Computer Support Forum

Google redirects; Unable to access McAfee website, download antivirus updates

Question: Google redirects; Unable to access McAfee website, download antivirus updates

Hello,I received a popup McAfee security center message to reinstall McAfee, which is inlcuded with my Comcast subscription. I am unable to access the McAfee website through Google using IE. I also tried AVG and had a problem accessing the server to update the software. Below is the HJT log; attached are the logs created by DDS. Any help would be greatly appreciated!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:22:25 AM, on 5/17/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\MBK\MBackMonitor.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\zHotkey.exeC:\WINDOWS\system32\devldr32.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\McAfee\MBK\McAfeeDataBackup.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Live\Mail\wlmail.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dllO3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO4 - HKLM\..\Run: [CHotkey] zHotkey.exeO4 - HKLM\..\Run: [ShowWnd] ShowWnd.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exeO4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exeO4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm486YYUSO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlO9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cabO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downlo..._2/axofupld.cabO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cabO16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cabO16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocxO16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} (Easy Photo Uploader) - http://preview.jmattes.photosite.com/~site...oadBox_live.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dllO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exeO23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS--End of file - 11416 bytes

Relevance 100%
Preferred Solution: Google redirects; Unable to access McAfee website, download antivirus updates

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Google redirects; Unable to access McAfee website, download antivirus updates

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

2 more replies
Relevance 85.69%

Hi,

I have purchased Dell Inspiron 1525 one year back.It was all fine till one year but now I am unable to download and install any updates from microsoft. I am unable to open hxxp://download.microsoft.com or hxxp://download.mcafee.com.
My Mcafee is unable to search for any malware.It shows -detection signature
file is more than 30 days old.
My computer is connected to a router which in turn is connected to a modem.
there are totally four computer on this network.

Please help me out.

I have copied the contents of DDS.txt as requested.
Please forgive me if I am wrong somewhere. I am new to this forum.
Thanks a lot.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Charu at 0:38:35.22 on 21-08-2009
Internet Explorer: 7.0.6000.16851
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.91.1033.18.3061.1477 [GMT 5.5:30]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System3... Read more

More replies
Relevance 83.23%

Hi there , desperately need some assistance. I think I have the malware "zlob"or other. I have tried a few things posted on this sites forums and others. My computer seems to open apps very slow, Unable to update Adaware ,ran spybot search and destroy. Also unable to do a system restore. I've Included a Hijack this log .Any help would greatly be appreciated

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:49, on 12/28/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\AOL\1189806489\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe
C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program F... Read more

More replies
Relevance 82.41%

any time i go into google and try and search for a way to fix my problem i get redirected to nothing sites...also i have read many other threads and tried to download/install other programs that may help and i can usually get the installer to work by changing the name but once installed they all just crash when i open them except for hijackthis....any help would be greatly appreciated since i am only home for a week from school to fix this

here is a hijackthis log

also i forgot to add i use nod32 but i cannot get the update to work and when i scan it says its clean but i believe that is only cause the av updates i have are from like 2007 since it wont update
 

Answer:google redirects cant access antivirus pages

i managed to get my internet working by renaming combofix. i ran that it took care of some problems so i was able to update and run nod32 but i would really like someone with more experience to take a look at what i have now....if you need more info just tell me what i need to do to get it to you...any help would be GREATLY appreciated since i have till next weekend to fix this since no one in my family knows how to even use a computer and i will be heading back to school

edit: about 2 hours later i ran superantispyware and it has found 18 threats and its not done i will post what happens tomorrow seeing as it is not done i am drunk and i ahve to sleep......please help

and i understand it takes time and effort so thanks for any help at all
 

1 more replies
Relevance 82%

I am infected by a Trojan/Virus that prevents me from updating my antivirus software as well as redirects any clicked links from a Google search. I've run Ad-Aware and it removed a trojan but apparently did not completely fix the problem. I have run online scans (Kaspersky and Panda) but the scan either didn't finish or my computer rebooted when the infections were trying to be removed. I've installed MalwareBytes but it will not execute. I've pasted the dds.txt log below and attached the attach.txt and hijackthis.txt logs.

