Computer Support Forum

Malware preventing software updates, and diverting search links

Question: Malware preventing software updates, and diverting search links

Hi, my computer somehow picked up some nasty little programs that caused a lot of problems. This is my first time posting on a tech help forum so I hope I followed the rules correctly. If I've done anything wrong or you need some information I didn't supply, please let me know and I'll try to correct it ASAP.

Thanks in advance for your help :]
Okay, here's an outline of my problem:

Initially the desktop of my computer was changed into a screen that read "Warning! Spyware has been detected on your computer!" in Blue and Yellow text.

I downloaded and ran a few different antispyware programs:
SUPERAntiSpyware Free Edition
Dr. Web Cure It!
and Malwarebyte's Anti-Malware

Each of these programs detected some things and I had them remove them.

The desktop issue is no longer present now, however two issues that I know of remain.

I use Mozilla Firefox 3 and it works normal, same homepage and everything, except when I do a search in google, I can not follow the links. If I click on a link it'll divert me to some other things.
At first the links (under properties) all lead to some weird website that started with an "a" sorry I don't remember what it was...

Now all the links are to a go.google.com/? followed by a ridiculously long string of characters.

Some of the redirects try to get me to download some pseudo antivirus program antivirus 2009? I think it was called.

Other issues I have is I can't access any help sites with my computer (I'm using another computer in the house to type this up). If I try to go to a website like this it'll give me a could not load page.

Also none of my programs can update (they're all blocked from their update sites, prompting me with a "make sure windows firewall isn't blocking..." which it is not)

My computer runs on Windows XP service pack 2

here's the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:41:17, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\InterAct\Gaming Devices\JoyAct.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: &ZuneIt - {A8533C62-9399-4640-B36B-D1DDE91EB8B1} - mscoree.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Games\Free Download Manager\iefdm2.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: InterAct Profile Activator.lnk = C:\Program Files\InterAct\Gaming Devices\JoyAct.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Games\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Games\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Games\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Games\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ZuneIt - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 6981 bytes

More replies
Relevance 100%
Preferred Solution: Malware preventing software updates, and diverting search links

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 89.79%

I am having a problem when searching using google. Not all the time, but sometimes when I click a link of something I've searched and i know the link is valid, it redirects me an goes through the base site "ohtgnoenriga.com/......." before going to a random website.

I first suspected that I had some type of browser hijacker so I initially ran my anivirus Symantec Endpoint Protection on a full scan and all it came up with was some tracking cookies which I had deleted. But that didn't solve the problem.

Then I noticed in my task manager in the processes there were two exe files (lbx.exe and ltypea.exe) running that were foreign. So i stopped the processes and deleted the source files and they haven't appeared since.

Then i downloaded malwarebytes and ran a full scan and it picked up 5 trojan files and they were either trojan.downloader or trojan.FastAlert. I had those cleaned and deleted and my initial problem wasn't as severe as it was, but it is still happening.

So now I have downloaded HiJackThis and am posting the log file to see if any further diagnosis can be done.

I'm running Windows 7 Ultimate and using the Mozilla Firefox browser.
As I know of, it only happens in the firefox browser and only the google search engine but i haven't tried any other search engines or browsers. I've also tried uninstalling and reinstalling firefox.


LOGFILE
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:25:06 AM, on 5/... Read more

Answer:Diverting Google Search Links Problem

16 more replies
Relevance 72.57%

Hello,
I have the following symptoms:
Google update is crashing
Google chrome can no-longer access webpages
Firefox and Internet Explorer will jump to incorrect malicious sites when I click on links given by a google search
Cannot access antivirus sites (like this one) from browser
Anti virus software cannot update
System sometimes freezes during startup when not running in safe mode

I ran the log generators in safe mode and results are below.

GMER would not run.

Any help will be appreciated.



DDS (Version 1.0) - NTFSx86 NETWORK

Run by user2 at 10:59:13.37 on Sat 11/29/2008

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1710 [GMT -8:00]



============== Running Processes ===============



C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware_2008\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Documents and Settings\user2\Desktop\dds.scr



============== Psuedo HJT Report ===============



uStart Page = hxxp://www.google.com/ig/dell?hl=en

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en

mDefault_Page_URL = hxxp://www.dell.com

mDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext ... Read more

Answer:Virus redirecting google search links and preventing access to Antivirus sites

Rename Gmer.exe to Omer.exe. Then try running it.

8 more replies
Relevance 71.34%

Info in this thread:
http://forums.techguy.org/windows-nt-2000-xp/736643-automatic-updates-rundll32-error.html

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:39 PM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avi... Read more

Answer:MalWare preventing Automatic Updates?

Er hm, was I suppose to post the HJT log while in non-safe mode?
 

1 more replies
Relevance 71.34%

Hello.

I posted in the Vista section about trouble I am having with updates installing. One person replied that "[b]ecause of the large number of problems in category items that [I] posted, and the corrupted SFC store," before I do anything else, I should post in this forum to make sure my system isn't infected.

To briefly summarize what I posted over there, I can't get some updates to install, and I have some corrupted files (or corrupted something . . . I honestly don't know enough to know what the problem is).

Here is what I got when I ran the dds:


DDS (Ver_09-03-16.01) - NTFSx86
Run by admin at 16:00:03.31 on Thu 04/16/2009
Internet Explorer: 7.0.6000.16830 BrowserJavaVersion: 1.6.0_07
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2037.1118 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkS... Read more

Answer:Possible malware infection preventing updates

Hello ti2,

I'm not seeing any malware in these logs. You can run an online scan and see if it detects anything lurking about. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.



Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

2 more replies
Relevance 71.34%

Hello guys, I hope I've posted this in the correct place. I'm only averagely tech minded so I'll try my best

I'm running Windows XP (sp3) and mostly use Chrome browser with IE occasionally.

My Avira Free has refused to net update for over 24hrs, and when I look at Internet Options I see the 'use proxy server' button is checked although I've previously un-checked it. I've managed to download manually from Avira and am currently running a scan with it & Malwarebytes.

I have some log files but I take notice of the warning against posting hijack this logs in this forum.

There are several processes & files that look decidedly fishy to me but am not sure of where/how to proceed. "ProxyServer = http=127.0.0.1:49717" for example!

I also use Malwarebytes free version & update & scan regularly with this & Avira free AV.

I usually scan any potentially fishy files with AV & MWB before downloading but something's gotten through (could be another user when I've not been here is responsible) or can hardware like a cheap chinese USB hub be responsible?

Answer:malware &/or virus (I think) is preventing AV updates

Welcome joolzLet's run these as I feel you have a rootkit.Many malwares like to change the proxy setting on you.Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.... Read more

10 more replies
Relevance 71.34%

Hello,

After viewing some great tech support on your forum today that looked like a similar problems I am having, I decided to join the site in hopes of getting the same help.

I went ahead and made a log1, log and info files via that .bat file mentioned in someone elses topic but I also read that I'm not suppose to post any of that until asked. Sooo... I'll wait. :0)

Problems? Well, Avast seems to have more more traces off the viruses I mentioned in the description however I am still unable to update any malware/spyware protection software in order to run it on this laptop; moreover I am unable to get to the windows update page to try to update the computer... the owner of this laptop said they received an update from windows about a month ago.

When I click on the windows update from my programs files, I get directed to google search instead. :0( Before running the avast(avg was installed before but stopped responding) I would get directed to a depression website when trying to type in microsoft.com

Pleaaaaaaaaaaassseee send help.

I'm on windows xp 2002 home edition service pack 3. Thank you

Answer:Windows updates shows google search instead, can't update any spyware,malware software, can't download/install programs...

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

15 more replies
Relevance 70.52%

Hi Guys,

I could use some help getting rid of some malware that has been vexxing me for quite a while now. Looking back at my windows update history, I have been unable to install Vista Security Update KB979683 since 16 Apr 10 with it attempting to install everyday since then and always getting the same error 'FFFFFFFF'

I was unable to get a RootRepeal log as the program would use up all my RAM (2GB) and then just exit itself after about 20 mins.

My logs are attached. Thank You!
 

Answer:Malware preventing Vista security updates

Welcome to Major Geeks!

You ran steps in safe boot mode not normal boot mode. You should be running in normal boot mode to get proper logs unless that is not possible.

Also you skipped running step 6 of the READ & RUN ME so we cannot tell whether you have a Master Boot Record rootkit infection or it is just the disk emulation software you did not disable. To properly continue, you will have to run this step and then rerun MGtools and attach a new log; however, based on the sum of all logs, I don't think you are having malware problems.

While problems with Windows Updates can sometimes becaused by malware, it is quite frequently not malware. It could just issues with Windows itself or it could be your own protection sofware. You could try shutting down Symantec and Windows Defender and see if you can update.
 

