Computer Support Forum

Google redirect and windows update will not load

Question: Google redirect and windows update will not load

I cannot access windows update on my computer, which is running windows vista. I also get a redirect for some Google links (usually only the first result) and when I open my browser a tab for a Walmart gift card opens as well. I don't know if its related to these but a box about my host process for windows services closing has started to appear as well.

Relevance 100%
Preferred Solution: Google redirect and windows update will not load

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Google redirect and windows update will not load

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".information and logs:In your next post I need the following

.logs from DDSlog from RKUnHookerlet me know of any problems you may have hadGringo

11 more replies
Relevance 72.57%

Out of the blue, I got hit with a virus the other day. The most obvious aspect was "Antimalware Doctor", which I have since removed. I've run many scans, including avast boot scans, spybot s&d, combofix, and malwarebytes' antimalware.

Now it seems I am down to the following issues:

I am unable to load the Microsoft Update website
When I run a search in Google, the result links I click often redirect to an ad site
After my computer has been on for a while, I receive a "Generic Host Process for Win32 Services" crash message, which is soon followed by a loss of internet connection

Below are the requested logs, and attach.txt from dds is attached.

Hijackthis Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:39:55 PM, on 12/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AIM\aim.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceServ... Read more

More replies
Relevance 70.11%

Two issues using both IE7 and Firefox3.0.4:1. Google results redirecting via copy-book.com (can be seen connecting to copy-book.com via status bar)2. Windows Update redirects to msn.com------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Malwarebytes' Anti-Malware 1.30Database version: 1419Windows 5.1.2600 Service Pack 316/12/2008 7:06:20 PMmbam-log-2008-12-16 (19-06-20).txtScan type: Quick ScanObjects scanned: 61572Time elapsed: 3 minute(s), 38 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 6Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.105 85.255.112.186 1.2.3.4 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d9d40769-8208-4e7a-936c-859fc057bd18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.105 85.255.112.186 1.2.3.4 -> Quarant... Read more

Answer:Google Copy-book.com redirect & Windows Update redirect

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Thanks and again sorry for the delay.First,Download GMER Rootkit Scanner from here. Extract the contents of the zipped file to the desktop. Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so. If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO. In the right panel you will see several boxes that have been checked. Uncheck the following the following checkboxes: Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Now click on the Scan button and wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.Please note that rootkit scans often pro... Read more

1 more replies
Relevance 68.47%

Hello, Please, please, please help!My computer has been infected and I've tried everything that I know of to get rid of the virus/malware/spy...including Spybot, Adaware, Avast, rkill and Malwarebytes.My computer is running super slow, sometimew windows xp home won't boot at all. And when it does, it takes forever to load.At first I thought it was just the "antispyware antimalware 2011" but now I'm not sure what else is going on.I've restarted, restored, and nothing seems to work.I deperately need your help, but to be perfectly honest, I'm not incredibly computer literate. However, I am excellent at following directions Thanks in advance!DEdit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, due to the absence of any logs. ~ Animal

More replies
Relevance 68.47%

I am ready to do a fresh reinstall of Windows 7 (which I really don't want to do)... I've spent most of the past week trying to eliminate 1) Win 7 Security 2012 malware, 2) Google pages were being redirected, 3) all desktop icons were missing, and 4) Windows Firewall won't run. I used Malwarebytes, SuperAntiSpyware, TDSSKiller, and a registry repair (before coming to Major Geeks).

I first got the Win 7 Security 2012 issue. I thought I fixed it with Malwarebytes and TDSSKiller... but then my Google pages would redirect. I "fixed" that but then my desktop icons were gone. I manually changed some registry entries and they reappeared. Now... I noticed Windows Firewall isn't working (and Base Filtering Engine isn't loaded). I tried using several System Restore points but it couldn't find some necessary file (not sure which one) so it didn't run.

I came here (thanks Jim and Tim for helping me set up my account!) and read all the stickys. I then ran all the programs... although I had problems with ComboFix. It said to disable Antivir Desktop. I had disabled the AV program, but I couldn't disable Antivir Desktop in Services... I would uncheck it, but it would reappear when I hit Apply. I then DELETED Antivir, started ComboFix and got the same "please disable Antivir Desktop" message. Having no choice I let ComboFix run like that. Probably not a good sign.

Thank you in advance for *any* help you can give me!
... Read more

Answer:Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect too

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Hi and welcome to Major Geeks, mistermike40!





I would uncheck it, but it would reappear when I hit Apply. I then DELETED Antivir, started ComboFix and got the same "please disable Antivir Desktop" message. Having no choice I let ComboFix run like that. Probably not a good sign.Click to expand...

This is actually not a big deal. If you uninstalled Avira and ComboFix is still detecting it, that just means Avira's entries are still stuck in the Security Center cache (doesn't mean it's actually active). We'll remove those entries in the upcoming steps.





C:\Users\Carter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\991RG51X\MGtools[1].exeClick to expand...

MGtools.exe should have been run from the root of C:

From Programs and Features (via Control Panel), please uninstall the below:

Java(TM) 6 Update 20

Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]ClearJavaCache::[/COLOR]
[COLOR=&qu... Read more

49 more replies
Relevance 65.6%

Hello Thank you in advance for your help!Here is my situation...Other than the known Google redirect problem (google results aren't what they seem to be) that I've been experiencing in the past few days, I also seem to have a problem with loading google products/services such as Gmail, google maps, google reader, iGoogle, and google translate in Firefox. I don't know if the Google redirect virus is somehow related to this problem. These Google services I've mentioned simply won't load for me. In Gmail, the login screen appears fine but when I enter my username and password, it takes me to the "Loading [email protected]" and just tries to load it for a very long time until finally it says that I have a network problem. Also, I noticed that when I click the "Sign In" button on the Gmail login screen, the status bar on the bottom says: "Transferring data from secariadna.com..." which looks very suspicious to me (I can provide a screenshot of this if requested). The other services (maps, reader, translate) just won't load. For example, when I open a new tab and click on my google maps bookmark (for example) the window remains white and it keeps displaying: "Transferring data from maps.google.com" in the status bar. Sometimes after a long time of loading, the map would eventually manage to load. I also have to note that picasaweb loads without a problem in FF, although it also displays "Transferring dat... Read more

Answer:Google redirect virus + possible additional malware that prevents from Google services to load

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

19 more replies
Relevance 65.19%

Hello,

I am new to this forum, i was directed to come here by searching google. I have a few problems with my computer that i could use some help with, alot of help actually.. I just want to thank in advance anyone willing to take the time to help me, it would be GREATLY appreciated. Below are the problems i am experiencing.

1. When i search using google i get redirected to another site and when i click back it doesn't take me back to google it just reloads the web page i was just redirected to.

2. When i try to update my Windows Xp system using windows update it takes me to a web page that says Internet Explorer Cannot Display The Web page.

3. I get an Application Error message when closing my web browsers, firefox and IE. "IEXPLORER.EXE - Application Error" or a FIREFOX.EXE message.

The instruction at "0x00000000" referenced memory at "0x00000000". The memory could not be "written".

Click on OK to terminate this program

More replies
Relevance 65.19%

Hello, my problem is pretty much explained in the title, I have seen other people post about this problem but I didn't want to use the programs since they were marked as dangerous if misused. I have malwarebytes and have recently done a scan, but this problem still exists. I'll post a log if necessary

Answer:Windows Update redirect to Google.com

Please post our Malwarebytes log.Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)Now put a check next to Complete scan to scan all local disks and removable media.In the top menu, click Settings > Cha... Read more

6 more replies
Relevance 65.19%

Can someone please tell me why on both of my parents computers when clicking windows update it takes you to Google.com. I went to microsoft's website and went to their updates that way and had the same issue.

When I googled it, I got the answer "malware", so I installed malware bytes and ran it... removed 30 malware infections and still have the same problem.

THank you!
 

Answer:Windows Update Redirect to Google

I completely re-installed windows. Deleted partition, formatted the drive in NTFS and installed Microsoft Windows XP Professional. Upon completion of the windows install, the redirection to google is still present. How could that be possible? When you delete the partition and format the drive... doesn't that erase Everything ?
 

1 more replies
Relevance 65.19%

Referred from here: http://www.bleepingcomputer.com/forums/topic393182.html ~ OB.DDS (Ver_11-03-05.01) - NTFSx86 Run by User at 12:16:26.75 on Tue 04/26/2011Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.61 [GMT -4:00].AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\s... Read more

Answer:No Windows Update - Google ReDirect

Sorry about the delay, do you still need help?

64 more replies
Relevance 65.19%

Hi, I am having a problem updating my computer at the Microsoft site. It either redirects me to google or says that it Internet explorer can not load the page. I have run Malwarebytes and it doesn't find anything wrong. I also Have OneCare and it also finds nothing wrong. I have used the Hijack thingamabob and this is what came up. Does anyone have any suggestions for me.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:35:01 PM, on 3/14/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\System32\rundll32.exeC:\Program Files\Microsoft Windows OneCare Live\winssnotify.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\PROGRA~1\Webshots\webshots.scrC:\Windows\ehome\ehmsas.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\FlashUtil10a.exeC:\Users\Dell_User\AppData\Local\Microsoft\Windows\Temporary... Read more

Answer:Windows Update Google redirect

Here is the DDS
DDS (Ver_09-02-01.01) - NTFSx86
Run by Dell_User at 21:35:56.85 on Sat 03/14/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3069.2074 [GMT -4:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Window... Read more

3 more replies
Relevance 65.19%

Hello

This is my first post.

My computer issue is that I am not able to update my Windows and Anti-virus definition.

Every time I type "update.microsoft.com", I will be redirected to "www.google.com".

I am also not able to update my Anti-virus definition file automatically. I have to download the definition file manually and apply it.

I have enclosed the output file from "Hijackthis".

Thank you

David

Answer:Windows update redirect to Google.com

Hi david133,Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Mi... Read more

5 more replies
Relevance 65.19%

DDS (Ver_09-01-07.01) - NTFSx86
Run by TOBY at 18:16:17.04 on 20/01/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1209 [GMT 0:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Firewall *disabled*
FW: AVG Firewall 7.5.500 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Webroot\Spy Sweeper\SpySw... Read more

Answer:Google / Windows Update / AVG Update etc redirect

bump...

1 more replies
Relevance 64.37%

Hi,
This computer had a lot of viruses and malware/adware installed prior to this log.

After running Spybot, AVG, Adaware and Windows Defender and installing comodo Firewall Pro, they all finally stated there was no residual problems.

I tried to run Trend Micro online scan but it would not connect to the Trend Micro page and had to download hijackthis from another source.

The computer cannot connect to Windows update, and search pages (like google and live.com) redirect to random advertisement pages.

Also, I tried to update to Internet Explorer 7 and Windows XP SP3 but I could not get to the pages.

Finally, the start menu and the My computer were missing all their icons, they have all come back apart from the C drive (the only hard drive) and the log off button.

