:48:05 PM, on 12/19/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Razer\BlackWidow\BlackWidowTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow\BlackwidowTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Queer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: BIO-Remote.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8169 bytes


I'm thinking about just reformating my computer and getting better anti-virus software. Someone told me to drop avast-free and get kaspersky. Which AV is currently the best right now? Would having malewarebytes AND an anti-virus slow down my computer?

 

[Jack]

Hello and Welcome!
With what anti-malware software did you scan your system?Was your system previously infected? Usually redirects happen because of some sort of residual damage after removing a malware infection.

Let's check a few things:

STEP 1: Check your internet connection for proxies
Proxy server prevents the user from accessing the internet,follow the below instructions to remove the a proxy server.

1. Open Internet Explorer.
   • For Internet Explorer 9 : Click on the gear icon
     
     at the top (far right) and click again on Internet Options.
   • For Internet Explorer 8 : Click on Tools, select Internet Options.
   
2. Go to the tab Connections.At the bottom, click on LAN settings.
   
   
3. Uncheck the option Use a proxy server for your LAN. This will remove the proxy server and allow you to use the internet again.
   
   

If you are a Firefox users, go to Firefox (Tools) > Options > Advanced tab > Network > Settings > Select No Proxy

---

STEP 2 : Check yourDNS settings
Check Windows 7 DNS

1. On your Start menu, open the Control Panel.
2. Under the Network and Internet section, click View network status and tasks.
3. In the View your active networks section, click the item to the right of Connections:
   
   
4. On the General tab of the Connection Status window, click Properties.
5. On the General tab of the Connection Properties window, scroll down and select Internet Protocol Version 4 (TCP/IPv4), then click Properties.
   
   
6. On the General tab of the Internet Protocol Version 4 (TCP/IPv4) Properties window, in the lower section, select Obtain DNS server address automatically.
   
   
7. Click OK and exit all the windows.

---

STEP 3 : Check your Windows HOSTS file
The hosts file is one of several system facilities to assist in addressing network nodes in a computer network. It is a common part in an operating system's Internet Protocol (IP) implementation, and serves the function of translating human-friendly hostnames into numeric protocol addresses, called IP addresses, that identify and locate a host in an IP network.
Because of its role in local name resolution, the hosts file represents an attack vector for malicious software. The file may be hijacked, for example, by adware, computer viruses, trojan horse software, and may be modified to redirect traffic from the intended destination to sites hosting content that may be offensive or intrusive to the user or the user’s computer system.

1. Go to > C:\WINDOWS\system32\drivers\etc.
   
   
2. Double-click “hosts” file to open it.You can open this file with Notepad.
   
   
3. The “hosts” file should look the same as our below code box.If there are more, then remove them and save changes.
   
   Default Host file for Windows 7
   

   # Copyright (c) 1993-2006 Microsoft Corp.
   #
   # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
   #
   # This file contains the mappings of IP addresses to host names. Each
   # entry should be kept on an individual line. The IP address should
   # be placed in the first column followed by the corresponding host name.
   # The IP address and the host name should be separated by at least one
   # space.
   #
   # Additionally, comments (such as these) may be inserted on individual
   # lines or following the machine name denoted by a '#' symbol.
   #
   # For example:
   #
   #      102.54.94.97     rhino.acme.com          # source server
   #       38.25.63.10     x.acme.com              # x client host
   
   # localhost name resolution is handle within DNS itself.
   #       127.0.0.1       localhost
   #       ::1             localhost

You can find more details on how to reset your host file at Microsoft Support Center.

---

Please tell me if you find any suspicious modification.


Security scans:
STEP 1 : Download and scan with Kaspersky TDSSKiller

TDSSKiller is a utility that was created in order to provide you with a simple means of disinfecting any system that suffers a rootkit infection.A rootkit is a program or a set of programs designed to obscure the fact that a system has been compromised.

1. Please download the latest official version of TDSSKiller.
2. Double-click on it to launch it.
3. TDSSKiller will now start and display the welcome screen as shown below.In order to start a system scan , press the 'Start Scan' button.
   
   
4. TDSSKiller will now scan your computer for the TDSS infection.
   
   
5. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
   
   
6. To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.
7. A reboot might require to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.

STEP 2: Download and scan with HitmanPro

1. Please download the latest official version of Hitman Pro.
   
2. Start Hitman Pro by clicking on the previously downloaded file.
   NOTE : If you have problems starting Hitman Pro, use the “Force Breach” mode. Hold down the left CTRL-key when you start Hitman Pro and all non-essential processes are terminated, including the malware process. (How to start Hitman Pro in Force Breach mode - video)
   
   
   
   
   
3. Click Settings to proceed to the application scan options. Note that Hitman Pro 3 is free to use for the first 30 days, after which time it will prompt you to purchase a licence key.
   In the Settings menu, ensure that the options "Create Restore Point Before Removing Files" is checked, and click OK. Click Next to continue to the scan.
   
   
   
   
   
4. The Setup screen is displayed. Here, you can decide whether or not you wish to install Hitman Pro 3 on your system. To proceed with installation, select Yes,create a copy of Hitman Pro so I can regularly scan this computer .Click Next to continue.
   
   
   
   
   
5. Hitman Pro will start scanning your system for malicious software. Depending on the the size of your hard drive, and the performance of your computer, this step will take several minutes.
   
   
   
   
   
6. Once the scan is complete, a summary of detected malicious files is displayed.
   
   
   
   
7. Click Next to start removing the infected files.Hitman Pro 3 will now cleanse the infected files, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.

STEP 3: Download and scan with Emsisoft Emergency Kit

1. Please download the latest official version of Emsisoft Emergency Kit
   
   
2. Open the EEK Folder on your Desktop and double click EmergencyKitScanner.bat
3. Click "Yes" to Update Emsisoft Emergency Kit
4. Put the mouse cursor over the "Menu" tab on the left and click-on "Scan PC".
5. Select "Smart Scan" and click-on the "Scan" button.
6. Save the scan log somewhere that you can find it.
7. Exit Emsisoft Emergency Kit.

STEP 4: Run a OTL scan

1. Please download OTL and save it to your Desktop.
   
2. Right-click on OTL.exe and select Run as Administrator to start OTL.
3. Double click on OTL.exe to run it.
4. Under Output, ensure that Minimal Output is selected.
5. Under Extra Registry section, select Use SafeList.
6. Click the Scan All Users checkbox.
7. Click on Run Scan at the top left hand corner.
8. When done, two Notepad files will open.
   • OTListIt.txt <-- Will be opened
   • Extra.txt <-- Will be minimized
9. Save the scan log somewhere that you can find it.

What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):

1. Kaspersky TDSS Killer log
2. Emsisoft Emergency Kit log
3. OTL.txt
4. Extras.txt

---

Someone told me to drop avast-free and get kaspersky. Which AV is currently the best right now? Would having malewarebytes AND an anti-virus slow down my computer?

You can start a thread in our PC Security Configuration Wizard and we will give full support to build up a solid defense for your system.

 

[malwarekiller]

hi please re-run hijack this and select the below entry and click fix checked:

O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE

As a further note,dont use hijack this as it is very weak tool and it cant establish the currently needed data.....OTL is one good replacement to it....it would be better if further OTL logs are supplied instead of HJT logs.

And sorry for the interuption jack u have this topic with u.