3 more replies
Relevance 70.52%

Whenever I click a link in google it diverts to other sites, mostly video type or ebay. I have run spyware removal and it still happens. Please help DDS (Ver_09-03-16.01) - NTFSx86 Run by mistique at 16:32:53.32 on 22/04/2009Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.1015.283 [GMT 1:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\ATK Hotkey\ASLDRSrv.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Program... Read more

Answer:Google links diverting in firefox

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 69.7%

What a fantastic site! Please can you help? For the last few days when clicking on a link in google/yahoo etc I have been diverted to other search engines and websites. When I click on a link, IE is also opening new windows and loading random/ad sites. I have also been getting "fake" windows security messages but Malwarebytes anti-malware seems to have dealt with this - I have macafee installed but this hasn't picked anything up; I downloaded Malwarebytes 2 days ago and this quarantined several items. My computer has also become really slow over the last few days and has started to crash intermittently today. Many thanks in advance for your help.DDS (Ver_10-03-17.01) - NTFSx86 Run by Karen at 14:53:53.75 on 23/07/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1534.874 [GMT 1:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:�... Read more

Answer:IE opening random windows, links diverting

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

15 more replies
Relevance 68.88%

This topic is tied to the following post: http://www.bleepingcomputer.com/forums/t/304226/unable-to-update-mbam-spybots-d-or-avg/I have malware on my machine that prevents me from updating any of my security apps (MBAM, SpybotS&D, AVG). If I do scans with them in both regular and safe mode I receive no results.Steps i've already taken with the help of a moderator includes: - running fixexe.reg - running TFC - running rkill - running SuperAntiSpyware - re-running MBAM (to no avail)Now I have run Defogger, DDS, and GMER and will post the results per the guidelines and attach the appropriate files:DDS.txtDDS (Ver_10-03-17.01) - NTFSx86 Run by Duong at 20:43:34.07 on Mon 03/22/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1270 [GMT -8:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) coloro:#E567177FW: ZoneAlarm Firewall *enabled* coloro:#E567176FW: NVIDIA Firewall *disabled* coloro:#E567175============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Juniper Networks\Common Files\dsNcService.exeC:\Program Files\NVIDIA Corporation\... Read more

Answer:Malware preventing security apps updates (i.e. MBAM, Spybot, AVG)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

27 more replies
Relevance 67.24%

Ive barely been using the net for anything except pc advisor (!) and earthcam (right now), no downloads, yet a recent warning from avira reveals:'C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\4o5ge2n1.default\Cache' contains :-'HTML/Infected.WebPage.Gen' [virus]'C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\' contains :-'JAVA/Agent.nai' [virus]'EXP/Java.3243' [exploit]after a full avira scan, it was only these cache folders that contained infected files, and nowhere else. is it possible that all this supposed malware is due to merely browsing? or could unwanted/hidden installed software purposefully load things from web locations into these cache folders? I already have spywareblaster, malwarebytes and avira on this xp system together with online armor. If I disable certain settings for webpages in firefox such as javascript far too many sites refuse to work... aside from having a good antivirus scanner, is there anything else I can use to stop junk being loaded into these java and firefox cache folders? or is it likely that avira does this anyway and warned me immediately as soon as these files appeared on my system? I have recently updated avira, so im hoping they werent false positives that im being warned about as possible infected files.

Answer:software preventing malware in java+firefox cache?

is it likely that avira does this anyway and warned me immediately as soon as these files appeared on my system?Yes virus and malware can be downloaded to your machine via Java applets this is why some of use WOT to try and avoid nasty sites.Just delete the cache and rescan.

3 more replies
Relevance 66.42%

As stated, I need help regarding this.
I've tried to clean remove MBAM and re-install it but to no avail.
When I run the installer, it states, "CreateFile failed; code 80. The file exists".
And when I tried searching it, I can't find the file.
 
I uninstalled my outdated Avast Antivirus and installed the latest one, and the program won't run either.
 
Can anyone kindly assist me with this? ):
 

Answer:Virus/Malware preventing me from starting MBAM and my Antivirus Software.

Hello haekaru -
Are you stable to run in Safe Mode With Networking ? Ask if you need help.How to start Windows in Safe Mode
 
Download Malwarebytes Chameleon technologies get Malwarebytes Anti-Malware installed and running when blocked by malicious programs.
 
Usage -
Download Chameleon from the link to the right.
Unzip the contents to a folder in a convenient location.
Follow the instructions in the included Chameleon CHM Help File
Or if the help file will not open, simply try to run the files by double-clicking on them one by one until one of them remains open, then follow the onscreen instructions.
 
 
Thank You -
Edited to add Safe Mode link -

2 more replies
Relevance 65.6%

Hi fantastic people!

I'm in a rutt and I need your help. My system is infected with malware because it's doing several things:

1) It started being awfully slow 2 days ago and it freezes on me any time I try to run any browser. And I regularly run super anti Spyware and malware bites so it cleans most things.

2) It paralyzes any anti virus software I try to run a third into its analysis then everything freezes and I have to restart my laptop.

3) I can't open any exe files I download whatsoever. I tried downloading adwcleaner but I couldn't even run the exe files or any other exe files at all.

4) Netflix started crashing on me for no reason and that was my first clue into finding out it's malware.

I already backed up all my files, pics, music, and documents. I am attaching a picture of TSG below because I'm sending this from my phone as I'm having all sorts of issues with my browsers crashing. I'm looking at buying a new laptop because I'm definitely due for an upgrade but I would like this one to run a bit longer if possible because I'm too busy to adjust to a new laptop now. Geek squad want $150 to clean it up. Any other alternatives?! Please help it's desperate!

Thank you so much in advance
 

More replies
Relevance 65.6%

Hi fantastic people!

I'm in a rutt and I need your help. My system is infected with malware because it's doing several things:

1) It started being awfully slow 2 days ago and it freezes on me any time I try to run any browser. And I regularly run super anti Spyware and malware bites so it cleans most things.

2) It paralyzes any anti virus software I try to run a third into its analysis then everything freezes and I have to restart my laptop.

3) I can't open any exe files I download whatsoever. I tried downloading adwcleaner but I couldn't even run the exe files or any other exe files at all.

4) Netflix started crashing on me for no reason and that was my first clue into finding out it's malware.

I already backed up all my files, pics, music, and documents. I am attaching a picture of TSG below because I'm sending this from my phone as I'm having all sorts of issues with my browsers crashing. I'm looking at buying a new laptop because I'm definitely due for an upgrade but I would like this one to run a bit longer if possible because I'm too busy to adjust to a new laptop now. Geek squad want $150 to clean it up. Any other alternatives?! Please help it's desperate!

Thank you so much in advance
 

More replies
Relevance 65.6%

Hi,I'm having a virus problem and I wonder if you can help me, it started maybe a little over a week ago, with my browser being diverted to advertising whenever i click on the results of a Google (or other search engine) search, Firefox prevents popups but I'm getting the notice more frequently that it had prevented a popup.And MalwareBytes won't run, which leads me to believe there's a block on it.I Hope I have successfully attached the logs you need.Hoping you can help,M.M.(Note: I'd like to get rid of "spysweeper" which was installed without my permission when I bough this machine 4 years ago, and now does nothing but generate "your subscription has expired, pay us for the full version" notices about every 2 hours for the last 3 years, is there an easy way to get rid of that too? and what do you recommend to replace it besides Mallwarebytes, and a good firewall?) DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 22:59:39.96 on Tue 02/16/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.319 [GMT -5:00]AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLau... Read more

Answer:Virus Diverting search resulst (Hijacking)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

12 more replies
Relevance 65.6%

I cant get the dds to run and the following comes up with a error message so I dont think it finished, I've saved it anyway.. please help

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-06 12:33:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapog.sys
---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0x91A3EFA2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0x91A3FA38]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (RapportCerberus/Trusteer Ltd.) ZwCreateThread [0x92A4499C]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (RapportCerberus/Trusteer Ltd.) ZwDeleteFile [0x92A439F8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/... Read more

Answer:Google keep diverting to urlseek and other search sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

2 more replies
Relevance 65.6%

I am using Window XP and Internet Explorer 8. I was on the internet and alerted by McAfee to block a site. I did this and got off the internet. Next day tried to do a system restore, as I was nervous, and received message, "system restore has been blocked by group policy". In addition, my search engines keep diverting me. Spent day running Malewarebytes (33 problems), deleting McAfee and installing Microsoft Security Essentials, running scans, updating windows, running scans. All is working well today except the search engines. If I type in a seach, a list of appropriate sites will appear. When I click on a site, I am diverting to a random site, no pop ups are occurring. If I type an address in the address bar, I can access that site. I assume my search engine has been hijacked. I am including the results of HJT in case they are needed. Thank you in advance for any help.
 

Answer:Search Engines Diverting to Random Sites

13 more replies
Relevance 64.78%

Hi,I've taken over my boyfriend's old laptop, which is in a bad state after about 6 years of him downloading dodgy porn with absolutely no protection on it whatsoever! I've got rid of most of the infections with various anti-spyware/virus programs and am now left with an intermittently recurring Qhosts infection and a problem with the web browsers (it's got IE6 and BT's Yahoo browser, which I think is some sort of Mozilla customisation) in that if you type in a website address that would normally give you a 404 error, it diverts to sites with loads of porn links, e.g. www.qwerti.comI've followed all the steps in the preparation post and this is the HijackThis log I got at the end. Any help in getting rid of the last lurking nasties would be much appreciated. CarolineLogfile of HijackThis v1.99.1Scan saved at 15:25:25, on 07/05/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\ZONELABS\vsmon.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\hidserv.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\System32\WBEM\WinMg... Read more

Answer:Browser Diverting To Various Adult Search Pages - Qhosts?