Here is a hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\TalkTalk ... Read more

Answer:Google Redirect And Windows Update Blocked

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

1 more replies
Relevance 64.37%

Google search results will redirect. I will click on a search result and get redirected through one or two websites. At times it will just open up a new random tab within firefox. If I just do "copy link location" and enter it in directly into the url bar it works perfectly fine. I have done scans so far with SUPERAntiSpyware, Malwarebytes, and Spybot - Search & Destroy. Oddly enough malware won't find anything what so ever spybot and superantispyware will find cookies and delete them but it never fixes the problem. I have also tried a system restore before I had this problem still didn't fix it. There doesn't seem to be any misc .exe running while any of this is happening. I think it's a java exploit but I could be wrong. The problem remains persist with both ie and firefox.DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 11:26:49.81 on Mon 05/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.252 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\j... Read more

Answer:Another Google Redirect/Windows Update Block

Hello,Not a problem, and thank you for posting a full one. Are you still being redirected? Can you get updates now?tea

8 more replies
Relevance 64.37%

While doing a google search, the results end up being redirected to many different adware sites. Also every now and then I get a popup from google that the adress is something like hxxp://www.google.com/default= On top of that when I try to do a windows update the browser window opens but no page loads and gives me the option to diagnose connection problems. Ive done various scans with malwarebytes, stopzilla, hijacker pro, super anti-spyware, and avast anti-virus, and none have succeeded in finding or fixing this problem.DDS (Ver_10-03-17.01) - NTFSx86 Run by chris at 2:42:47.93 on Fri 05/21/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.424 [GMT -4:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exec:\program files\idt\wdm\STacSV.exesvchost.exeC:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exeC:\WINDOWS\... Read more

Answer:Google Redirect/Windows Update Block

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.================================Your log shows that you already run Combofix, It SHOULD NOT be used unless requested by a forum helper. See HERE. Can you please post the contents of C:\Combofix.txt.P2P Warning:Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case ?Torrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."It is also i... Read more

20 more replies
Relevance 64.37%

Hi,I have a problem that when i click on any link on a search site, i get redirected to another site. Also i am unable to update windows. i can open other sites expect windows update website. I have tried differnt anti-malwares but the problem is not solved yet. I ran DDS, GMER and combofix. After running combofix still i am not able to downlaod windows updates. here are the log files. DDS.txtDDS (Ver_10-03-17.01) - NTFSx86 Run by chris at 16:41:58.81 on 21/05/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.397 [GMT -4:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\WINDOWS\system32\mfevtps.exeC:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exeC:\WINDOWS\system32\... Read more

Answer:google redirect & unable to update windows

Hi anto987,Welcome Malware Removal (VTSMR) forum. Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Download http://download.bleepingcomputer.com/farbar/TDLfix.exe and save it to your desktop.Double-click to run TDLfix.exe, type the following in the command window and press Enter:mbrA log file opens up. please post the content to your reply.

2 more replies
Relevance 64.37%

Edit:Double post by accident, sorry I was getting timed out.

Answer:Another Google Redirect/Windows Update Block

Not a problem. It happens a lot. Duplicate topic closed.

1 more replies
Relevance 64.37%

I would appreciate any help I can get!Running processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Program Files\Apoint2K\Apoint.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Toshiba\Power Saver\TPwrMain.exeC:\Program Files\Toshiba\SmoothView\SmoothView.exeC:\Program Files\Toshiba\FlashCards\TCrdMain.exeC:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Camera Assistant Software for Toshiba\traybar.exeC:\Windows\PixArt\PAC207\Monitor.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Garmin\gStart.exeC:\Program Files\FinePixViewerS\QuickDCF2.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\Apoint2K\Apntex.exeC:\Windows\system32\wuauclt.exeC:\Windows\System32\mobsync.exeC:\Windows\Explorer.EXEC:\Program Files\Internet Explorer\iexpl... Read more

Answer:Google Redirect, Windows and Antivirus won't update

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 64.37%

All,Yesterday, I successfully got rid of the Security Suite mallware infection, thanks to the help of bleepingcomputer.com . After that was done, I noticed I had to reconfigure my internet access as it would not connect to the internet. Having done so, I wanted to look for information about virus scanners. Using Google, I noticed that every search result was redirected to an ambiguous site. Typing the address in the IE address bar does work fine. Doing so, I accessed the Microsoft site to have Windows updated. Unfortunately the updater only keeps searching but does not finish the search. Don't know if it is relatated but I don't seem to be able to access Windows in the Safe Mode using F8 anymore. If the system does get me to the selection page the arrow keys don't seem to work, so I can only wait for Windows to start normally.(I was able to work in safe mode to remove Security Suite).Use of proxy server is still unchecked in LAN-settings of IE.When browsing the internet, without using Google, I do start receiving pop-ups from ambiguous sites. Please advise.DDS (Ver_10-03-17.01) - NTFSx86 Run by Martin de Weert at 12:14:38,07 on zo 15-08-2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.38 [GMT 2:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\... Read more

Answer:Google redirect and Windows update errors

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

11 more replies
Relevance 64.37%

Hello,I have posted in the Am I infected forum, and someone was very kind and helpful in running me through a bunch of spyware programs. But, unfortunately, my problems continue. Hopefully this will help find the problem.Here are the problems I am experiencing: When I click on a link from a Google search, I am oftentimes redirected to an advertisement. I cannot update AVG or MalwareBytes or Windows (I don't believe I am missing anything huge from Windows - it said I needed IE8, an Office 2007 update, and a Net Framework Update. They downloaded - I think - but would not install.). My McAfee virus definitions had expired a while ago, but I still used McAfee firewall. But the icon in the taskbar keeps disappearing after I manually try to start McAfee, so I am not certain it is running. I also cannot access the McAfee website. I only get a white screen with large text reading "The specified method is not supported." I also cannot use Internet Explorer (though IE tab in Firefox works fine.)Here is the link to my thread in the Am I Infected forum. Essentially, I have run MalwareBytes (but, again, failed to update it or have any success with the mbam-rules download), ATF, SAS, Dr. Web CureIt, and SDFix. Most found some things (mainly minor, I believe), but none of my problems were fixed. Here is my DDS.txt:DDS (Ver_09-03-16.01) - NTFSx86 Run by Christine at 20:45:17.60 on Fri 05/08/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13Microsoft Windo... Read more

Answer:Google Redirect/Can't Update Spyware or Windows/And More

I managed to get some help elsewhere, and my computer appears to be running normally now.
ComboFix is what helped me, if that is of use to anyone else.

Thanks again to everyone here for the help in searching for my problem. I really appreciate it!!

2 more replies
Relevance 64.37%

I used to think I was pretty computer savvy until I got into here and saw some of the things you guys are doing to diagnose. So first of all, THANK YOU! I've had nothing but problems with this computer since I bought it refurbished from Dell and the more I can navigate this site, I'm sure I could fix all of it. I'll get down to meat and potatoes of my problem. I see that most of the problems in here involve people using various Torrents, so damn those people just trying to screw us over. I've never had a problem downloading movies, but I try to get my learn on and download some books and I'm BOMBARDED with something terrible. I've got this dreaded Google Redirect thing. (I know the logs speak for themselves, I just wanted to provide some comic relief.)

The main problem I am having is this redirect, I've had multiple "blue screens of death" and a few times it freezes on the "windows loading files screen" and I DEFINITELY cannot use windows updater or defender because Windows basically tells me that an error occurred. I don't know if this is all related, but hopefully it gives some insight into my problems. (just out of curiosity I was looking at some other logs and I noticed that my "pseudo HJT log" my ProxyOverride is set to 127.0.0.1:9421, am I on the right track that something is wrong there, or am I just trying to be too smart?)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 Bro... Read more

Answer:Google Redirect, No Windows Update, Kids won't go to bed

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

27 more replies
Relevance 64.37%

I have three main problems:
1 - My DNS settings keep getting wiped out
2 - Constant Google Redirect
3 - Windows Update fails with an error of 80072EFE - Meaning it can't access the internet

I have run rkill.exe, malwarebytes, ad-aware, spybot, and MSE.

I would greatly appreciate any help you can give me!!

Kal

Here is the DDS dump:
.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Kal at 14:26:25 on 2011-06-11
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2047.1079 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -... Read more

Answer:Google Redirect and Windows Update Fail

Hello TrooperKal, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users ri... Read more

7 more replies
Relevance 64.37%

When I click on links in google, I get redirected to random webpages. And when I go to windows update, internet explorer freezes up. I also can't seem to get to a number of webpages, including mcafee. I have run Avast to search for viruses, SuperAntiSpyware, Malwarebyte's Anti-malware, spybot, and installed Zonealarm firewall.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:55 PM, on 4/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlc... Read more

Answer:google redirect plus windows update not working

16 more replies
Relevance 64.37%

Hello,
I'm running Windows XP service pack 3. I do not have a Windows Install disk or a Boot Disc.

I'm having 2 problems.

First, I'm having a Google redirect problem. I can do a Google search, click on a link and connect to the proper site. I can do this several times and everything works correctly. However at some point, I do a Google search, click on a link, and will be redirected to another site. Once this starts happening, it happens for all my searchs until I restart my PC. Neither Norton Internet Security or Spybot finds any malware. I have since deleted Spybot per First Step directions.
Secondly, if I use the word 'windows update' (oneword no space) in any manner in IE7 I get the message 'Internet Explorer cannot display webspage'. This includes trying to do a Windows Update thru the Start menu or thru IE7-->Tool--Windows Update. The site its trying to connect to is 'Windows update.microsoft.com' (without the space).
If an email or posting I send contains that word or I try attaching a document containing that word to a posting or email I get that same message.
The DDS log follows

DDS (Ver_10-12-05.01) - NTFSx86
Run by tom at 15:30:37.10 on Mon 12/06/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.154 [GMT -6:00]
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============... Read more

Answer:google redirect and windows update problem

Hi Tom and welcome to TSF. My name is Taylor and I'll be helping you with this fix.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

13 more replies
Relevance 64.37%

Like my title says, occasionally (not always) I get redirected google results in IE and chrome and I can't update Windows.

Thanks for any help you can provide.
My HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:28:17 AM, on 4/14/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\MotoHelper\MotoH... Read more

Answer:Solved: Google redirect and can't use Windows Update.

16 more replies
Relevance 64.37%

I have been having problems getting windows update to work automatically or online, and google redirects any attempts at the win update website. Also oovoo will not allow an update, maybe due to the win update problem. Here are the requested logs:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:26:36 PM, on 8/22/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Logitech\Logitech Vid\Vid.... Read more

Answer:Google redirect, windows update problem.

11 more replies
Relevance 64.37%

Good afternoon everyone,

I'm usually pretty good at cleaning these things up, but I'm posting in hopes that someone here is either smarter or more experienced than I.

Scenario:
Machine in the office at the church where I volunteer is experencing browser redirects, cannot reach windowsupdate, cannot update MS Security essentials automatically.

OS: Windows XP SP3
It is on an Server 2003 ActiveDirectory domain.

Computer was reported running slow on bootup. MS security essentials detected and quarantined Backdoor:Win32/Cybot.B. It detected it several times. When I looked at it, the MSSE was out of date, so I fixed it by downloading the updates and installing manually. It detected and cleaned a few other virus/trojans.

I also ran Malwarebytes and it cleaned a few things.

However, it is still having issues with re-directed google search results in both IE and Firefox. In addition, I cannot update the MSSE or get to windowsupdate.

I believe the problem may be in the networking subsystem somewhere.

I've attached the HJT log below, but it doesn't seem to show anything that I can see.

I also did a packet capture of when I tried to go to www.windowsupdate.com and the results were very strange. There were many packets between the website and the computer, but they were all SYN and ACK, no HTTP request was ever sent.

Any ideas?