Hello,I notice that you do not seem to be running Antivirus software. This is somewhat suicidal in today's digital world. (Unless you have Zonealarm with the Antivirus present.)That's why I want you to install one first.Avira, AVG OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.Then reboot.After reboot,* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =R3 - URLSearchHook: (no name) - _{6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)O4 - HKLM\..\Run: [FHAPage] C:\WINNT\system32\shdocha.exe homeO4 - HKCU\..\Run: [Internat.exe] internat.exeO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://webgames.d.tmsrv.com/c=99505294ece8...aploader_v6.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2593CF36-53D4-41B6-87A0-... Read more

8 more replies
Relevance 61.91%

Our computer had a couple of popups saying we had a computer virus now we notice that the search on google or other search engines work but when you click on the link it takes you to some other page. It appears to be related to the scour virus I've seen information on. I tried a couple things I saw online but nothing has worked. I have followed the instructions on your page to get help. here is the DDS.txt file text, and I attached the other two files, thankyou for any help.DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24Run by Amy at 0:27:10 on 2011-06-25Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3062.1574 [GMT -4:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system3... Read more

Answer:Apparent Malware causes search links to go to other webpages

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 61.91%

I've been having problems clicking on search results on google and yahoo. I get redirected to another unknown site for a second (eg: aah-uk.org, findmaterial.info, and many more). Then I get sent to a commercial website (some companies I have heard of and others not). I have tried my own antivirus and antispy software, avira and spybot. That found some things but nothing that would have caused this problem and the problem has not been fixed. Online scans have found nothing. Here is the report from the utility:
DDS (Ver_09-05-14.01) - NTFSx86
Run by Darren at 21:54:25.76 on Thu 05/28/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2814.1243 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k ... Read more

Answer:Malware redirecting my search engine links

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 61.91%

[attachment=75747:Attached_zips.zip]I have norton 360, no help with this issue. All my links are getting randomly redirected on the first click.I believe I have collected the info needed for analysis. (also see attached) Thanks in advance for the help!!DDS (Ver_10-10-10.03) - NTFSx86 Run by John at 6:59:24.14 on Fri 10/15/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1966 [GMT -4:00]AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 Premier Edition *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScrib... Read more

Answer:Malware issues, search links redirected

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

22 more replies
Relevance 61.5%

I am having an issue with, what I believe is, the google redirect virus or whatever it may be called now. It all started last week when I was working on my accounting homework for school and was working between Microsoft Word 2007 and various websites in IE9 (running Windows 7). I was working on my homework when suddenly all of the windows closed without warning (internet, word, and windows explorer) and my computer restarted. When Windows reloaded, my desktop background had changed to solid black and half of my desktop icons went missing. The more I did to try to fix it, the worse it got and the more icons disappeared. I found a thread on this forum that described the fix and followed it step by step. I downloaded and ran Malwarebytes, the unhide program (i dont recall the proper name but the icon is a white briefcase with a red cross on it), and another program that I renamed to iexplore.com per the instructions. I was able to restore the desktop icons and full functionality of the computer after doing that process. Although I was never able to run TDSSKiller (even with the disguised version) or Kapersky...couldn't even install them.

Now I am living with the issue of the redirected search links. I can get to Google (or any other search engine) and search normally, but when I click the link that I want, it will take me to some other random website having nothing to do with my search (for example, i search for Bleeping Computer and click the link for www.bleepin... Read more

Answer:Malware or virus is redirecting search links but is not detectable with anti-virus/malware programs

Do not run any tools unless instructedDownload Listparts from hereFor 32 bitList parts 32For 64 bitList parts 64Launch it,click on SCAN,post the log

22 more replies
Relevance 61.5%

Hi, I am running my laptop with Windows 7 and I have a virus that I am unable to get rid of. My laptop will stream audio at random for 15 seconds to a minute. I have tried using MalwareByte's Anti-Malware and some other antivirus programs, but have been unable to stop random audio starting on this laptop. I am also unable to install any Window Updates and google and yahoo redirects me to another site anytime I go to click on a link from a search. I do not know what else to try or what to do. Any help is greatly appreciated.DDS LOG: .DDS (Ver_2011-06-01.06) - NTFSx86 Internet Explorer: 8.0.7600.16385Run by JEN at 20:33:46 on 2011-06-01Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1504 [GMT -5:00].AV: avast! Antivirus *Disabled/Updated* {20B878C2-E6E2-4EFF-ADB5-C3E74BCBA535}77SP: avast! Antivirus *Disabled/Updated* {20B878C2-E6E2-4EFF-ADB5-C3E74BCBA535}66SP: Windows Defender *Enabled/Updated* {20B878C2-E6E2-4EFF-ADB5-C3E74BCBA535}55.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalSe... Read more

Answer:audio plays at random, won't install windows updates, and redirects google search links;

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

81 more replies
Relevance 61.5%

Hi,I am using WinXP with Firefox and every time I do a search on google and click on any of the link, the page is diverting to some other websites. Also, some of the settings like winxp theme is disabled and chrome is hang on opening. I have followed the instructions in "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" However, when I try to run GMER, after few minutes a blue screes flashes out and machine reboots. Any help will greatly appreciated.ThanksDDS (Ver_10-03-17.01) - NTFSx86 Run by Mohanty at 19:42:03.71 on Fri 05/28/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1236 [GMT -4:00]AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WIND... Read more

Answer:Malware Infection: Google Search Links Diverted

Hello and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\*. /mp /s%SYSTEMDRIVE%\*.exenetsvcsmsconfigdrivers32CREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

3 more replies
Relevance 61.5%

Here is the situation I have:
Machine: 64 bit Windows 7, with all updates current
Microsoft Securities Essentials.

My google search results on IE redirects to sites other than I clicked on. The latest click on a simple search result one took it to some site in NZ that was telling me that there is malware and wanted to test my computer. Since it would not take no for an answer, I had to kill IE with task manager to get out of it. It was doing the same with Firefox, but I found an add-on that I had not put there and disabled it. Since then, Firefox seems to be OK. I did notice that the add-ons that seemed to be the culprits were installed on 6/3/2011. Not to say that's the problem start date for sure, but that does fit the infection start date. There were mighty suspicious add-ons in IE that I disabled (neither IE nor Firefox seem to have an uninstall) but it does not seem to have stopped the symptom (redirection) let alone the cause.

The DDS log is pasted below. Skipped GMER as the machine is 64 bit.

.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Kavindra at 10:03:57 on 2011-06-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.6369 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9... Read more

Answer:Malware redirecting google search result links

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

14 more replies
Relevance 61.5%

Hi,I am having a problem when browsing the internet in that clicking on links will often take me to other search engines or advertisements. I wouldn't be surprised if my computer is infected with numerous pieces of malware or spyware that I would like to remove if at all possible.Thank you in advance for any guidance you are able to give me.Below is a copy of the log I got from HijackThis (which is also attached):Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:09:51, on 30/07/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exeC:\Program Files\F-Secure Internet Security\Anti-Virus\F... Read more

Answer:suspected malware - search engine links redirecting

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 61.5%

Hi there,

Something is redirecting my Google search result links to sites like: hxxp://mugyra.org/sutra/in.cgi?15=&ID=18254&fb=WVRveU9udHpPamc2SW5WelpYSmtZWFJoSWp0aE9qTTZlM002TWpvaWFXUWlPM002TnpvaU1qWXdPVFF5TVNJN2N6b3hNam9pWVdSMlpYSjBhWE5sWDJsa0lqdHpPalU2SWprNU16RXdJanR6T2pRNkltdHdjR2tpTzNNNk5Ub2lNVGd5TURjaU8zMXpPak02SW0xa05TSTdjem96TWpvaU1tVTRNRGc0Wmpsak5URXdObVZsWVRSaE5qWXhOekF3TkdFek56bGxNR1VpTzMwPQ%3D%3D

hxxp://www.oozm.com/nz/iquiz2/?p_id=3236&subid=234353&uc=739371_9230_153_4b1a52ac_de9bb416_0_1_0

and search4all.com

The results themselves display correctly, it is only when trying to use the direct links that there are problems. I'm using the latest version of Firefox, Avast!, Malwarebites and Ccleaner (although I realise that this one has little to do with the situation). None of these identify/fix the problem.

It is worth noting that the hijacking isn't %100 effective, and sometimes the page does not redirect to the incorrect site.

Logfile is below.

---
DDS (Ver_09-12-01.01) - NTFSx86
Run by OEM at 1:26:15.01 on Sun 06/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1279 [GMT 13:00]

AV: avast! antivirus 4.8.1368 [VPS 091205-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\... Read more

Answer:Malware is hijacking my Google search result links

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 61.09%

This malware problem started with my google searches being redirected to ads. In the last day, advertisements have started popping up on any Firefox page, and internet explorer is opening up 40-100 pages! I tried to install spybot, but it will not install because of the virus, nor will windows defender update. Please help!

DDS (Ver_09-03-16.01) - NTFSx86
Run by Rich at 18:42:49.97 on Mon 05/11/2009
Internet Explorer: 7.0.6000.16575 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1918.968 [GMT -4:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDevi... Read more

Answer:Vitus/malware not allowing updates, changing google searches to ad links

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 60.68%

Thanks in advance for your help.My computer seems to have been hijacked by Malware.Anti Malware software Malware Bytes or Spybot don't show anything.Please suggest some options to try.Please find below my DDS log and Hijack this log. Let me know if you need other logs.Thanks,BokaDDS (Ver_10-03-17.01) - NTFSx86 Run by TOSHIBA USER at 11:58:19.46 on Wed 05/05/2010Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.751.411 [GMT -4:00]AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\ACS.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exesvchost.exesvchost.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\TOSHIBA\TME3\Tmesrv31.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS... Read more

Answer:Malware: search links hikacked plus bot accessing random websites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 60.68%

This has been happening for about a week. I noticed blue coat k9 web protection was blocking sites that somehow got linked from google search links. I have used free version of AVG, spybot and malwarebytes to find the problem(s), but they still exist. I would like to uses Combofix but will need help.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:malware linking me to malicous site from google search links. help.

Yes you don't want to do that. Runing Combofix unsupervised..... is ill advised!! This is a complex and powerful tool that should not be used except under the supervision and direction of a malware expert. It can and will render your computer unbootable permanently!! Also realize that in most circumstances a single run of Combofix is ineffective. Specialized scripts will be written specifically directing this program to clean-up based on your logs!! Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

3 more replies
Relevance 60.27%

All of the sudden I ran into major malware issues. My search links in google were redirected to adsites and any website that looked helpful would not be found. Pretty much any website related to virus help was blocked. My system restore was also blocked in the sense that if I attempted it, I could get to the confirm page and then clicking next did nothing.

Now, I was finally able to copy over the registry files from a previous restore using the windows xp recovery console from my Dell backup disk. It's allowed me to get to the point of being able to post on this forum, download hijack this and get the log.

The previously blocked Malwarebytes found nothing, spyblocker search and destroy removed win32.agent and win32.banker. AVG popped up immediately after I got back into windows with this new registry with a few trojans to heal.

So what's left? here's the log
(by the way I haven't restarted yet after the Spybot run, I notice this in the log. Am about to do that.)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:56 PM, on 3/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\sp... Read more

Answer:Search links redirected, helper software blocked, some websites disabled

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
If TeaTimer gives you a warning that changes were made, click the "Allow Cha... Read more

7 more replies
Relevance 60.27%

Hi,

I realized that on my home PC, search results from google/yahoo/Bing get relinked to random websites, most of them are other search websites with a bunch of advertising (this occurs on both Firefox Ver 3.5.6 and IE 7.0) The computer is also running much slower compared to before. The PC has Windows XP SP3.

I first ran CCleaner (check all boxes under "Windows" and "Application") to get rid of junk files and internet cache, then I ran AVG Virus Scan, Ad-Aware, and Malwarebytes in the respective order. No infection are found by running these anti-virus/spyware programs. However, unfortunately the redirecting issue still exist.

Below is the HijackThis log after I did all the scans I described above. At this point, I'm not sure what else I can do to diagnose the problem.

Your help and suggestions are greatly appreciated! Thanks in advance!!

------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:56 AM, on 1/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Progra... Read more

Answer:Search results redirect links, suspect malware/virus exist

Downloaded spybot - search and destroy and ran scan, did not find anything infected.
 

1 more replies
Relevance 60.27%

Last night I was hit by a bunch of viruses which Malware Bytes seems to have fixed, however now nearly all search engines redirect me to incorrect and dangerous websites. I've prepared the DDS Logs, Rootrepeal and a HijackThis! log as well. Any help would be appreciated, I seriously don't want to format so a fix would be fantastic. Thanks.DDS Log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Nick at 19:34:58.84 on 15/01/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_12Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.2815.1653 [GMT 0:00]AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\... Read more

Answer:Infection redirecting all search engine links to advertising/malware pages

It's been a few days so I hope you don't mind me bumping the topic, the problem is still present and I've tried various things with no luck however I havent tried to use ComboFix or any other tools which reccommend expert advice. Can someone please help?

4 more replies
Relevance 59.45%

Recently a malware has infected my laptop and it makes web browsing reasonably slow (especially loading sites). I have ADSL2+ it's pretty fast before this infection.Here are the symptoms:1. I use Firefox 3.0.11 and my home page is the default Firefox google page. When I open up the browser it trys to find the homepage for a while but fails giving the "Redirect Loop" error. 2. When I do a google search and try to open a link, the window will re direct it to another site (completely different from the URL displayed in the search results) first it used to redirect me to a random MySpace page and then to you tube. but now it's erratic. It redirects me to all sort of random sites. I had to wait till this random site completely loads up and then close the tab and try clicking the search results to open the correct page. Usually this works. but some times i had to do it the 3rd time too.I even tried copying the URL from the search result. some times it works but most of the time it loads a random site.This happens only for the 1st click of the search result (regardless the order of it) then all the other links start to work OK.3. Also I noticed when opening web sites (either from a link or from a direct URL typed in the address bar) it takes unusually long time to open the site. the status bar displays messages like "Waiting for site" "Connecting to the site" and "Reading.." messages (among others) wrapidly and then loads up the page.This dela... Read more

Answer:Malware - Firefox google search links open myspace and other unwanted sites

Hello rizi,I see remendents of Symantec/Norton antivirs in your log. Are you running two antivirus programs, Symatec/norton and ZoneAlarm Security Suite Antivirus? ***************Uninstall J2SE Runtime Environment 5.0 Update 7 as that is ancient and a malware magnet. ***************Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.***************Disable Ad-Watch to make sure it won't interfere fixing.Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Not... Read more

6 more replies
Relevance 58.63%

Hello everyone,

After a malware infection, my Windows 7 tries to search for updates, but can't.
Every time I get the error code 8024402C.

I ran Fix WU and Windows Repair from this forum, but that didn't solve the problem.

Does anyone have an idea on how to resolve this issue?

thanks in advance!
 

Answer:Cannot search for updates Windows 7 after malware issue

Hi have you fun the following HERE

If you have and still have the same issue then malware may still be on your PC as its sneeky and while many all in one security apps may remove most some malware is generally left so best to run the below and if you are given the all clear then post back here and we can try other routes.

But best to be malware free first





Please read and follow the following READ & RUN ME FIRST. Malware Removal Guide and once finished please start a new thread in the Malware Forum plus a guide on how to attach the logs HOW TO: Attach Items To Your Post Click to expand...


 

2 more replies
Relevance 58.22%

When I browse in Internet Explorer, at frequent intervals ads will popup for either DirectTV or PolicePro Antivirus. If I type a search term into google, 4 out of 5 times if I click one of the links in the search results, it will redirect to a strange website. I have avast antivirus running and it detected a rootkit, but it was quarantined and the problem is still occurring. I also have MalwareBytes Anti-Malware, and when I run a full scan it does not detect anything.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Puta Muerta at 19:16:45.56 on Thu 12/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.428 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 091203-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:&#... Read more

Answer:Random popup / fake virus software ads / Google search links lead to malicious websites

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 57.4%

[ By Elinor Mills who covers Internet security and privacy.]

LAS VEGAS--Two researchers from Israeli security firm Radware have figured out a way to trick computers into downloading malware or take over a computer by hijacking the communications during the update process for Skype and other applications.


More below -
Using software updates to spread malware | InSecurity Complex - CNET News

More replies
Relevance 57.4%

Using Software Updates to Spread Malware

Using software updates to spread malware? The tool works by scanning a nearby Wi-Fi network and checking for computers sending a software update request and then the tool replies before the update server can respond. The researchers were even able to send out fake messages indicating there is a new system update available tricking computers into downloading malware. Now that is downright scary.

Two researchers from Israeli security firm Radware have figured out a way to trick computers into downloading malware or take over a computer by hijacking the communications during the update process for Skype and other applications. About 100 applications, many among the most popular on CNET's Download.com, can be targeted.

More replies
Relevance 57.4%

Quote:
LAS VEGAS--Two researchers from Israeli security firm Radware have figured out a way to trick computers into downloading malware or take over a computer by hijacking the communications during the update process for Skype and other applications.


more..

Answer:Using software updates to spread malware

Oops! Skype users, be careful. I guess AV companies will come up with updates soon to fix this issue.

1 more replies
Relevance 55.35%

Ok, So I have NO idea where the virus came from, I am also extremely tech savvy, Most of the time.

I am smart enough to run ComboFix and de-code the my self, But combo fix does not run on Windows 7 64 bit.


Here is some logs i have put together

MalwareAntibytes
SUPERAntiSpyware Pro.

They will be available in text files as attachments.

I have not done a HiJackThis yet.

If you like for me to do a HiJackThis please tell me so.

Video Of My Problem:

hxxp://yfrog.com/73capture4z

Answer:Viruses Redirecting Links and Preventing Loading Of Pages

Here is the DDS Log and The Attach.zip


DDS (Ver_10-11-05.01) - NTFS_AMD64
Run by Ryan at 11:18:28.21 on Sun 11/07/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.5887.4150 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\NlsSrv32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:... Read more

18 more replies
Relevance 55.35%

Dont have a dds log because it hangs at the end of running it and doesnt finish then computer is unresponsive including mouse and has to be switched off.

gmer log is attached....help

thinkpad T43 laptop with xp pro

Answer:search hijack, pop ups not found by malware virus software

Hello, fluffy04.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksShould you still require assistance, please take note of the points below:Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad. The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.Please do not install, update, or run any programs for the duration of the fix.If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.If you are running Vista, please run all the fixes as an administrator. This is done by ri... Read more

3 more replies
Relevance 55.35%

I have IE 8.0 and Netscape 8.1.3 on Windows XP (media ed). Both browsers have the same problem. Google searches' links are redirected. The first link clicked works, but subsequent ones are redirected. There is no other unusual activity. The redirection does not occur with a proxy server using google.

I have tried Norton, Trend Micro PC-cillin, Malware Bytes, and Spybot S&D. None of these detect any malware and none solve the problem. The DNS is automatically obtained.

I have looked through the forum, and there appears to be a number of people with similar problems, but the solutions offerred (if not too specific) have not worked.

Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:18, on 7/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmo... Read more

Answer:IE/Ntscp search links redirected, no malware found, no solution found in threads

11 more replies
Relevance 54.94%

Hi All,

For the several months I've been having trouble opening links, mostly from emails. I've learned that when I go to "Start" and click "Run" and enter %Temp% (someone once told me that brings up all your temp files)...its opens and lists temp files, that after I delete as many as it allows, that the links open up quicker. There's some types that won't delete (DF9601.tmp)...and there all listed as being in the "locals~1" file

I've tried to delete that file but no luck...what a pain.