Thanks,
Doug

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:26:43 PM, on 10/19/2010
Platform: Windows XP SP3 (W... Read more

Answer:Google redirect / windows update issue

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

3 more replies
Relevance 63.96%

Hi,

Had the dreaded Google redirect virus a few weeks ago and tried a number of fixes. Finally used my Windows recovery disk and was able to go back to a restore point prior to infection. Running Vista 32 bit, Norton Security Suite from Comcast. Although the redirect virus seems to be gone, I still have residual issues with not able to run any updates. Windows Update will not run (Error code: 80096001). When Norton tries to run LiveUpdate it crashes and tells me it is not working and to uninstall. I am able to reinstall and it runs fine until another LiveUpdate tries to run. I now have to uninstall and reinstall Norton just about every other day because it crashes and tells me it is corrupt and I'm not protected. I even used Norton removal tool and tried to install McAfee enterprise product that I have access to from my University but it fails to install. Gets hung up at the "starting services" point. HiJack File, attach and DDS files are below.

Thanks for your help!
Tony P


I also got "system denied write access to the Hosts file" and could not edit the file as instructed.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:20 AM, on 4/22/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\W... Read more

Answer:Cannot run any LiveUpdates or Windows Update after Google Redirect Virus

Hi Tony,

Do you still require assistance with this? If so, I'd also like to see the log produced by TDSSKiller when you ran it. You'll find it located directly on the C:\ drive.

19 more replies
Relevance 63.96%

I'm on a PC with Windows XP Professional Service Pack 2.I've experienced these problems within the last few hours:- In Firefox and IE, Google and Bing search engine results pages will appear normal, but clicking any link in the results will take me through multiple redirects, eventually bringing me to sites like MonsterMarketplace (always something spammy).- Chrome refuses to load at all.- I cannot install Microsoft Security Essentials - after validation of Windows, I get an error code 0x80070002 that the installation cannot be completed.- Windows Update will not connect to update.microsoft.com, I also cannot load windowsupdate.microsoft.com- My hosts file at C:\WINDOWS\system32\drivers\etc appears full of junk listings (can post if anyone wants to see them)- I've tried running Spybot Search & Destroy and Malware Bytes Anti-Malware, both found and removed threats but I'm still experiencing the problematic behavior.At this point I'm not even sure what the problem is - Malware? Spyware? Virus? - but I'd like to get this fixed with your help :-) Here's the DDS.txt file contents and Attach.txt... Please let me know what other information I can provide to help diagnose the problem (and help get to a fix!).** UPDATE ** After I finished drafting this post and running the scans, the PC stopped connecting to the internet entirely through Firefox or IE. The Windows Firewall became disabled and I have not been able to turn it back ... Read more

Answer:Google redirect virus; also cannot access Windows Update

Just a quick bump - after restarting, can connect to web sites through IE and FF (although still unable to connect to update.microsoft.com or windowsupdate.microsoft.com, and still experiencing the originally reported Google redirect problems). Let me know if I can provide any other information.

24 more replies
Relevance 63.96%

Hi Tech Guys,

Had the dreaded google redirect virus a few weeks ago and tried a number of fixes. Finally used my Windows recovery disk and was able to go back to a restore point prior to infection. Running Vista 32 bit, Norton Security Suite from Comcast. Although the redirect virus seems to be gone, I still have residual issues with not able to run any updates. Windows Update will not run (Error code: 80096001). When Norton tries to run LiveUpdate it crashes and tells me it is not working and to uninstall. I am able to reinstall and it runs fine until another LiveUpdate tries to run. I used Norton removal tool and tried to install McAfee enterprise product that I have access to from my University but it fails to install. Gets hung up at the "starting services" point. HiJack File, attach and DDS files are below.

Thanks for your help!
Tony P
I also got "system denied write access to the Hosts file" and could not edit the file as instructed.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:20 AM, on 4/22/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\... Read more

Answer:Cannot run any LiveUpdates or Windows Update after Google Redirect Virus

Bump:
Can run Norton Live Update manually but still crashes after a day or so and must reinstall
 

3 more replies
Relevance 63.96%

Hello,This past weekend I was blessed with the Google redirect/popup issue people seem to have been enjoying recently. This also included (but I'm sure was not limited to) several trojans, fake antivirus, keyloggers, DNS randomizer/changer and rootkit errors. I believe I've removed most of those except the rootkit errors. Unfortunately, Windows Update won't work for me anymore and I'm behind a campus network which is monitored via Cisco NAC Agent and denies me access to the network claiming windows XP needs updating. Needless to say, it's fairly frustrating not to have the use of my computer.I'm running XP SP3 and have AVG Free 9.0 and Windows Defender. I have run Malwarebytes, HitmanPro3.5 and WindowsLive OneCare.Below is my DDS log, attached is the Attach.txt file. Unfortunately I have not been successful running Gmer as it caused several processes to run at 100%, freeze and crash. Thank you very much for your assistance in advance.DDS (Ver_10-03-17.01) - NTFSx86 Run by Seth at 13:19:54.34 on Wed 07/14/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.135 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32&... Read more

Answer:Had the Google redirect issue, now Windows Update won't work.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

16 more replies
Relevance 63.96%

I recently discovered I was getting redirected to sites such as 'toseeka.com' and other random webpages when trying to search for topics. I had Mcaffee and since it had just expired (free from Comcast) I downloaded and installed Norton. Problem still existed and so I searched then downloaded and ran Microsoft trojan remover and hitman pro 3.5 to no effect. I have also updated and run Malwarebytes multiple times since then. Norton I believe is stopping the redirect, a pop-up window comes up in the bottom corner for a few seconds saying 'unauthorized attempt to access your computer has been blocked"My computer also will have the task bar 'freeze' after a few hours - this happens occasionally, not everytime the computer is on. As stated in the subject my windows and microsoft update pages will not connect/load.I ran the scans as requested, but GMER gave me a blue screen of death sometime before finishing with a kxloapoc.sys error of some kind. I'm asking for help before downloading and running combofix!Thanks!DDS (Ver_10-03-17.01) - NTFSx86 Run by Ryan at 21:35:49.05 on Sun 06/06/2010Internet Explorer: 7.0.5730.11============== Running Processes ============================= Pseudo HJT Report ===============uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uWindow Title = Windows Internet Explorer provided by ComcastmWindow Title = Windows Internet Exp... Read more

Answer:"google redirect", windows/microsoft update blocked...

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

11 more replies
Relevance 63.96%

Hi

This is my first time using the bleepingcomuter forums.

I have Windows XP with SP3. I orginally had the fake microsoft security essentials virus (which as far as I am aware was completely removed), however since then, my laptop has been acting strangely as:

1. I am redirected from google to sites such as "Gomeo" and "Google.com/webhp"
2. I am unable to connect to the microsoft update pages and therefore cannot update windows.
3. My computer has also significantly dropped in speed.

I have so far run about 10 - 12 different antivirus and antimalware software programmes such as....
AVG
Malwarebytes
Microsoft security essentials
Avast
Super antispyware
Search and destroy
etc

All of which have identified and dealt with some different problems however have not seemed to solve my current issue. I have run these scanners in both normal and safe mode of windows.

I have performed the scans using DDS and GMER as per the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" page. I have not attached the scans as it was not clear which ones I needed to upload.

Any help and guidance you could give would be grately appreciated.

Many thanks and merry christmas

Phil

Answer:Google redirect virus and unable to update windows

Please post the DDS logs and GMER log and I will merge them to your post above and remove my reply so your topic won't get lost. ~ OB

2 more replies
Relevance 63.96%

Windows XP Pro
IE 8

2 days ago i noticed that I was getting random instances of IE launching on its own and going to some weird sites. Then I noticed that any google search on malware, spyware etc would laso get redirected. However google searches to anything else would still work. Then I tested Firefox and teh behavior was the same.

I had MS Security Essentials, I did a scan and it found Java/CVE-2010-0094.AA, which it removed. Despite that the problems did not go away. Since then I have tried:
- Malwarebytes - it found another instance of Java/CVE-2010-0094.AA
- Rescanned (full) with MS Security Essentials - Found nothing
- Removed MS Security Essentials and Installed Zone Alarm and rescanned. Found Nothing
- Full Scan using MS malicious software removal tool - Nothing found

However I am still unable to connect to windows update, and google searches still tend to get redirected.

I then found this site. So I am prepared all the scan logs. However, each time I run GMER my computer crashes. After recovering from one of the crashes I got a Microsoft messages on sending eth error info to them. I did so and got feedback that I have some spooldr.sys virus.

Couple of notes on the DDS file I am pasting here:

StartupFolder: c:\docume~1\moi\startm~1\programs\startup\popupe~1.lnk - c:\project files\lucsoft\killpopups\release\KillPopups.exe
TB: Tijory Toolbar: {5b1a9177-852b-4783-8526-db4fb526c54e} - mscoree.dll
EB: ... Read more

Answer:IE, Google Redirect, Unable to access Windows Update

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

4 more replies
Relevance 63.96%

Hey all,

Recently, I had been having problems with Vista. To make a long story short, I reinstalled Vista from scratch. Afterwards, I was going through and completing about four years worth of updates (the laptop is that old!) and something didn't go as planned. Somewhere in the downloading process, I've picked up something. Adobe Flash kept wanting to me install it, even after I already had, every ten minutes or so (this is why I think it was the source of the problems). Now, some google searches are redirected to other websites. It's not every one, just ones at random. If enter an address directly into the browser, it's fine. but when I click on the link provided by google after a search, I'll end up somewhere else. My internet connection is junk now. I went from about 150Kb/s for downloads to about 5Kb/s. Webpages take forever to load. I'm afraid of going much further due to security concerns without getting this taken care of. I've ran several anti-malware programs hoping to take care of it but nothing really seems to work. I've used Ccleaner to dump temp files. I've used Ad-aware, Spy-bot S&D, as well as Malware Bytes. Each have found a few things and claimed to have fixed them, however after each reboot the problem returns. I appreciate any help anyone is able to lend me.

System Info:
HP dv7-1260us
Vista Home Premium SP1 x64
AMD Turion X2 Dual Core Mobile RM-74, 2.2Ghz
Thanks again,
drunkle

Answer:Google redirect, bad flash update, Windows Vista,

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

12 more replies
Relevance 63.55%

Hello. This site has helped me many times to remove malware, but this is my first time posting for help. Running windows XP SP3. Explorer pops up an extra window on startup and randomly with random sites (adsonar comes up alot), they often have a large yellow congratulations banner on top. Google links all redirect elsewhere. Yahoo causes intermitent redirects. I ended up with the Antivirus Soft from one of the redirects.Also noticed I cannot access windows update whatsoever , the pages will not load, I get a page reset errorInstalled IE8, on startup it warns me that a program is trying to change my default search engine. Redirects persist.I installed Mozilla Firefox, and the xtra window pop ups and google redirects are happening with it as well.Ran Defogger, DDS and GMER..................DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 23:48:24.84 on Wed 05/26/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.652 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\CA\ETRUST~1\realmon.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\igfxtray.exeC:\Pro... Read more

Answer:Google redirects / windows update page wont load

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

14 more replies
Relevance 63.14%

Hi thanks for reading this, ive been having a huge problem with my pc it has been so slow and now getting errors and freezing randomly. I look in my event viewer and have found that Microsoft update could not go through and when i try to update it the ie wont open to it. Now i go into my system even viewer and find a error with:

DCOM error "The service did not respond to the start or control request in a timely fashion. " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}.

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.