Any help?

onevoice1255
 

Answer:Solved: Temp Files delaying/preventing links from opening

16 more replies
Relevance 54.94%

Earlier today...about 12 long hours ago...I had a sudden string of non-stop, hard-to-kill pop-ups while browsing using IE7. Most of them were fake anti-virus alert pop-ups. As soon as I got all the pop-ups killed, I tried to run malwarebytes but it would not run (no error, no window, nothing happened). I then ran ccleaner just to clear out the cache in hopes it was something simple. I then decided to run a full AV scan using Trend Micro which is my default AV software and firewall. It would not run either - the interface would not open, no errors given. I ran Hijack but didn't see anything odd (although I am not an expert obviously). Then the fun began...

I searched for something on google using IE7. The google.com page is fine and I can type in my search terms but hitting enter returns a blank white page. I did a little experimenting with various search engines (google, yahoo, MSN/bing, altavista, and dogpile) with IE7, Firefox, and Opera. In every case, the same result - blank white page when search results are expected. In Firefox and Opera, I can see the search results if I set page style to "no style" (Firefox) or to "user mode" (Opera). Any web page that is not search results is fine.

I checked the source on all of these pages and they all have this as the very top line:

<div id="lasbd128cf8dsa" style="height:3000px;width:2000px;left:0px;top:0px;position:absolute;z-index:99999;background:#FFFFFF;"></div>... Read more

Answer:Unknown virus blocks all search engines and AV/malware software

Sorry guys, I couldn't wait. I know that you're quite busy and so I took this on myself since this ain't my first rodeo. After about 30 hours of research and running about every antispyware and antivirus logging program I could find and researching every unlikely looking file or registry entry, I found a very ugly variant of TDSS hidden away and holding on tight. I did a lot of removal manuevers, ended up with UBCD4Win to drag out most of it. In the end, I decided that this computer was compromised beyond my liking and so I went the 'nuke it' route. A complete hard drive wipe and Vista re-install. Now I can sleep better at night.

By the way, I have decided that my original problem occured because my Trend Micro internet security stopped working on the renewal date of July 31. I understand not giving me any updates when I don't renew but I own the dang software. Trend Micro shuts down and doesn't do anything at the end of your "subscription". That is crap. For some years, I have considered Trend Micro to be the absolute best AV software but no more. That's all I'm gonna say about that.

Anyway, you can ignore my plea for help. IMHO, wipe and re-install for major corruptions is the only way to go. Thanks much...

2 more replies
Relevance 54.53%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 54.53%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 54.12%

Google searches redirect to other websites.Windows Vista Firewall turns off every time computer is booted, have to manually enable it.Unable to update Free AVG from either the program or the website itself. Receive errors "connection with update server failed."Anti-virus sites disabled, receive "Site not found" errors.Unable to post to HijackThis forums, site redirects. Thank you for any help you can provide.DDS (Ver_09-02-01.01) - NTFSx86 Run by Michelle at 11:55:38.39 on Tue 03/10/2009Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.916 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServ... Read more

Answer:Google search redirection malware/unable to update virus software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 54.12%

Links from all sources don't work any more.  New tabs open it just tries to load data.  Nothing comes of it.
Also, a lot of applications are saying that I'm not connected to the internet, but that of course is not true as I can navigate if I type in some addressed directly in to the URL bar.
I have Win 7 serv 1 running on a PC.
I have Kaspersky and Malwarebytes Anti-Malware
Kaspersky says I have 3 threats: w8hook.dll , backup files 2.zip , remote access Host , all legal software that it doesn't like.  Unfortunately, it doesn't tell me what app they belong to, so I can't uninstall and I don't want to "Fix" them as they may be for an app I need.
 
P.S. I ran combo fix by accident first.
 
DDS
===============
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.55.2
Run by Da Jules at 14:50:26 on 2014-09-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8055.6255 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\... Read more

Answer:All links don't work anymore - e.g. Google search results links won't connect

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first t... Read more

2 more replies
Relevance 53.71%

I've somehow got some malware/ trojans/ viruses, whatever you may call them, and I'm unable to update my spyware/ anti-virus software. I currently have Spybot, Zonealarm pro, ad-aware pro and a recent download of the free avg anti virus...all of which are outdated. Can anybody please assist in the removal of these things causing the problems?

Thank you!
 

Answer:virus preventing updates

Welcome! to MajorGeeks.com!

Please follow the instructions in the READ & RUN ME FIRST link given further down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in Safe Mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid additional delay i... Read more

3 more replies
Relevance 53.71%

I'm having startup issues with a Windows 10 Build:
Cumulative update for Windows 10 ver. 1511
KB3192444. (I hope I copied it correctly).

Before this update is installed the problem doesn't exist, after it's installed it does.
I posted this issue here but have not gotten any help.
Because windows 10 automatically installs updates I needed to go into Group Policy Editor-Computer Configuration-Windows Components-Windows Update and set it to
"Notify for download and notify for install"

But, when I go back into settings for windows update advanced settings, the choose how updates are installed has remained with the same 2 options.

How can I be sure that Windows 10 does not install this update????
Does changing this setting in GPE work ok?

Any help will be appreciated,
James

Answer:Preventing Auto Updates

Hi, to hide (stop) a particular update see:
Windows Updates - Hide or Show in Windows 10 - Windows 10 Forums

3 more replies
Relevance 53.71%

Hi,
Right now i have about 56 updates pending, most of them office updates, and a couple of Windows updates.
I've discovered that a update is preventing my PC from sleeping, as when i do a system restore back to before i updated my PC will sleep, and then instaill them again my PC wont sleep.

I'm assuming its a windows update rather than an office update causing this problem.
Is there a better way to see which update is causing the problem rather than instailling each update, one by one?

More replies
Relevance 53.71%

I'm having startup issues with a Windows 10 Build:
Cumulative update for Windows 10 ver. 1511
KB3192444. (I hope I copied it correctly).

Before this update is installed the problem doesn't exist, after it's installed it does.
I posted this issue here but have not gotten any help.
Because windows 10 automatically installs updates I needed to go into Group Policy Editor-Computer Configuration-Windows Components-Windows Update and set it to
"Notify for download and notify for install"

But, when I go back into settings for windows update advanced settings, the choose how updates are installed has remained with the same 2 options.

How can I be sure that Windows 10 does not install this update????
Does changing this setting in GPE work ok?

Any help will be appreciated,
James

Answer:Preventing Auto Updates

Hi, to hide (stop) a particular update see:
Windows Updates - Hide or Show in Windows 10 - Windows 10 Forums

1 more replies
Relevance 53.71%

Hello
 
I recently did a fresh install of Windows 7 on my PC. I guess I forgot to install any AV until I was prompted to by Windows Update, which if I remember correctly, did install OK originally. Normally I would have installed AVG and MB, but I've had quite a few PC problems recently and so was a little haphazard, I can't remember whether I actually got MB installed prior to these problems or after. Anyhow, recently I started up my PC and upon starting got a message that MSE couldn't start because of error occurring during initialization, Error 0x80073b01.
 
I found a similar topic here and have run a few of the programs, most optimistically Hitman Pro, which found a couple trojans and malware items and deleted them. But I still have this issue with MSE that it can't load, can't be reinstalled and can't be uninstalled.
 
Other symptoms: Malware Bytes icon on my desktop went from being their logo to a generic .lnk/shortcut image and wouldn't load. I managed to reinstall it after using safe mode and using mbam clean to get rid of the mbamext.dll that wouldn't delete normally. I now have MBAM on my desktop and I can run it, but it won't get the latest updates (it appears to download them, but then says the db is missing or corrupt) and it won't let me do a scan.
 
I have been trying to copy some files to an external HD, but the ones with Security in their name can't be moved.
 
It seems like something is definitely running in the background ... Read more

Answer:Malware preventing MSE and Malware Bytes running?

Try running in Safe Mode and doing a full system scan with your antivirus.  You could also try a System Restore.  

2 more replies
Relevance 53.3%

When I click on a google link or even a bing link my page gets redirected to places like spyware scanner and fake search engines. I know its a virus or some sort of malware/ Spyware. It only takes control on links.

If you type something in the address bar or sometimes just open it in a new tab your fine. This happens in both IE and Firefox. I am running windows 7 and I have had no other problems. I have scanned the computer with spybot and avg 9 both in safe mode and in normal mode still nothing. Here is my hijack This! log.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 6:52:24 AM, on 12/23/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support

Running processes:
F:\Windows\Explorer.EXE
F:\Windows\system32\ctfmon.exe
F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
F:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink... Read more

More replies
Relevance 53.3%

hello everyone,
my sons laptop has acquired a virus. (an acer aspire 5100 on xp)basically it is preventing any windows updates & any security scans. It is clever; for example if i attempt trend micro house call i get blue screen & the pc shuts down immediately. When i reboot it refers to fat32 as follows:
checking file system on c the type of the file system is fat32.

i have current subscription to trend micro internet security for three pc's but can't download due to the virus.
i am not a "power user" but i am capable of starting the the laptop in safe mode & carrying out basic tasks.(but it appears to be stopping that unless i'm doing something wrong with the "f8" key)

how serious is this & is there the idiots guide to a resolution?
thanks for looking bob (uk)
 

More replies
Relevance 53.3%

I have a Compaq desktop at home running Windows 7 Home Premium. My girlfriend has a user account on it that she uses from time to time. She sometimes needs to restart the computer. When she tries to do that, many times the shut down screen shows "Install updates and Restart" as the default action. Is there a way to eliminate that option for her account or at least make Restart or Shutdown, without installing updates, the default choice? She is careful about changing the option, but I am concerned she might slip up one time.