I have dl the dds and gmer already. If you can help i highly appreciate it.

Sorry for some reason my internet wont let me post my dds log files. I turned off all my anti virus programs too. I attached all the logs in the attachments.

Answer:Google Redirect Problem/Windows update disable Freezing

to BC!Step 1.TDSSKiller:Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


If an infected file is detected, the default action will be Cure, click on Continue.


If a suspicious file is detected, the default action will be Skip, click on Continue.


It may ask you to reboot the computer to complete the process. Click on Reboot Now.


If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Step 2.ComboFix:Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please include the C:\ComboFix.txt in your next reply for further review.Step 3.Things I would like to see in your reply:The content of the log from TDSSKiller in step 1.The content of C:\ComboFix.txt in step 2.Information on how your computer is running after those steps.

15 more replies
Relevance 63.14%

My work computer has been infected for about three weeks despite our "tech" department deeming it clean. I am running Windows XP and Microsoft Security Essentials (did have Norton but Tech switched). I am in desperate need for help as I am spending all my time managing the issues.After running Malware Bytes it is constantly popping up that it has "successful blocked access to a potentially malicious site." As another thread mentioned I too have a long list of IP's that are trying to be accessed.83.133.119.15583.133.120.18783.133.121.14783.133.121.15683.133.121.5583.133.124.12583.133.124.19583.133.124.19683.133.124.25083.133.120.18783.133.125.41So far in three weeks there have been several items found and removed including the following found today):(Backdoor.CycBot)(Trojan.FakeAlert.Gen)(Trojan.FakeAlert.CLGen)And others which are no longer in the history as the MSSE was removed and reinstalled (see error code point below), one was in system volume restore and so we deleted previous restore points. I believe one of the names was something like JAS.Blacole (was removed).(Details:Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\f77ffRL9gTXqUCk8234A (Trojan.FakeAlert.CLGen) -> Value: f77ffRL9gTXqUCk8234A -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\kttxxP0uc2iDpG (Trojan.FakeAlert.Gen) -&g... Read more

Answer:Google Redirect and Windows/Virus Definitions Update Disabled

An update, it found another infected file:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Issues still remain the same as the original post.

44 more replies
Relevance 63.14%

Just recently I have gotten something that I can not get rid of. I have been running Malewarebytes and it found a few things and I cleaned them, I also ran HouseCall and it found a few other things and proceeded with cleaning what that program had found. I have run Mcafee and malewarebytes several times and in safe mode and they are showing nothing is wrong at this point. I also tried to run combofix as a suggestion from another IT friend and got a blue screen after it installed the Microsoft Windows Recovery Console and will not run the scan and just goes to a blue screen. The only info that I wrote down during the process was from housecall from trendmicro when it found stuff called (Adw Maxifiles, Troj Fakeav.Smes, Expl_Passrec.A, Troj_Generic.ADV, Worm_Palevo.Au, JS_Agent.ADV) I have also run CCcleaner program to clean up any temp files.
Maleware found these
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ejedsdyu (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
Mcafee found something called Generic.dx(Trojan) and was deleted

Current Problem:
Everything seems to be ok except when browsing with IE8 and I do a search with google and then I click on the link and it takes me somewhere random usually an ad page or something with asklots.com in the addre... Read more

Answer:Google is redirecting me to ad sites and windows update site doesnt load

I have the same issue, have you found a resolution besides a reload? Thanks in advance!

1 more replies
Relevance 62.32%

Hi

This had been bugging me for a while, so i'll appreciate any help i can get on the matter

when searching on google, clicking a link will often bring up an incorrect website, usually another search site or ebay.

when trying to connect to the windows update service, i am unable to download any updates and get the error code 80244019 (any ideas what that means?)

i have downloaded malwarebytes anit malware and ad-aware, but neither will connect to update.

im running vista 32-bit premium with mcafee virus scan (doesnt turn up anything in a scan)
the problem is in internet explorer 7, tho i havent used firefox in a while so it may be present there too
anyone got a clue what to do?

cheers
chris

Answer:Google searches redirect to wrong site / windows update not connecting

ok, mbam has found and deleted something called 'dnschanger', and it appears that my searches will work properly now

windows update is now also updating.

anything i need to do, or do you think this problem is fixed?

cheers

1 more replies
Relevance 62.32%

I'm hoping this is the virus coming back again, and not that it was dormant in my pc the whole time. here is the link to the last time i had it. last time, from what i remember, it was only a firefox redirect issue, whereas now it seems to be on ie as well, and the windows updater doesn't work and the mcafee firewall won't stay on - when i press turn on, it automatically goes back to off

http://www.bleepingcomputer.com/forums/topic459101.html/page__p__2750104#entry2750104
http://www.bleepingcomputer.com/forums/topic459289.html/page__p__2751531#entry2751531

Thanks!

Answer:google redirect/windows update not working/mcafee firewall cannot be turned on

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

1 more replies
Relevance 62.32%

Hello,

I am having a problem with being redirected in google and yahoo.

I also am unable to check for updates on Malware "Update failed. Make sure you are connected to the internet and your firewall is set to allow malwarebytes anti-malware to access the internt".
- My internet works.
- My firewall has Malwarebytes anti-malware on the exception list
I can run the quick scan and full scan and it shows no problems.
I CAN NOT update at all before I run them.

Some web pages will not connect at all.
- I cant get on any Microsoft page. I get the error page "Internet Explorer Cannot Display the Web Page"
- I can get on Malwarebytes web page. I get the error page "Internet Explorer Cannot Display the Web Page"
I am connected to the internet. It is as if this virus does NOT want me to get help!!!
- I also tried to download run the AVG Internet Security Free Version. It wont let me download it either. I get an error message.

HELP!!
Thanks so much,

Answer:Redirect Google & Yahoo, cant update windows or Malware. Cant open some web pages.

Hello, let's try to run either or both of theseIf you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.***Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.DownloadFixExe.reg FixExe.reg Download RKill...., Some times several attempts are needed to kill the malwares before running MBAM.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attemp... Read more

13 more replies
Relevance 62.32%

Hello,

A couple of days ago, I began to notice symptoms of a malware infection on my computer. I was visiting a seemingly innocuous website when my internet explorer was immediately closed and a false Windows Security Essentials interface came up and tried to suggest that I was infected with some sort of trojan. At this point I was locked out of the task manager and my internet explorer would return a "could not connect to this web page" message for every site I tried to visit. I attempted to use system restore, but upon restarting my computer, I would recieve a blue screen error and my computer would automatically restart. Therefore, I restarted my computer in safe mode and attempted to search for a solution to my problem. It was suggested on a website that Malwarebytes could suffieciently remove the malware in question, so I ran an updated Malwarebytes scan. Malwarebytes fixed a few problems and I was able to restart my computer into normal mode without any problems. At this point, the issue seemed corrected. I saw no problems for about a day. I left my computer on idle the next night, and when I awoke, there was a windows error message saying a Win32 process was terminated unexpectedly. I realized that my computer did not have any sound when i visited webpages now, so I restarted it. However, windows hung on the loading screen everytime I attempted to enter normal mode. I then restarted into safemode again and ran an updated Spybot Search & Destr... Read more

Answer:Google Search Results Redirect, Popups, Windows Update Blocked

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

3 more replies
Relevance 62.32%

I am using a Toshiba Satellite A215 with a 1.80 GHz AMD Turion 64 X2 Mobile Technology TL-56 and 2G of RAM. I am running Vista Home Premium with SP2 and use Firefox v.3.6.9 as my default browser.

As stated above, I am having the following problems;

* Google Redirects me to different websites when I click the links after a search. These are just 2 of the websites that I have been redirected to:

*thewrittenpage.com/search.php

doreal.net/search.php

* Pop-up Tabs opening in my Firefox browser windows without prompting. Some of the sites that open are as follows:

* internet-expose.com

onlyspecialoffers.info/submit/?t202id=3475&t202kw=http://view.atdmt.com/cnt/iview/193795210/direct;wi.300;hi.250/01/4147169158?click=http://c.casalemedia.com/c/4/1/75691/&source=320-0

* I cannot access Microsoft Updates. Anytime I try, I get the following message:

"Error's Found: Code 80072EFE Windows Update Encountered an Unknown Error"

I have not been able to update Windows since 3/17/2010.

* My computer sometimes will just shut itself off and sometimes it restarts itself. Other times it will not shutoff when I try to restart it. And then sometimes when I do try to start it, it will shut itself back down before it even gets to the log on screen. I have tried the startup repair utility and it says that it cannot fix the problem.
I have Avira Antivir as my anti-virus software, and I use MalWareBytes at least once a week. I also use spybot search and destroy, Ad-Aw... Read more

Answer:Multiple Problems...Google Redirect, Pop-up Tabs in Firefox, Cant Update Windows.

16 more replies
Relevance 62.32%

Hi,
My Operating System is Windows Vista SP2. I am having several issues with my computer although it seems to be working okay speed wise. I think all the issues may be related.

1. Google search links are getting redirected (Very very annoying)
2. Windows Update isn't working (error code 80073EFE)
3. IE stopped working a couple of days back (noticed problem #2 trying to get IE updates to stop IE crashes)

So I googled in a different computer and saw recommendations of malwarebytes (MBAM), GMER and ComboFix. MBAM identified and fixed about 25 infected files. GMER identified a TDL4 (not sure what that means). Anyway next step was to install combofix, but everytime I try to install it, I get blue screen and computer reboots. I disabled all antivirus, firewalls etc and also closed all browsers, then clicked on combofix exe and am still having the same blue screen of death issues.

Please advise.
Thanks

Answer:Google Redirect, Windows Update issue along with installation problems with ComboFix

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

28 more replies
Relevance 61.91%

I have reposted over here my previous post was here http://www.bleepingcomputer.com/forums/t/257084/google-redirects-avg-wont-run/Per GarmanmaI do not know who move you from the HJT forumIf you cannot run a DDS scan, a Win32diabg scan is acceptablePlease repost in the HJT forum:http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/Give a brief description of what is happeningOnce post, do not continue to post to it. That will only push you back further in the rotation Here is the win 32 text fileDesktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\Windows'...Found mount point : C:\Windows\AppPatch\Custom\CustomMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP251D.tmp\ZAP251D.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2633.tmp\ZAP2633.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3725.tmp\ZAP3725.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\Na... Read more

Answer:Google redirect,AVG won't load

Well due to a lack of response for some unknown reason I ended up purchasing a physical copy of Vista Ultimate because the laptop did not arrive with disc's. Reloaded with a clean install. Then I was able to finally get AVG and defender up and running. AVG found cngaudt.dll Trojan horse crypt and dealt with it.
So at this point I can not recommend to others to stop by here for possible assistance. I was willing to make donations to get this done but alas no response

2 more replies
Relevance 61.91%

Whenever I click on a Google search links, its being re-direct to ad-spam site, and also my window update gets an error. I think I have a TDSS Rookit since I ran GMER on my desktop (see below log) it states: Device -> Driveratapi DeviceHarddisk0DR0 86EAEEE4---- Files - GMER 1.0.15 ----File C:WINDOWSsystem32driversatapi.sys suspicious modification---- EOF - GMER 1.0.15 ----I also try to use TDSSKiller.exe but it did not remove the rookit. Please help!Below is my full log from GMER:GMER 1.0.15.15252 - http://www.gmer.netRootkit quick scan 2010-05-06 13:51:22Windows 5.1.2600 Service Pack 3Running: gmer.exe; Driver: C:DOCUME~1ERICHO~1LOCALS~1Tempawldikog.sys---- System - GMER 1.0.15 ----Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x9D14722B]Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0x9D1471AB]Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x9D147255]Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0x9D1471BF]Code SystemRootsystem32driversmfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0x9D1471EB]Code ... Read more

Answer:TDSS Rookit. Please Help! Google search links redirect, windows update error

My HijackThis Log FileLogfile of Trend Micro HijackThis v2.0.4Scan saved at 3:11:11 PM, on 5/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\Asset Services Management\eSMARTUM.exeC:\Program Files\Dell\OpenManage\Client\Iap.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\IBM\Lotus\Notes\nslsvice.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\IBM\Lotus\Notes\ntmulti.exeC:\Program Files\Asset Services Management\ASMAgent.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\McAfee\VirusScan ... Read more

12 more replies
Relevance 61.91%

Recently Sophos antivirus found a trojan on my computer. I removed it using that program. I also ran Spybot S&D, Malwarebytes Anti-Malware, and Lavasoft's AdAware and they all found errors and corrected them. However, I'm still having several problems.-Google search results redirect to monstermarketplace and several other weird search result pages-I cannot connect to Windows or Microsoft Update at all, it won't even load that page.-I cannot use system restore-My audio works at first, but then cuts out and clicking on the speaker icon in the taskbar tells me I have no audio device installed.I read the forum posting guidelines but I cannot seem to get the dds.scr file to run. It says it's an unknown file type and wants me to select a program to open it and I'm not sure which one to use. I can post a HiJackThis log if that would help?Much thanks in advance,Josh

Answer:Google Redirect + cannot use Windows Update or System Restore + Audio Device problems

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.==================================1. Please try using a different version of DDS, download it from the links below:DDS.com => http://download.bleepingcomputer.com/sUBs/dds.comDDS.pif => http://www.forospyware.com/sUBs/dds2. Download GMER Rootkit Scanner from here. Extract the contents of the zipped file to the desktop. Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so. If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO. In the right panel you will see several boxes that have been checked. Unchecked the following checkboxes: IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Now click on the Scan button and wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.Post the contents of that report when you reply.We're so sorry for the delay,~Semp

2 more replies
Relevance 61.91%

Hello. This site has helped me many times to remove malware, but this is my first time posting for help.

Running windows XP SP3. Explorer pops up an extra window on startup and randomly with random sites (adsonar comes up alot). Google links all redirect elsewhere. Yahoo causes intermitent redirects. I ended up with the Antivirus Soft from one of the redirects.

Also noticed I cannot access windows update whatsoever , the pages will not load, I get a page reset error.

I used Rkill and Malwarebytes in safe mode to remove the Antivirus Soft.

I have than run CCleaner, ATF(safe mode), Superantispyware(safe mode), and Malwarebytes again (normal mode), and scanned with the Computer Associates virus software that came on the pc. Numerous items where found and repaired/deleted , but the browser edirect problem persists.

I installed Mozilla Firefox, and the xtra window pop ups and google redirects are happening with it as well.

A few years and probably too much P2P activity have loaded this pc with too much junk I'm afraid. It was a refurb and I have no restore cd / partition or I would wipe it clean and start over.

Any help would be very much appreciated. I was going to download and run Hijack this and post a log but thought I would hold off since I obviuosly don't know exactly what I am doing at this point.

Steve

Answer:Google/Yahoo links redirect, windows update page reset errors.

Hi Steve and welcome... We may as well get right into the MAlware removal section.Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

2 more replies
Relevance 61.5%

OK. I have the same problem as others; Google redirect/hijack. I can't get the Malware to start/load. I do have the logs from DDS, HJT and GMER. Can anyone help solve this? It is driving me mad! I don't know which files to clean/remove.

Answer:Google redirect AND Malware won't load

Hello !! The HJT team is quite backlogged right now.If you want to post the log,go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.Or...are you trying to run malwarebytes? If so try these to get it working so you can post a logIf after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.***Open up command prompt, type in following commands: XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.regsvr32 mbamext.dllregsvr32 ssubtmr6.dll regsvr32 vbalsgrid6.ocxregsvr32 zlib.dll ****If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.Manually Downloading Updates: Ma... Read more

22 more replies
Relevance 61.5%

Hi Bleeping Computer

I am running a ASUS Notebook U50Vg running Windows 7. (Please note, I am by no means a computer expert so I apologise in advance if my tech vocab is a bit off)

Stupidly, as I was using firefox, I saw a dialog box that asked if I could allow (it was either firefox.exe or update.exe) even when I wasn't updating anything at the time.

Now when I log off/restart my computer and begin using my browsers:
1) When I google anything, the first thing I click redirects to something completely different. An example began with secure.bidvertiser.com, another get-answers-fast.com and another was an ad for a legit company (ING Direct)
2) After a few minutes browsing on the web, websites will not display at all. On firefox it will just display a blank screen and on chrome it says "unable to connect to the proxy server" (this message appears on firefox occasionally).

I've tried to do a bit of troubleshooting and the TDSS malware thing comes up quite a bit. As does Kaspersky's free TDSS killer. I tried using that tool (and renamed it as advised on alot of forums) but when I ran that tool, it didn't seem to find anything wrong.

I've also tried System Restore to the earliest available time, 5 days from today which is much earlier than when this started happening, but I'm still plagued with this problem.
Thanks in advance for reading this and I hope you can help me out with this!

Ben

Answer:Google redirect and cannot load websites

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart th... Read more

13 more replies
Relevance 60.68%

This started happenning about a week ago, I was just browsing reddit when I clicked on a link and my computer just shut down randomly.As soon as it shut down I started up my computer and when I tried using google web search, I clicked on a link and it redirected to some website that wasn't what I wanted. I close that imediately. I also tried using a google image search later that day and I found the the image search did not have the option to search using the image. At first I thought google was down, but then I remembered waht someone told me. which was that google never goes down, they have 100's of servers worldwide. Then I noticed my Kaspersky antivirus popped up with a message, and that message said something like Trojan.alureon.something I looked it up on youtube and ask.com(since google won't work lol), and I believe my computer is infected with the google redirect virus, also known as TDSS I think.I run Windows 7,I have tried removing it with my expired Kaspersky program, and it said that it could not remove it.I tried looking up intructions on youtube videos, and some of them say to download a program called TDSSkiller, but Youtube videos won't help seeing as there's no one who can help me through the steps of removing the virus.So I searched ask.com for people with similar problems, and I found this website.I browsed through the 'Am I infected? What do I do?' forums and I see that there have been topics already posted, and that you guys h... Read more

Answer:Google redirect/ won't load/404 No Found. nginx

Hello,Step 1Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.----------------Step 2Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.----------------Step 3Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes'
Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Usernam... Read more

18 more replies
Relevance 60.68%

Computer: PC Clone, OS Win XP Pro Service Pack 3

Have what seems to be Google Redirect Virus. When trying to access web sites, get Involuntarily linked to sundry sites that are sometimes similar, sometimes not.
Problem is Malware Bytes nor Avast scans find any virus. Using only Malware and Avast, no other Malware/Virus fix programs..
Ran CC Cleaner.
When trying to access yours or other recommended links, some will not download, or error message "Cannot find" comes up.
Was able to use Goored Fix which is saved on notebook. Will provide copy of requested.
Did try to reload OS XP Pro, but program disc damaged or file corrupt and will not load. Prefer not to reinvest in XP or Windows 7 if possible.
Thank you in advance.
Skysarge
 

Answer:cannot load google redirect virus fixes

Please run this: GMER - running with a random name and attach the log from GMER.
 

39 more replies
Relevance 60.68%

Hello,
As of yesterday whenever I try doing a google search I get redirected to this "central-search" website and nothing ends up loading. The same thing is now happening in IE 7 as well. I have tried looking through some fixes online but none have worked so far. Your help is greatly appreciated.
 

Answer:Google Redirect (Page Doesn't Load)

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME ) onto another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using ... Read more

1 more replies
Relevance 60.68%

Hello!

So, my google searches have been redirecting me lately. Upon trying to solve this problem, I've tried to install/run Malwarebytes Anti-Malware. However, this won't open (apparently because of the malware?). So here I am, posting logs! =)

DDS (Ver_09-03-16.01) - NTFSx86
Run by Employee at 22:36:08.95 on Thu 04/23/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.729 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS&#... Read more

Answer:Malwarebytes won't load, google redirect is occuring

Also, I wanted to add my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:51:41 PM, on 4/23/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program File... Read more

3 more replies
Relevance 59.86%

Hello, xp SP3 on a work system. IE8 and Firefox. overall functionality is ok except when you go to search google. the searches get redirected. Loaded Malewarebytes and it wouldn't load at all. Tried to install superantispyware it it threw an error and would not install.

Already disabled system restore and tried to load malwarebytes in safe mode...no good. ran symantec 10.0.0.359 and it didn't show anything. here's the requested DDS.txt:

Any help is appreciated. Thanks.....

********************************************************
DDS (Ver_09-06-26.01) - NTFSx86
Run by m******at 14:01:47.95 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1286 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\ccmsetup\ccmsetup.exe
C:\Program Files\Cisco Systems\VPN ... Read more

Answer:Google Searches redirect, anti-malware exe's don't load

I couldn't wait for a reply; reinstalled o/s so all is fine now.

2 more replies
Relevance 59.86%

I have some sort of virus infection, that may be more than one infection. I keep running malwarebytes, spybot search & destroy, and tried something called adwcleaner a couple times (including in safe mode), but they're not really finding anything.
 
The first symptom I noticed was that I was getting random pop up ads redirecting to adultcameras (dot) info -- a type of site I *never* visit. A google search suggested that this was from malware that might have been installed with other software.
 
So, after malwarebytes and spybot proved ineffective, as did refreshing and resetting the browsers on my computer (firefox, internet explorer, and chrome) I tried uninstalling the only possibly suspect program I could find, called Mind Maple Lite, a free mind mapping program that I'd installed a couple weeks ago. For about half a day afterwards, the problem seemed to be gone. So I tried downloading a different free mind mapping program called Freeplane, and it seemed to be fine, but then...
 
All of a sudden, I am not able to load gmail or google at all. Chrome and Internet Explorer redirect to a message trying to get me to download some fake "Flash Player Pro." But my internet does seem to be working. I am able to load most other sites directly in firefox, but some sites give me a flash pop up message saying that I need to update my flash player -- this message prevents me from accessing that page and the only options are to close the tab or click 'ok' which takes m... Read more

Answer:Multiple possible infections, google & other sites redirect or don't load

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/568730 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 59.45%

i'm having increasing problems with my computer and am now sure i have some form of malware or viruses. i've had a constant popup where MSWord tries to install itself repeatedly, and i have to manually cancel multiple times when i start the computer. i was worried this was a virus, but when i searched about it i found this was related to windows installer. if i disable windows installer, it goes away.

however, for the past week i've started getting repeated popups saying that google update has encountered a problem and needs to close. i read on some forums that this was related to a google chrome installation. i don't remember if i've even installed google chrome-- but i can't find it on my computer to uninstall it. in the past few days i've started to be redirected to various ad sites when i search for things on google in firefox. i have avira antivirus, windows defender, have used windows malicious software removal tool, lavasoft adaware, and windows defender. all were coming up with no malicious software when scanned, but the problem persists. windows malicious software removal tool just finished a full scan and removed one infection, for an ad program it said would cause random popups, which i haven't had a problem with. i have tried repeatedly to install MBAM and hijack this, along with other tools. even after renaming, i had a lot of problems. MBAM would not open at first, then would partially install, then finally said it completed its installation, started to update... Read more

Answer:google update problem, google search redirect, can't install malware removal tools, stopzilla(?) reported infected by UACd,...

i might've misunderstood the DDS instructions on the tutorial on how to post about these things. i looked at a couple of other posts where people have posted their hijackthis logs. here's mine:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:57:42 PM, on 4/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.... Read more

5 more replies
Relevance 59.45%

Google redirects to unwanted sites and ads when I try to click on a link. Gmail will not fully load can only use html version and Google Chrome does not work, error message "application failed to initialize properly 0xc0000022"

I have ran rkill, malwarebytes, cclean, tdsskiller, A-squared, windows malicious software removal by microsoft. They do not detect the virus. Here are a couple of host that are redirecting google upon others meta7search 7search 7metasearch there were many other "suspicious host" that kept on popping up and were blocked blocked when I used the 3 day trial with A-squared.