I have no desire to upgrade to Windows 10 at this time (Yes, I know the free upgrade offer is supposed to end at the end of June). On my account, I manually go through the list of new available updates and remove any that are related to preparing the computer for Windows 10 or actually downloading and installing it.
 

More replies
Relevance 53.3%

i keep getting this message. i have already disabled automatic updates through group policy editor.

Answer:updates preventing my computer from shutting down

With this batch script you can automatically close apps not responding at shutdown in windows. Please execute the batch script as a administrator.

1 more replies
Relevance 53.3%

What can I do to prevent updates from preventing me from using my computer?
Apparently whoever designed Windows update never considered the possibility of people using small SSD drives that only have a fraction of the space required to run applications. Everything worked under Windows 7, although I did have to do some tweaking to get it to install apps directly to drive E: (my multi-terabyte hard drive). After installing Windows Update, I had to do the same registry tweak to make it install programs on drive E:, and it worked fine the first six weeks or so, but then it started routinely breaking one or two of my applications with each update. The problem was initially tedious to fix, but I eventually got everything working. However, I was not successful at getting Windows to comply with running my Chrome browser from E: I finally relented, and moved as many of the commonly used apps to drive C: (the SSD) and consequently had to set the cache size smaller. Everything was fine for another month or so.
However, beginning sometime in November, Windows updates started failing. It schedules an update, runs the update, reboots my computer, says the update failed, and reboots the computer again, uninstalled the update, and then it works. This was an annoyance, but since it only happened once a month, I put up with it.
Recently however, Windows has started retrying updates every few days, and doesn't bother warning me in advance or asking my permission. It just unceremoniously shuts... Read more

Answer:What can I do to prevent updates from preventing me from using my computer?

In updates, there is a setting to schedule restart, usually 3am. Can you check that setting is enabled?

2 more replies
Relevance 53.3%

Oops! I posted this earlier in the incorrect subforum, if someone could delete that thread (found here) I would apprieciate it. Recently I've contracted the MyWebSearchService bug (mwssvc.exe) and since have found myself in a bind. Every time I click a link in google a new tab appears (FF) redirecting to some godforsaken site. Steam also cannot run (I could honestly ignore the web redirection and live with it if not for this problem ;\ ) and crashes constantly (details here). I've tried Avast! 4, fixwareout, AVG, etc to correct the problem, none seem to do the job. Below is my HiJackThis log. Note the "O2 - BHO" files are appear new, probably from Avast! or another friendly program. I will dutifully await responses/guidance, but one thing I must mention: I will not update windows past SP1, so please take that into account when you post any help you might offer. Thanks!EDIT: Another note: Internet Explorer seems to be a part of the bug, its constantly open when I check my running tasks yet its not available to alt-tab to. :shrug:=========================================================================Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:30:16 PM, on 6/19/2009Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svcho... Read more

Answer:MyWebSearchService virus, redirecting google links and preventing Steam usage :( *HiJackThis log included!*

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 52.48%

I have a paid version of AVG Internet Security 2012 which commenced in August 2012. I've had paid versions in the previous two years and until the last two months have had no problems.
In the past few days when I switch on my PC (Windows XP with Mozilla Firefox browser, wired connection with BT) the automatic AVG update will not proceed, nor will a manual attempt.
Within a few minutes of switching on the following Windows warning box appears on the screen:
'The software you are installing for this hardware - Non-Plug and Plug Drivers - has not passed the Windows Logo testing to verify its compatibility with Windows XP. Continuation of installation of this software may impair or destabilise the correct operation of of your system either immediately or in the future.'
Two options are then given: Continue anyway or Stop installation.
The updates waiting to be downloaded are all version 2238 of the the following: Alert Manager; Anti Rootkit Driver; Anti Spam Component; Scanning Engine; Set Up Component; Kernel components; E-mail Scanner; Firewall Component; User Interface Component; Identity Protection; Language Files (English); Online Shield (Settings); Resident Shield Scanner; Link Scanner HTTP Redirector; Systems Tools Component; TDI Component; Pc Analyzer; Update Component.
If I click on 'Continue anyway' the system attempts to download the updates again but aborts very quickly and the same warning notice appears. If I do nothing the warning notice remains but my AVG page sa... Read more

Answer:Windows preventing paid AVG updates download

I'd recommend putting this to AVG in the form of an email. Even copy and paste what you posted here.

2 more replies
Relevance 52.48%

Hi,
Since an automatic update on my computer, my computer will not access the internet. I have tried to resart the computer to a previous point pre-updates but now it will longer do this either. So i am a stuck. Can you help?

Thanks

Answer:Automatic updates now preventing access to internet

Quote:





Originally Posted by duncan hill


Hi,
Since an automatic update on my computer, my computer will not access the internet. I have tried to resart the computer to a previous point pre-updates but now it will longer do this either. So i am a stuck. Can you help?

Thanks




I have a similar problem. Bun not from automatic updates. I updated Adobe reader(it says "Install security update). Since then It appeared in system Tray an yellow triangle with an exclamtion mark on it. If I click on it, it disappears, but my network connection has stopped working. It connects normaly, but the computer works like it would not be connected to the Internet. I unistaled the update, but the problem reappeard after 2-3 days. Now it looks that it is all OK, but I do not know what am I suposed to do.

7 more replies
Relevance 52.48%

I was going to download Norton 2009 antivirus, but the setup said that the computer needed and upgrade. I proceeded to the windows update to check. Sure enough I needed windows service pack 2. I tried to download this but got the error 80072efd. Its not the firewall, but i also realized that I cannot download it directly from the windows update website. I am really confused and need this antivirus cause my computer is infected at this time. All help will be appreciated.

Answer:error 80072efd is preventing me fom downloading updates

hi and welcome to TSF the first thing you should do is go here
http://www.techsupportforum.com/f50/...lp-305963.html and get help for your infection and then see about antivirus i would not choose norton or mcafee as they can cause issues with vista

3 more replies
Relevance 52.07%

For some reason, whenever windows 8.1 updates, internet explorer stops working. Every time I try to get on the internet, I just keep getting a message that 'this page cannot be displayed'. Skype still works, so the problem seems to be internet explorer itself.

I have decided to switch to google chrome to fix the problem, but I can't do so without getting on the internet.

I would like to restore the computer to a point in which it worked, and I have one restore point which I'm certain will work, but the problem is, immediately after restoring, windows automatically updates, which kind of undermines the entire purpose of the restore. I have tried changing the update settings so it will restore without updating, but as soon as the system restores, my changes are undone and windows then proceeds with the stupid updates.

I just want to get on the internet somehow to install google chrome! (and no, I can't just copy and paste from the computer I'm currently on because this one has windows 7).

Any ideas?

Thanks,
smile puppy

Answer:Windows Updates Preventing Internet Explorer from Running!

Unplug your router, then do your system restore. You then have as much time as you need to configure Windows Update not to auto check.

2 more replies
Relevance 52.07%

I am not able to install the windows updates>>used Express and got like 72 updates required. dloaded all but NONE installed.. got this message>>

A problem on your computer is preventing updates from being downloaded or installed

any help on this? this is after a windows XP install/repair

thanks, bo bo bolinski
 

Answer:A problem on your computer is preventing updates from being downloaded or installed

Re: A problem on your computer is preventing updates from being downloaded or install

no help on this? I am suprised! do I have to do the HJT routine or does someone have an easier solution??

thnx, bo bo bolinski
 

3 more replies
Relevance 52.07%

Hi

With Windows 8.1 Update, how do I prevent all users that the notification of any updates to the apps by Microsoft Store will never be displayed?

Thanks

Bye

Answer:Preventing the notification of any updates to the apps by Microsoft Store

This should cover it: Tech Blog :: Enable/Disable App Notifications In Windows 8

1 more replies
Relevance 52.07%

I have 93 updates for XP & Office 2003 which I cannot install. I have stopped and re-started the update service & tried everything else I can find on the web.

I would be very grateful for any help anyone can provide!

Answer:A problem on your computer is preventing updates from being downloaded or installed

Is your windows update allowed to install updates automatically? Check your settings in the security center. I hope you are updating via a broad band connection. Also does windows download the updates and stalls have way thru the installation? During the install of the downloads, Windows will ask you to accept certain agreements. You may not be seeing these and think Windows has stopped installing. Windows will not move forward unless you respond to these agreement. When downloading be sure all the downloads are complete and upon the installation part, Minimize your screen to see these agreements. IE7 download and install is one of the biggest culprites. It hides behind your Download and install screen.
Hope this helps.

5 more replies
Relevance 51.66%
Question: Preventing Malware

I am not sure the best place to post this. I am trying to find a secure method of moving files from home to office. Our office has a rule stating that you should not bring a thumb drive into the office from home without going through IT. This is to prevent infecting the work network. IT can run a Symantec scan on the USB device but is still not in favor of using the USB due to what might not be caught on a scan.

Any ideas of methods that IT might be willing to implement that allows the convenience of USB drives and the security that IT needs. I am in the position of greatly influencing this research if I had a direction to suggest. Of course IT would be researching in order to feel confortable. Thanks in advance. If there is a better forum for this question please advise.
 

Answer:Preventing Malware

There is not a lot that you can do to insure that any USB device is clean without running scans on them. Your IT department would have to insist that all employees install programs such as AutoEater on their home computers and scan them with something like USB Vaccine. But that would require faith that all employees took these measures.
 