Thank you in advance for the help.

Below is my DDS Log and I have attached the other two files per the guide.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 14:10:11.26 on Mon 02/14/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1394 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.... Read more

Answer:Google Redirect, Gmail won't fully load, Chrome won't initialize

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

12 more replies
Relevance 58.22%

DDS (Ver_10-10-21.02) - NTFSx86
Run by Admin at 21:32:05.09 on Wed 10/27/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15

============== Running Processes ===============
============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\hkmje5qd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - prefs.js: network.proxy.http - 219.93... Read more

Answer:Firefox - google links redirect, Chrome - failed to load website Error 105

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

3 more replies
Relevance 56.58%

Hi, having some issues with redirecting of google searches to pay ad sites and I'm not able to access antimalware sites or update ones I have, or even update windows. I have AVG installed, and had a few trojans taken care of recently, but maybe there's still something there. Any help would be appreciated.DDS LOG:DDS (Ver_10-03-17.01) - NTFSx86 Run by Darcy at 0:33:58.71 on 23/03/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.1470.790 [GMT -7:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\sys... Read more

Answer:Google redirect + Can't update

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 56.17%

So, it seems I have caught the infamous google redirect/windows update blocker, and any help would be greatly appreciated!I looked at some of the older posts on this, but so far I am having no luck. Here is my Hijack This log, so hopefully you will see something I have missed, and thanks for any help!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:05:32 PM, on 6/14/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lexmark 2600 Series\ezprint.exeC:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Ad... Read more

Answer:Google redirect/update blocker

I am having a hard time even locating this piece of malware. I have run Malwarebytes and found nothing. Online scans have found nothing. Several anti spyware scans have found nothing, but I still get my google searches redirected every time, and occasionally a new tab just randomly opens itself to the google page in fire fox.My DDS log is below. I cannot get GMER to finish scanning without freezing, so I do not have that to add yet.DDS (Ver_10-03-17.01) - NTFSx86 Run by Peter at 11:02:51.18 on Wed 06/16/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.1834 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lexmark 2600 Series\ezprint.exeC:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exeC:\Program Files\iTunes\iTu... Read more

4 more replies
Relevance 56.17%

Good Day. I've not had to seek your help for a few years, appreciated it then, hope you can help me out now. Similar problems as some of the other posts. McAfee cannot update, I cannot go to their site. IE & Google searches have misdirects. I last updated and ran McAfee on April 12 with nothing unusual showing up. I updated and ran Spybot S&D on the 25th with the usual cookies showing up and removed. I downloaded a stinger from the McAfee site (from another computer), ran it with no infections found. After remembering my password :-) and looking around I downloaded and ran MalwareBytes with the results below. Realized the update didn't work, updated manually and ran again. Nothing new showed up. Still having the issues. Home computer with Windows XP Home, Service Pack 3.

Thanks, Lakeworks

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

26/04/2009 10:30:04 AM
mbam-log-2009-04-26 (10-30-04).txt

Scan type: Quick Scan
Objects scanned: 116701
Time elapsed: 21 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT ... Read more

Answer:Google redirect/McAfee cannot update

Hi, maybe I didn't post properly, anyway I got a little frustrated and was able to get some help on another site but don't know how to close this one.

4 more replies
Relevance 56.17%

This looks like it's happening quite a bit here. The machine in question is an older HP Pavilion 735n, running Windows XP Home SP3. Automatic Windows update downloading is enabled and AFAIK the machine is up to date with those. I generally use the current Firefox rather than IE, both because of ActiveX concerns and because I was an old Netscape fan.

In addition to the software firewall that came with my CA AV, my home network is behind a Leviton firewall-router that NATs the internal PCs.

The symptoms I am having are:
Frequently (but not 100% of the time), when I click a Google search result I get taken somewhere else, generally to some sort of ad site. Reloading the page, or backing up and clicking the link again, usually takes me to the desired destination.
The CA Internet Security Suite (obtained for free through my ISP) taskbar program (cctray.exe) doesn't run automatically anymore, but if I browse to it in Explorer I can run it.
Attempting to run regedit, regedt32, or cmd.exe from icons or the Start-Run dialog causes Explorer to close and then restart itself. I was able to copy regedit to my desktop, rename it and run it from there, but did not see anything immediately ugly.
I saw the instructions in similar threads for a HijackThis log, so I ran that and it is below. I will note one thing: this is my own machine, the Juniper application listed is one that my company downloads and runs on it when I use it to connect to work. I've removed the direct re... Read more

Answer:Google redirect, CA AV doesn't update

9 more replies
Relevance 56.17%

good evening lifesaving smexy awesome forum people :]computer has various problems that come and go, these are current ones:Search results get redirected to spam, and popups come out of nowhereTrying to run Adaware causes computer to crash, only works in Safe ModeWindows Update doesn't work, and the site is blocked[I don't know if this is important, but when I tried opening Windows Update or Backup + Restore Center in safe mode, I got a bunch of error messages like these:C:\Windows\system32\1080theifz595.cpl is not designed to run on Windows or it contains an error, etc. with different names like 12z0spamb0tz45.cpl and not a virus/backdoorz/spyware/hacktool. Just throwin' it out there. ]other problems that have come and gone are Host Process has stopped working[as soon as you log on], Crashing every single five minutes, User Profile Service stopped working, and Windows Explorer SUPER slow/constantly crashing.Computer has been unstable for a week now... : [it seems today it decided to start crashing every five minutes again. here's the log ♥also, couldn't get gmer to run/finish after many attempts.DDS (Ver_10-11-10.01) - NTFSx86 MINIMAL Run by Nadine at 13:40:18.42 on Sat 11/20/2010Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\sy... Read more

Answer:Google Redirect, Update Problem...

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

37 more replies
Relevance 56.17%

Whenever I try to Update my computer it goes to Google.

My computer is XP and it is running at SP1

HERE is the DDS log


DDS (Ver_09-02-01.01) - NTFSx86
Run by Family at 11:23:57.75 on Sat 02/21/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.511.334 [GMT 11:00]


============== Running Processes ===============

E:\WINDOWS\system32\svchost -k rpcss
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
C:\Program Files\TP-LINK\TL-WN310G_350G_351Gv5.0_TL-WN360Gv1.0\TWCU.exe
E:\Program Files\Autorun Eater\oldmcdonald.exe
E:\WINDOWS\System32\RunDll32.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Autorun Eater\billy.exe
e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
e:\program files\mcafee.com\agent\mcdetect.exe
e:\PROGRA~1\mcafee.com\vso\mcshield.exe
e:\PROGRA~1\mcafee.com\vso\OasClnt.exe
e:\program files\mcafee.com\vso\mcvsshld.exe
e:\progra~1\mcafee.com\vso\mcvsescn.exe
e:\progra~1\mcafee.com\vso\mcvsftsn.exe
E:\Documents and Settings\Family\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://microsoft.com/
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - e:\progra~1\mcafee.com\vso\mcvsshl.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [MsnMsgr] &qu... Read more

Answer:Redirect To Google on Microsoft Update

Why wasn't this updated to sp2 a long time ago?

Please download MGADiag.exe to your desktop.

Double-click MGADiag.exe and click Continue in the bottom right of the window to run the tool.

When it's done, capture a screenshot of the finished scan, and post that.

In Windows a screenshot of the entire monitor, complete with taskbar, can be copied to the system clipboard by pressing the Print screen key (normally located in the top row on the right-hand side of the keyboard)..

You can then paste the clipboard into a program like MS Paint to save it as an image file or paste it directly into a document. Press the Print screen key
Click the "Start" button (normally located in the bottom left of your screen).
Click "Run" & type "mspaint" (without quotes) & click the "OK" button.
Wait while the application "Paint" opens. Once it is open, proceed to the next step.
Click the "Edit" menu and select "Paste".
Click the "File" menu and select "Save As...". A dialog box will appear.
In the "File name" field, enter a name of your choice.
Click the "Save as type" drop-down and select "JPEG (*.JPG;*.JPEG;*.JPE*;.JFIF)".
Click the "Save" button.

Attach it in your next reply, please.

To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, br... Read more

19 more replies
Relevance 56.17%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:08 PM, on 4/23/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E232979-2FB3-4F76-9B88-36EEC3669D19}: NameServer = 85.255.112.109,85.255.112.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{B90574F7-CB3D-4CFB-BE97-1767341A38B5}: NameServer = 85.255.112.109,85.255.112.192
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.109,85.255.112.192
O23 - Service: Ati HotKey Poller... Read more

Answer:update.micro google redirect/log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 55.76%

Original Post

http://www.bleepingcomputer.com/forums/topic461467.html/page__p__2771159#entry2771159

A few more notes:
Unable to enable firewall
Chrome didnt like DDS
I previously thought combofix was a no go, but after watching GMER try to do it's thing through saved game files (OOTP) that contained over a gig of material, I deleted those saved games. I didnt run combofix again FYI

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_30
Run by Kyle at 17:47:08 on 2012-07-19
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3582.2187 [GMT -7:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svcho... Read more

Answer:Unable to update vista, google won't load

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463055 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

46 more replies
Relevance 55.76%

I've been using Google Chrome because Edge doesn't work with all the companies I pay bills through. After today's update I can't load google except through Edge. Help!!

More replies
Relevance 55.35%

Hello.
 
Some days ago, a popup began to show up on my laptop on Google and Youtube.
 
I cannot search (most times) on Google's start page (I have to use the URL bar) and most times I cannot see videos on Youtube.
 
For some reason, Productforums (Google's) does not load up.
 
I am using Google Chrome and have tried updating Flash Player many times (not via the "google popup", but via adobe's site), and it did not get fixed.
 
 
Many thanks.

Answer:Google and Youtube "flash update" redirect

The popup redirects me to http://www.youtube.com.br/update/

3 more replies
Relevance 55.35%

Recently, I believe my computer had what is known as the "google redirect virus". When I would try to navigate Firefox or IE, I would be redirected to a go.google or google analytics website about 50% of the time. While I think I have gotten rid of the virus itself, there have been some issues with my computer that I believe are a result of the virus. I'd like to know if there's any way you can resolve my problems. Keep in mind, I'm not sure if it has anything to do with the redirect virus at all, but from my very limited knowledge, that seems to be where I think the problem(s) originated. They are as follows:

1) I cannot seem to get my Aero transparency to work. I'm not sure whether or not that's a result of needing a driver update or because of the google redirect virus that I had.