2 more replies
Relevance 51.66%

Bing search front page is locking up. Search is still possible, but none of the clickable links work! The cursor doesn't even change from an arrow to a pointer finger on a mouseover. It's frustrating to lose that capability all of a sudden. The weird part is that in the few seconds between the lower "bar" rising and docking itself, the links work as normal. Once that bar is in place, the page is dead, save for the direct search capability. The "bar" (for lack of a better word) is that thing that comes up with "Popular Now" "Search History" "Images" etc.The little nuggets of wisdom for the daily image don't come up either.Any ideas?Firefox 18.0.1, Windows 7 32bit.

Answer:Bing's front search page links lock (search still works)

Bing's homepage is powered by JavaScript, so if you're using something that blocks JavaScript, like NoScript, you won't see anything. Try the page though FireFox's safe mode. If the page works like it should, you have an extension that's breaking things.How To Ask Questions The Smart Way

8 more replies
Relevance 51.66%

when i click the links in google search result page it redirect's to www.search-daily.com

can any one help me to remove this BHO

thanks in advance.

Mogun.

Answer:Google Search Result Page Links Redirects To Www.search-daily.com

Welcome to BC mogunWhat OS (Win XP/2000, etc) are you using? What type of anti-virus are you using? Have you performed any anti-spyware scans? Have you tried doing your scans in "SAFE MODE"? Are you doing scans while logged into the Administrator's account or an account with administrator privileges?.Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet. Please download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)Under "General and Startup", make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Under "Configuration and Preferences", click the Preferences button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "SAFE MODE" using... Read more

3 more replies
Relevance 51.66%

DDS.txt Log is below and Attach.txt is attached with this topic.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jigi at 18:43:11 on 2012-03-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.1313 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32... Read more

Answer:I use Bing search and search links redirected to http://dailyprize-winners.com

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Ba... Read more

9 more replies
Relevance 51.25%

Hello all!Firstly, thank you so much for running such a magnificent site with such detailed and easily understandable instructions. I direct everyone I know to this site once they become infected--you offer such useful tools and great suggestions. Anyway, onto my problem. I'm working on a friend's laptop that was infected with System Check. (Boo!) The computer is unable to connect to my wireless, nor his wireless at home and the Windows diagnostic tool is of no help in that area. So everything I'm downloading to run on his computer, (rkill, gmer.zip, etc.) is being downloaded on my computer and transferred via flashdrive. Everything is being run on this computer while it's in Safe Mode with Networking. After going through the steps per the removal guide for System Check, I discovered that the infection was a lot tougher to remove than previously thought. It has kept MalwareBytes from being able to update, and I had to initially rename both TDSSKiller and MalwareBytes installer with single word names so that the malware wouldn't stop the process from running. When trying to run MalwareBytes after going through the guide with Rkill and TDSSKiller (which found no infection,) I receive an error from MalwareBytes that states: Program_Error_updating(11004,0,No address found)I am unsure if this is related to the rootkit, or if the rootkit is preventing the update due to the wireless connectivity issue. So I suppose my questions are thus:1.) Is the rootkit... Read more

Answer:TDSS infection preventing updates to MalwareBytes/Internet connection

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated f... Read more

18 more replies
Relevance 51.25%

When doing google searches in Firefox or IE the links will get redirected when clicked on.
When the redirect is happening www.search-tracker.net appears in the bottom bar of firefox and the page displayed is wrong.
If I copy the link from the page (right click/copy link location) and paste it into the tile bar it always works correctly.
AVG does not show any issues.
Comcast cable network offers free install of McAfee security suite that I use to run.
When this issue showed up I found I could no longer do a virus scan with McAfee as the computer would reboot when the scan started.
All the management functions of McAfee worked fine but start a scan and the computer reboots.
I uninstalled McAfee and installed AVG.
AVG did one round of cleaning and now can't find anything.
I don't remember what AVG found other then tracking cookies. If it leaves a log behind that may still be around.
I have tried to install and run Malwarebytes' Anti-Malware.
It seems to install fine but will not run. Double click the icon and nothing.
I have uninstalled and reinstalled several times but nothing. Never tries to do the update either.
I have uninstalled and reinstalled Firefox but that did not help.
I just copied the the mbam.exe file to a new name and double clicked that and it started up. Cool.
I have attached the attach.txt file.
The Malwarebytes run finished. 1 Trogan.Agent was found. I have attached that log file also.
I will send this and then have Malwarebytes remove it. I will then ... Read more

Answer:Links in google search results get redirected / www.search-tracker.net

Hello dchoyt,Uninstall these old versions of Java, as they are malware magnets. Java™ 6 Update 2Java™ 6 Update 3Java™ 6 Update 5Java™ 6 Update 7Java™ SE Runtime Environment 6Java™ SE Runtime Environment 6 Update 1We will run ComboFix. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member. You need to disable your AVG Antivirus before running ComboFix, as it will prevent it from running. To disable AVG antivirus: Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this ... Read more

15 more replies
Relevance 51.25%

when i click on google hyperlinks i get redirected, my laptop won't go into hybernate anymore when i shut the lid even though i have it selected to do so in the power option. I also started getting a lot of advertising emails. this all started at the same time a few weeks ago. i have symantec and the scan found 2 backdoor.trojan viruses (syssvc.exe and asam.exe) both cleaned by deletion but still have the same issues. can you help?DDS (Ver_10-03-17.01) - NTFSx86 Run by dave at 18:34:17.00 on Mon 07/05/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.216 [GMT -8:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Symantec Client Security... Read more

Answer:google search result links are re-directed to other search sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

12 more replies
Relevance 50.84%

Is it possible to stop any software from installing on a Windows 7 PC without an Administrative password?
 

Answer:Preventing unwanted software

Password or Prompt? A non-admin cannot install software so if someone is installing something ( I read children in here somewhere) downgrade their account
 

1 more replies
Relevance 50.84%

Hello,

I manage several Windows XP computer systems. How do I prevent people from uninstalling corportate software on them?

Thanks.

Answer:Preventing uninstallation os software

Only give them certain permissions/privileges!

For example make sure that if they log into a domain don't put the domain accounts into the Administrators or Power Users group in the User Accounts.

If you need any more assistance in how to access these features within XP... Please don't hesitate to ask.

6 more replies
Relevance 50.84%

Seems I have a nasty virus/malware which is preventing just about everything I try to do to exterminate it, even in safe mode. Progress has been made, but it has been extremely slow and has hit a wall. It started with over half of the sites I tried to visit getting redirected to various sites claiming to be able to disinfect my computer and such, as well as several virus warnings from Symantec. After noticing this, I tried running Spybot, but it wouldn't open. After I renamed the executable file, it ran, but would not connect to the internet for updates. The same problem occurred with Malwarebytes' Anti-Malware and HijackThis. Also, the website for Spybot would always get redirected to another one of the above-mentioned fake sites.

I ran the scans without updates in safe mode hoping they would still be up to date enough to handle the problem. They did held to fix the problem of website redirection and updating Spybot and Anti-Malware, but they and HijackThis are still unable to run as their native (non-renamed) executables. I don't know if the more annoying problems will resurface later, but I want to be sure that the malware is off of my computer.

EDIT: This appears similar to be the Google hijacker that others on this forum are experiencing

ANOTHER EDIT: The main annoyance is back. Google search results are being redirected again. :-(
DDS (Ver_09-06-26.01) - NTFSx86
Run by Aaron at 20:52:13.84 on Sat 06/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.... Read more

Answer:Malware preventing countermeasures

Hello AlfaWolf04,Delete these old version of Java, as they are malware magnets.Java™ 6 Update 2Java™ 6 Update 3Java™ 6 Update 5Java™ 6 Update 7 Please post the last Malwarebytes log so I can see what it is finding. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire MBAM report in your next reply

7 more replies
Relevance 50.84%

I've heard mention on other forums that for XP Pro there is stuff like EMET, Software Restristion Policy, Hosts File, etc., that will prevent installation of malware like OpenCandy, YellowMoxie Redirect, and so on. If true, I'd like to know more (a lot more) about this! Advice? Links? Anything at all appreciated!

Answer:Preventing malware installation

 There are supported antivirus and antimalware programs for XP if that's what you're looking for.  They're pretty much the same ones you can get for later versions of Windows.
 Of course MS pulled the plug on the last of the Windows updates for XP back on 4/8, so it's going to become more and more vulnerable to attacks over time.  My recommendation is to either upgrade to Windows 7 or 8 or go with Linux.  The Mint and Ubuntu versions of Linux run very well on computers that run XP, and they just boot up, find your devices, connect to the Internet, have a Windows like user interface, and come with Firefox and LibreOffice.  AND they're supported.
 
Good luck.

8 more replies
Relevance 50.84%

I have some form of malware that is preventing me from installing and running Super anti spyware, spy-bot and malware bytes. I keep getting an error window with the following message. " The instructions at "0x7c8841ee" referenced memory at "0x00000000", the memory could not be written" then an end program button.
Ad-Aware seems to be the only program that I can run and it finds "win32trojant.dss"
Attached is my HJT file
any help or direction would be appreciated, thanks
 

Answer:Malware preventing me from installing

Please at least attach logs from running Combofix and MGTools. You didn't mention whether you had problems running those so I assume you have logs from them.

Thanks
kes
 

14 more replies
Relevance 50.84%

Hello,

It seems that my computer as been infected by a nasty virus/malware since yesterday. I have tried to eradicate it with ComboFix but it keeps resuming its activities.

The initial symptoms was no access to Web in Chrome: Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error

However I had web access via IE and Firefox.

Also HTML content was not anymore displayed in Outlook (images displaying red cross).

Then I could not install any new software, seems like the access to Registry was blocked somehow.

I managed to install MBAM but it won't update it's 68 days old signature file.

Even to start the GMER I had to go back to safe mode because it would not start.