2) I also can't seem to get my computer to update via Windows 7 Automatic Update.

I'd love to hear any light you may be able to shed on my issue. It has been extremely frustrating to try & troubleshoot over the past few days, and a solution would be much appreciated

Thanks

Answer:Google Redirect Aero & Update Problems

I don't have Windows 7 so I can't help you out much but here's something I found about Aero Transparency in Windows 7:How to Fix Aero Transparency in Windows 7 - How-To Geek

1 more replies
Relevance 55.35%

Hello everyone. I'm using an HP Laptop with Windows XP. It is very old and I'm planning on upgrading, but for the time being I need it to work for the next few months. However, recently my computer's performance has plummeted to a near-unusable state.
Google searches are redirecting to a variety of sites. The ones I can remember include Happili, Scour, click.getanswers, and other hijack sites depending on the search material. Furthermore, minutes after Windows has started up, SVCHost starts using large amounts of CPU, and it gets worse the longer it runs, up to near 100% CPU usage. This taxes my computer to the point where it either lags to where it is practically frozen, I get a BSOD, or my system automatically shuts down due to overheating.

Ending the task with Task Manager does nothing; it starts again almost immediately. According to Process Explorer, the culprit is SVCHost netscvs. I have used several malware scanners including Malwarebytes and SuperAntiSpyware, but they have done nothing to solve the problems.

The malware also seems to have compromised my ability to use Windows Update. When using Automatic Updates, it seems to work, but in actuality I am downloading the same update every time. Updates also fail if I download them directly from Microsoft.com.

I am out of ideas as to what to do. Please help!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by admin at 21:13:53 on 2012-04-27
Mic... Read more

Answer:Google Redirect, Svchost using near 100% CPU, Update failures

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

19 more replies
Relevance 55.35%

Hello and thanks in advance!!

This is my daughters computer and a few weeks ago everything on the computer was hidden. I managed to get malwarebytes on loaded and it found several items. Right now the computer is at times redirecting on google and not allowing software to be updated. It also had a free version of antivirus loaded which I have deleted and trying to load norton on the computer. The malware will not allow it to be installed.

Attached is the DDS and gemr.

I have copied the text and attached the files.

Thanks again.

Dean
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_21
Run by mom at 19:05:19 on 2012-03-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1151.259 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe... Read more

Answer:Google Redirect & Unable to Update Software

Hello fujymo, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a r... Read more

11 more replies
Relevance 55.35%

Hello,

First of - thanks to whomever reviews this and offers their help, it is greatly appreciated.
Whenever I search in google the results always first redirect to an advertisement, and there has been a substantial increase in popups and advertisements on my computer. I am concerned that I may have a possible infection. My first reaction was to do a full system scan with norton IS 2009, but it abrubtly finished it's scan after having scanned only 8,781 files where it's previous system scan had a total of 384,071 items scanned. When I try to update my virus defnitions norton cannot connect to its server and closes.

Thank you very much for your help everyone.

below is the dds report:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 20:14:34.66 on 11/03/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.3061.1947 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\... Read more

Answer:possible infection: google redirect to ads; norton cannot update

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

3 more replies
Relevance 55.35%

I'm getting redirected from search engines to incorrect sites....I?ve scanned with many anti-malware, spyware, antivirus programs but they do not find anything. Also my spybot will not update "Error retrieving update info file" been trying for the last couple of weeks now but to no avail.....This pc is part of a network where another pc has all the same symptoms as this one. If/when this one is fixed we will remove it from the network and then fix ( with your help please)or would it be better to remove it asap.

Please tell me what logs you need.... (GMER still scanning now after about 90 mins.....)

Thanks
Billy

Answer:Google/Yahoo Redirect + Spybot will not update

Hello,Please disconnect the computers from each other to keep them from infecting each other until they have all been cleaned.Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

2 more replies
Relevance 55.35%

heyo all, got a new one for you...

About a week ago I had a serious virus issue, rectified by a system restore and a set of MSE&Spybot scans. Everything was perfect-o until about a week ago, when I installed chrome (direct download from Google) and all of a sudden problems galore with IE and firefox. IE would open on its own to the msn homepage and audio (an ad on the page?) would start playing. Closing the window removed it from the taskbar but wouldn't stop the process, which would have to be terminated from the task manager to stop the audio.

Firefox started having issues displaying certain page formats (Facebook and woot in particular) and started the now intermittent google redirect problem.

Another spybot sweep and some fanagling with my hijack this scan fixed the IE issues and the firefox formating problems but the redirect remained.

-Current Symptoms: google redirect, throws me to a handful of different .us sites, hitting back 3x gets me to the site i wanted. google searches also take an awkwardly long time to process.

-Catalyst Control Center now crashes every time I startup my computer, but I'm unable to reinstall it as the AMD downloader can't connect.

-Hijack This throws an error during the scan process "For some reason your system denied write access to the Hosts file...". I've tried both the installer and the executable, but as this seems to only be an issue for removing items i've been ignoring it.

MSE, MBAW, Spybot... Read more

Answer:Google redirect, program update issues.

6 more replies
Relevance 55.35%

Hallo!

Okay here's the deal, I've got a leeetle bit of info on what is going on with my computer and it's issues:

Very randomly when I do a google search, and click a result, I get redirected to some advert site instead. Annoying, but also concerning.
Well then I noticed that AVG had its lovely yellow ! so I check it out. Can't DL update. Crap. It's giving me the wonderful "access is forbidden" error. That was a new one on me, so I looked around online and found that I do in fact have a *something* on here.

Google redirects, access forbidden on AVG update, cant run CMD or Regedit, can't update Malwarebytes'

So I found the offending files. There are 7 of them! All "created" on the same date. The dreaded sqlsodbc.chm (and 4 copies with varied amounts of xxxxx's at the end) in my Windows32 folder, and also gnwaiwy.ifv and a copy with a long string of X's on it in the Windows folder. (Also the AUX registry entry in \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 which I deleted on accident. It pointed to the gnwaiwy.ifv file)
I have MalwareBytes', RegAlyzer, HJT, AVG Internet Security (30 day trial), AdAware Free Aniv. Edition, Spybot S&D, and lots of time but not a lot of patience

So, what's a person to do? Anyone out there who can help me?
Oh, also I'm on a pretty slow wireless connection, so my downloading abilities are a tad limited. I can run to the other com... Read more

Answer:Google redirect, can't update AVG, no CMD no Regedit, sqlsodbc.chm

I forgot to mention that I found the files only by sleuthing around. None of my security programs found them.
I tried that online service that will scan a file using multiple antivirus programs, and it only got a hit on one of the files, and only 6 programs identified it as a Trojan (Trojan.Win32.Small was one of them I think)

Also, when trying to go to the Mcafee site I get the "Method is forbidden" error, but I *can* go to Symantec's site as well as AVG and a couple of others.
Firefox has crashed on me twice since I have started trying to get this thing off of that computer.
I'm going right now to manually update AVG, but it isn't going to help really.
I just want to do it because it's supposed to be done lol.
 

2 more replies
Relevance 55.35%

Hello.
 
Some days ago, a popup began to show up on my laptop on Google and Youtube.
 
I cannot search (most times) on Google's start page (I have to use the URL bar) and most times I cannot see videos on Youtube.
 
For some reason, Productforums (Google's) does not load up.
 
I am using Google Chrome and have tried updating Flash Player many times (not via the "google popup", but via adobe's site), and it did not get fixed.
 
 
Many thanks.
 
The popup redirects me to http://www.youtube.com.br/update/

Answer:Google and Youtube "flash update" redirect

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

24 more replies
Relevance 55.35%

i am using vista, my browser is firefox, usually never have any problems. when opening up firefox, which would normally default to google, i am getting the message 'redirect loop' there i have to manually navigate to google. when trying to click on a website via google i am taken to an advert instead and have to click on it a second time. i cannot also update my security software... avg, ad aware, comodo firewall.

i am currently running full scans using avg and ad aware, i have also uninstalled any programs via ccleaner which i am unfamiliar with. my HJT log is as follow:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:17:12, on 01/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\... Read more

Answer:Google redirect and wont allow security update

CCleaner uninstall list if this helps also...

µTorrent
7-Zip 4.57
Ad-Aware Lavasoft
Adobe Flash Player 10 Plugin Adobe Systems Incorporated
Adobe Flash Player ActiveX Adobe Systems Incorporated
Adobe Reader 8.1.2 Adobe Systems Incorporated
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Mobile Device Support Apple Inc.
Apple Software Update Apple Inc.
AVG Free 8.0 AVG Technologies
Bonjour Apple Inc.
Browser Address Error Redirector Dell
CCleaner (remove only) Piriform
Cisco EAP-FAST Module Cisco Systems, Inc.
Cisco LEAP Module Cisco Systems, Inc.
Cisco PEAP Module Cisco Systems, Inc.
COMODO Firewall Pro COMODO
Compatibility Pack for the 2007 Office system Microsoft Corporation
Conexant HDA D330 MDC V.92 Modem
Dell Dock Dell
Dell Getting Started Guide Dell Inc.
Dell Support Center Dell
Dell Touchpad Alps Electric
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card Dell Inc.
Dell-eBay Dell
Digital Line Detect BVRP Software, Inc
DivX Codec DivX, Inc.
DivX Converter DivX, Inc.
DivX Player
DivX Web Player DivX,Inc.
FM Modifier 2.25 Jpee
Football Manager 2008 Sports Interactive
HijackThis 2.0.2 TrendMicro
Intel(R) Matrix Storage Manager
Internet From BT
iTunes Apple Inc.
Java(TM) 6 Update 5 Sun Microsystems, Inc.
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator Creative Technology Ltd.
Live! Cam Avatar v1.0 Creative Technology Ltd.
Medieval II Total War Demo SE SEGA
MetaFrame Presentation Server Web Client for Win32
Microsoft ... Read more

1 more replies
Relevance 55.35%

like many others here i seem to have the redirect virus from yahoo, google, etc. additionally, i am unable to make any updates to windows or malwarebytes. if i run malwarebytes it will usually scan to about 21,000 files and then goes to a blues screen, saying DRIVER IRQL NOT LESS OR EQUAL, upon restart everything appears to work normally but continues to redirect. when i attempt to update malwarebytes i get the 732 error message. i have followed the instructions to fix this from another thread but it did not work. i also have access to another uninfected computer and downloaded a "clean" version of malwarebytes, installed it to the infected computer but it will still not update and the computer goes to blue screen after scanning for several minutes. after examining another related thread i also looked into the device manager for a suspect file but going through control panel>system>hardware>device manager>view>show hidden devices. within that there is an exclamation mark in yellow next to the entry DS1410D. i disabled this, rebooted, and tried to update malwarebytes but it did nothing. i have only tried these things in an attempt to solve this problem on my own and save some time for all the helpful people here and not to circumvent the rules of this community. but it seems that i do not have the skills to do this. thanks so much and i hope to speak with someone soon.i use the following programs that might pertain to this issu... Read more

Answer:redirect from yahoo/google can't update or run malware

could anyone help me with this? i aplogize for bumping but i gotten no responses after 7days. thanks again.

28 more replies
Relevance 55.35%

Hello,

I am using Windows XP SP3 and when clicking on Google search it sends me to a different site the first time. After hitting the back button and then trying again, I can eventually get to the intended site. When I try to update my Trend Micro Antivirus, I get the message "An error prevented your security software from connecting with the internet. Make sure your internet connection works before trying again."