Below are the following logs:
1. The last instance of ComboFix (Sorry I did not know about this website and the rules when I ran ComboFix, so I thought I would post the log for info)
2. The defogger log
3. The HIJACK THIS log
4. The DDS log (plus the Attach)
5. The GMER log (I had to run it in safe mode because in normal mode I have the error: LoadDriver ("C:\Document and Settings\Alex\Locals~1\Temp\kwlorpod.sys" ) error 0xC0000034: The system cannot find the file specified.

Thanks in advance for your help.

Alex

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:57:15, on 26/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\... Read more

More replies
Relevance 50.84%

When I search on google and try to click on the link it get's redirected to another search site. I did have a copy of ulead video 9 that I used a pn off the internet, but then I found my pn so I deleted the program and have not reinstalled yet.


DDS (Version 1.0) - NTFSx86
Run by Lori at 12:26:31.78 on Tue 11/18/2008
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3006.1801 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\... Read more

More replies
Relevance 50.84%

Have run Malwarebytes and clean a bunch of stuff. That seems to have fixed the majority of the problems. Then ran tdsskiller.exe which found a rootkit and clean it up. Now both of these seem to indicate that there are no prolems but I am still getting redirected from search results using google. DDS (Ver_10-03-17.01) - NTFSx86 Run by bdean at 15:54:08.60 on Fri 07/16/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2974 [GMT -4:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\System32\Novell\XTAgent.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\WINDOWS\System32\svchost.exe -k eapsvcssvchost.exeC:\WINDOWS\System32\svchost.exe -k dot3svcC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exec:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exesvchost.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\IBM\Lotus\Notes\nsd.exeC:\Program Files\Mc... Read more

Answer:Google search links redirect to Scour Search

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

16 more replies
Relevance 50.43%

A friend of mine has her kids downloading music, movies and copying pics off the net 24/7, she has just re formatted and already half of the hard disk space is taken up by all this c**p. So does anyone know of a free decent program that can prevent downloades, software installations etc, her kids are limited users on xp, and she is the only admin, but they can still download and install stuff. Even if they can download things, is there a program that password protects files that have been downloaded. Please can anyone help, my friend is at her witts end. She has win xp home sp2. Thanks for any help in advance.

Answer:Free software for preventing downloads etc

not sure if cybersitter or netnanny might be what you are looking for.they are NOT free but do have a trial version which runs for i think 30 days. might just shock the kids into behaving if they think they are gonna lose access.other thing to do is to stop access to the internet on the kids accounts. create a new user with internet access but dont reveal the password, log on for them and log off when you go to bed or whenever you think they have been on enough. copy and paste the downloads, let them then login to their own accounts and play the music etc.not ideal i know but i think you are pretty limited on a XP Home version.others on the forum will know better than me on this one.good luck

10 more replies
Relevance 50.43%

I tried but failed to find a tutorial that will allow me to prevent a program from accessing the internet. I recall it had someting to do with inbound/outbound firewall process.

thnx.

Answer:Preventing Software Connecting To Internet

This tutorial may help: Windows Firewall - Add or Remove an Exception

9 more replies
Relevance 50.43%

I've tried everything I know how to do (which admittedly isn't much) and I'm hoping someone can help. I've run Spybot, Malwarebytes, and AVG. They all say they detected something called Astromedia and removed it, but now my computer is running worse than when I started. Every time I open my browser or a new tab it acts like it's not connected to the Internet until I reload multiple times. Can someone please help? My system info is below.
Thank you!
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD A10-4600M APU with Radeon(tm) HD Graphics, AMD64 Family 21 Model 16 Stepping 1
Processor Count: 4
RAM: 5609 Mb
Graphics Card: AMD Radeon HD 7660G, 512 Mb
Hard Drives: C: Total - 590202 MB, Free - 403986 MB; D: Total - 19972 MB, Free - 2166 MB;
Motherboard: Hewlett-Packard, 18A6
Antivirus: AVG AntiVirus Free Edition 2015, Updated and Enabled
 

More replies
Relevance 50.43%

Hello,
I have recently developed a problem when I play games on the Pogo & Slingo websites as I have done for many years. I recently started getting a popup to download some antivirus software called 'winsuperantispyware' which I knew was bogus, so I did my best to ignore & get rid of it. Anyway, shortly afterward I began having problems with java on both sites & on Pogo, it said my java was not working or I had a 'bug' in my cache. I decided to run all my clean up programs including Smitfraudfix & Superanitispyware & I am still getting an error message when I try to play my beloved games.
I spent time reading through some of the related forums on this subject at your site yesterday & so I even tried to download Mozilla Firefox & when I did that, I got the 'winsuperantispyware' popup at the time when my selected game is downloading which I believe tells me that this malware is preventing me to play games with java on any browser. I have tried relentlessly to solve this problem on my own & I am having no luck , so I hope you guys can help me get rid of this nasty little pest!
Here is my Hijackthis file:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:37:59 AM, on 9/30/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\s3trayp.exe
C:\Program Files\CyberLink\Powe... Read more

More replies
Relevance 50.43%

I hope I'm posting this to the right spot... this website is pretty confusing...

McAfee will not update and I cannot access the McAfee site. Instead, I get redirected to a pseudo site. I had something similar happen on another computer using Kaspersky. I am running Combofix now. Is there someone who could help me read the log?

Answer:Malware preventing McAfee from updating

DO NOT EVER run Combofix on your own and without supervision of an expert. It can seriously damage your system and make it unbootable. DO NOT post the log here.Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopmePlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and y... Read more

1 more replies
Relevance 50.43%

My computer has been acting strange for a while, but I couldn't ever pin it on malware.  My clock doesn't sync even when I change the server.  I got really suspicions when I connected to a new wireless network and got the following error message:
 
Cannot connect to the real www.google.com
Something is currently interfering with your secure connection to www.google.com.
Try to reload this page in a few minutes or after switching to a new network. If you have recently connected to a new Wi-Fi network, finish logging in before reloading.
If you were to visit www.google.com right now, you might share private information with an attacker. To protect your privacy, Chrome will not load the page until it can establish a secure connection to the real www.google.com.
 
I tried enabling my firewall but got:
 
Windows Firewall can't change some of your settings
Error code 0x80070424
 
I have a backup.  I ran CC cleaner and Junkware Removal Tool.  I'm currently running a full scan of Malware Bytes.
 
I've attached the results from dds.  Thanks for any help!

Answer:Malware Preventing Enabling Firewall

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

2 more replies
Relevance 50.43%

Greetings! I have recently been infected with some sort of malware. It is preventing me from visiting several websites I used to visit often. A few examples:Google, Yahoo search engine, Gmail, Hotmail, Facebook... Just to name a few. When I try to visit any of these sites I receive a browser message "Unable To Connect". I use Firefox.

I run Windows 7 64 bit.
_____________________________________________________________
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tyrantius at 21:05:02 on 2011-08-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.2591 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common File... Read more

Answer:Malware Preventing Me From Opening Many Websites

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

If you did not modify your HOSTS file it has been compromised.


Quote:




Hosts: 184.107.64.187 Google
Hosts: 209.172.56.118 search.yahoo.com
Hosts: 209.172.56.118 Bing




Go to: HostsXpert v4.4
Download the program HostsXpert to restore the default hosts file back onto your machine.
Unzip the program and execute it.
Select
"Restore MS Hosts File".
Close the application.

Restart the computer normally.
===

When the hosts file has been restored.

Please download C... Read more

7 more replies
Relevance 50.43%

I seem to have a particularly pernicious bit of malware that I can't shift.

"Live Security Platinum 3.6.1" is showing in my taskbar, and keeps feeding me fake alerts.

I foolishly googled a "fix", which i suspect is just yet more malware.

I can't follow any of the general fixes because it's blocking almost every .exe from running.

Judging by the lost keystrokes as i type, i suspect there is some kind of keylogging afoot here too.

Help please!

I have older versions of some of the recommended tools installed if that helps - although can't find a way to update or run them... any ideas?

I'm on Windows Vista.
 

Answer:Malware preventing .exe files from running

OK I managed to find a rogue .dll... deleting it let me run .exes again.

I've had a bit of a mixed bag with the recommended utils though.

Hitman blue-screened for me twice in a row, and MBAM crashed during fixes the first time.

I've attached a transcript of what was in the window when MBAM crashed (although some of it's not very helpful because the full filepath wasn't displayed in the window when it became unresponsive) - and a log from when it ran OK the second time.

Any advice?
 

8 more replies
Relevance 50.43%

What do you think about anonymous software, and firefox add-ons like switchproxy and stealther? Do they prevent malware? Do you have any Firefox add-on recommendations for effective internet security?
 

Answer:Question about Firefox Add-ons and Preventing Malware

You can not be anonymous on the internet.
In order for the post office to deliver mail to you, they need to know the address where you accept mail.
In order for the internet to deliver web pages to your computer, a server somewhere needs to know the address of your computer so you can view the pages. Some server (or more than one) knows exactly where you computer is located and what web pages you want to view. If this information wasn't known, you get a 404 error for every page that you tried to load.
The perception that you are anonymous is just that, a perception.

You do not protect the browser; you protect the computer so that things delivered to your computer don't come with nasties you don't want.

The computer needs: a firewall, one antivirus (monitoring in real time), one malware detector (monitoring in real time). You might be able to get two of these things in one program.

To lessen your chance of clicking on something you don't want and installing something not healthy for your computer, you can run noscript in Firefox. This turns off javascript and you are able to turn it on for certain sites either permanently or temporarily. I also run something called WOT (web of trust) which shows me when I use google to search, sites to avoid or to approach with caution.
 

2 more replies