My DDS Log is as follows:

DDS (Ver_10-10-21.02) - NTFSx86
Run by Campbell Gray at 23:37:54.40 on Thu 10/28/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.808 [GMT -4:00]

AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\... Read more

Answer:Google Redirect Virus and Antivirus won't Update

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the ... Read more

10 more replies
Relevance 55.35%

Hello,

I came across a few posts here about clearing out the Google redirect virus, which I think my computer is currently suffering from... The occasional browser hijack, as well as a more and more common popup from "profile-update.com."

I ran a cleanup program, and anti-malware, which didn't detect anything. I then ran Combofix, and I have the log here... Wasn't sure if Combofix actually eliminates anything, in itself; I assume it doesn't. So I wanted to post the log and see if anyone can help me. Thanks!

(ps. I know you usually recommend not using uTorrent... However, I've done fine until now, I usually know how to identify problems, and I understand you're probably obligated to mention it, but I'm sure you understand... Heheh).

ComboFix 11-04-12.01 - Owner 04/12/2011 17:35:48.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.1194 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\doodypants.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\Local Settings\Application Data\{6C210670-23EF-43CA-9D9A-F82D7A3F2881}
c:\documents and settings\Owner\Local Settings\Application Data\{... Read more

Answer:Google Redirect "Profile-Update" Virus?

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

3 more replies
Relevance 55.35%

Okay I am running windows (Vista Home Prem oem act acer incorporated) On my acer Aspire M5640. I am having problems running ie and windows update! I ran maleware bytes untill nothing was found! also ran cc cleaner, Norton 2008 is installed and up to date its the trial that came with the computer. I have reformated drive D nothing is on it! I scanned everything in c drive found nothing that looked like maleware or spyware, but im no good with windows vista! I do not have the recovery disk with this computer I think I can get one from Acer if one is needed. However I did run the recovery with alt and f12 I think it was f12 anyway I still have the same problems even after three reinstalls of vista home useing the Alt F12 method. If I were to reformat drive C i would lose the ability to recover vista Yes or No please let me know that would be easier in my book but It's probably not that simple. I hope this is enough info for u to help fix my problem! Thanks

DDS (Ver_10-12-12.02) - NTFSx86
Run by Nation Family Pc at 1:49:52.79 on Sat 02/26/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2815.1923 [GMT -6:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C... Read more

Answer:vista update failure\Google redirect

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

32 more replies
Relevance 54.94%

Hello,
I want to start by saying thanks for your time in looking over my problem, you guys are awesome. I am having a problem with my computer automatically redirecting me to different search engines as well as slowed performance and problems getting Firefox to start up initially and Internet Explorer will not come up at all. Symantec Antivirus runs pretty regularly but I noticed after I started having problems that the last autoupdate was in October and when I tried to run liveupdate it said LU1803: LiveUpdate failed while getting your updates. I also have Super anti-spyware and it is not finding anything. I hope this is enough information to begin with. Here is the DDS results and the GMER log.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 21:21:20.46 on Mon 03/21/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1085 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:... Read more

Answer:Google Redirect, Symantec Auto-update blocked

Good evening. The golden rule with anti-virus programs is that you have only one running in real-time at any one time, so you need to pick one and uninstall the other before we continue.As the tool that we, or more accurately you, are going to use doesn't get on with AVG very well, this reduces the choice that you have. If Norton is still able to update - your subscription hasn't elapsed - then I suggest that you remove AVG, at least for now. If Norton is out of date, then I suggest that you download a copy of the AVG installer, available here, and then uninstall both programs.Whichever way you choose to go, you want to download the ComboFix executable, as per the instructions below, BEFORE you disconnect from the internet and uninstall one or both of your anti-virus programs. Run CF and then, if necessary if you have uninstalled both anti-virus programs, install AVG and then update it once you get back online - you don't want to be connected to the internet without any AV protection.Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in c... Read more

13 more replies
Relevance 54.94%

(I read the "Before You Post About A Problem" post at the top of the forum - I hope I've included all relevant information)

OS: Windows XP, service pack 3 installed

Browser: Firefox 3.0.10

Problems:

1. Starting a few weeks ago, when I click on a link from a Google search, I am redirected to websites for various health products or security/anti-virus programs. I can usually back out of this re-directed site and eventually get to the site I originally wanted.

2. I cannot update my AVG anti-virus. I get messages that I either "cannot connect" or that I am "forbidden from the server"

3. Firefox crashes randomly and relatively frequently (I have never had this happen before I started having problems with the browser redirects)

Attempted solutions:

1. I installed "NoScript" in Firefox, which blocks Java scripts (?? I think this is the proper terminology) on websites. This worked for a few weeks to correct the google redirect problem, but now I am back to being redirected.

2. I installed and/or updated Malwarebytes, SuperAntiSpyware, SpyBot Search and Destroy, and AdAware. Despite full system scans, none of them found a problem. (Nor did my AVG, though again I cannot download updates for this.) Also, I recently received messages that Malwarebytes and Spybot are corrupted.

3. I installed and ran the Microsoft malware detector called "Windows kb890830 v. 2.9". It found nothing.

4. For the past couple of y... Read more

Answer:Google redirect/can't update AVG/Firefox crashing - looking for help in fixing this (m)

Be sure the Teatimer function in Spybot S&D is disabled and try this scan------------------------------Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)Now put a check next to Com... Read more

8 more replies
Relevance 54.94%

Hi, I had a recycler problem, that I couldn't access my main harddrive, this has now been fixed by Autorun Eater.
I have since installed and run the latest AVG which has also removed a Trojan from the recycler: SHeur2.PEB. And another two of those from other files.

Then I downloaded malwarebytes, but not from their website, as I could not access it, page not found etc, I'm also having problems with the avg/google toolbar btw. I don't want it, lol.
Anyway, when I tried to update malwarebytes it shows me error 273, no connection to the internet.
I have the windows firewall turned off, as it did not allow avg to update either.
I have system restore turned off right now.

I need to update malwarebytes and fix the redirect problem with my firefox browser.
Which has been a problem for a while, I always need to click google links at least twice not to get redirected to totally unrelated pages.
Here is my HJT Logfile, done after the last avg scan.
Please HELP!!

Thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:23, on 09.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Programme\Java\jre6\bin\jq... Read more

Answer:Malwarebytes Update fails & google redirect probs

Hi again, even though I could not update malwarebytes, I figured it wouldn't hurt to do a scan...

This is the result
Malwarebytes' Anti-Malware 1.38
Datenbank Version: 2297
Windows 5.1.2600 Service Pack 3

09.07.2009 12:34:02
mbam-log-2009-07-09 (12-34-02).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 94870
Laufzeit: 3 minute(s), 0 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 6
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44f702a3-34e2-491d-9005-c8fbee82fbae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255... Read more

2 more replies
Relevance 54.94%

Hi everyone.
OK so a few weeks ago i fended off some rogue antivirus malware (one of those 'Windows XP repair' things) but I'm not sure how successful I was as it turns out my computer still has a whole host of problems.

Here are my symptoms:
I have the Google redirect virus (i.e. all results are being redirected to other websites).
On my Task manager processes there is always an 'iexplore.exe' which uses a lot of memory and, until very recently, played music/advertisements randomly.
Occasional bursts of pop-ups.
Automatic updates for windows are turned off. When I go into System properties on the Control panel to turn them on, it tells me that they are turned on which is clearly a lie.
tdsskiller.exe (which I downloaded after recommendation) doesn't run.
Start-up is slow. AVG loads immediately but it is often a couple of minutes before my other icons appear.
The blue screen of death appears occasionally.
My virus protection is AVG Free. I do however also have Avira Antivir installed as well as Malwarebytes' Anti-Malware which, although they for some reason have no subfolders on the all programs list and Mbam gives me 'error code 2' on pc start-up, I have used to try and solve these issues.
After these scans stopped finding things and I still had problems, I realised I needed help...

Any help with any of these symptoms would be greatly appreciated, thanks in advance.
(Will you need my logs?)

Answer:Google redirect/iexplore.exe/automatic update problems

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post the logs in your next reply for my review.

19 more replies
Relevance 54.94%

Hello,I am having very similar issues that are shown in this thread: http://www.bleepingcomputer.com/forums/topic379129.htmlI am running Windows XP and I have Symantec, MBAM, and Spybot installed on my computer. The way my computer became infected was strange: I was on some forums, then I shut down my computer for a while and opened it back up. When the computer booted, I think there was a notice in my tray telling me my computer was infected. The icon looked like the yellow shield, with the exclamation point in the center, that Windows has when it alerts you to download updates. I haven't opened any programs, and all of a sudden I started receiving tons of pop-ups about my computer being infected, to install programs, etc. The computer automatically connects to a wireless router when it loads. I did not do a system restore previous so I wasn't able to go back to a previous saved point. I ran all of the above programs, and the first few times they found some stuff I got rid of. But every few days, I would update all the files and rescan my computer and more things would pop up, trojan.agent and backdoor.ircbot being some examples. When I try to get rid of them, MBAM tells me it cannot do so. When I run Spybot, it tells me that windows security center is disabled (Microsoft.WindowsSecurityCenter_diabled). Once I tried to auto-enable it, but as soon as it is enabled it disables itself again. Google continuously redirects me, and I am not sure what else is messing with t... Read more

Answer:Google Redirect, XP doesn't update, Security disabled

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

24 more replies
Relevance 54.94%

I'm getting redirected from search engines to incorrect sites....I?ve scanned with many anti-malware, spyware, antivirus programs but they do not find anything. Also my spybot will not update "Error retrieving update info file" been trying for the last couple of weeks now but to no avail......Ark.txt, Attach.txt and Dss logs attached.Thanks in advanceBilly

Answer:Google/Yahoo redirect and spybot unable to update

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

24 more replies
Relevance 54.94%

EDIT: I can't include my GMER log, because whenever I launch it after a littl ebit of scanning, It blue screens me with error code 0x000000F4Alright so about a week back I got a virus that started hijacking my browser, and recommending me false virus removals, preventing me from updating (It gives me a 80072EFE error code), and whenever I try to boot Firefox either 3.6 or 4.0 Beta. I scanned with AVG, removed some infections. It still persisted. I scanned with Malware Bytes and Ad-Aware, removed some of the infections, and I stopped getting the fake virus removals, however the other issues still persist. I also decided to check how I'm being redirected, hoping that it's a local file and I can just delete it, so I decided to wait to be redirected and then once I get redirected to the page, hit back and then stop, and then check the source code.Source Code of Redirect Page<html><head>&lt;script type="text/javascript">function f(){var url="hxxp://nnkclwv.com/eZU37A1x7h7m7LO71039a4682d853081954b18174529b45c18h";try{var x=document.getElementById("_a");x.href=url;x.click()}catch(e){try{var x=document.getElementById("_f");x.action=url;x.submit()}catch(e){}}}</script></head><body onload="f()"><a id="_a"></a><form id="_f" method="get"></form></body></html>The only thing that changes from redirect to redirect, are the chara... Read more

Answer:Google Redirect, Can't Update, and FireFox crashes on start up

Please close my topic here. I'm going to try Tech Support Forums, since their average response time is within the day. I understand you guys have alot of requests to go through, and if things don't work out for me, I'll come back later when there's less unanswered topics.

2 more replies