I appreciate any help that can be given.

Thanks,
Brian

DDS (Ver_09-05-14.01) - NTFSx86
Run by brian at 20:38:36.45 on Wed 05/13/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3069.1563 [GMT -4:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalS... Read more

Answer:Infected with an unknown trojan preventing updates to antivirus and causing google redirects

Just bumping this up. I'm still interested in getting some help if anyone is available.

I appreciate your time. Thanks.
Brian

4 more replies
Relevance 82%

I've been having a few issues I suspect are caused by malware/spyware. I initially ran Malwarebytes and it did in fact discover about 6 hits. These were all removed. I removed Mcafee as a resort then followed by their uninstaller seperate program. I also ran the same program from Norton as I previously had Norton.

My issue is that I cannot update Windows Update, install mcafee again as is will not connect to download.mcafee.com, incapable of downloading anything from a "Microsoft site" as such. It appears the Malware has blocked access to these sites.

I have checked my hosts file, it is clear and only lists 127.0.0.1 as it should.

I have pasted below the Hijack this log file in the hope thatt someone may be able to help and point me in the right direction before I do a clean install from scratch which I would prefer to avoid.

Cheers
Nich

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:47 AM, on 20/03/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD... Read more

More replies
Relevance 81.59%

Recently I noticed my laptop slowing down.

-I attempted to use my antivirus (ESET NOD32 Version 4) and got a message along the lines of "Cannot communicate with kernel."

-I then tried to use Malwarebytes and Superantispyware. Both worked at first but when I tried to remove what they found, the windows would immediately shut. After that happened once in each program I was unable to open the program again. Instead I was told that "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

-Also, anytime I click on a link in Google or Bing I'm redirected to some random site.

-In addition to that, I started to get pop-ups every time I started Internet Explorer.

-Internet Explorer would crash and "not respond."

-So of course I tried to bring up my taskmanager only to find that I couldn't! It refuses to open by keyboard shortcut or through the run command.

After that, I came here to ask for help.
I followed the preparation guide.
-I downloaded the DDS Tool but it did not generate a log. Instead there was a long line of "#########" across the bottom line of the DDS Tool's screen.

I moved on as the guide said but ran into another problem.
-I downloaded the GMER and followed the directions but as soon as it was done scanning the window closed.

Therefore I have no logs to show you.

Any and all help is appreciated.

Answer:Google/Bing Redirects & Cannot Access Antivirus Software

Welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OTL from... Read more

32 more replies
Relevance 81.59%

Hi I am unable to access any antivirus website from my computer. I ran an sdfix.exe on my computer. Here is the Report which it generated.Even after doing this I am unable to access any antivirus website. Also I have zonealarm installed on my machine with a trial version of QuickHeal antivirus software.Please let me know how I can solve this issue. SDFix: Version 1.240 Run by Shardul on Sun 02/08/2009 at 12:24 PMMicrosoft Windows XP [Version 5.1.2600]Running From: C:\SDFixChecking Services :Restoring Default Security ValuesRestoring Default Hosts FileRebootingChecking Files : Trojan Files Found:C:\DOCUME~1\Shardul\LOCALS~1\Temp\TMP2.tmp - DeletedC:\DOCUME~1\Shardul\LOCALS~1\Temp\TMP9.tmp - DeletedRemoving Temp FilesADS Check : Final Check :catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-08 12:35:30Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ...scanning hidden services & system hive ...[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zcvzxvwyy]"DisplayName"="Network Security""Type"=dword:00000020"Start"=dword:00000002"ErrorControl"=dword:00000000"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs""ObjectName"="LocalSystem""Description"="Enables event l... Read more

Answer:Unable to access antivirus website from my computer

The random named files are usually a bad sign, google only returns this thread and the one you started at http://www.computing.net/answers/security/...ites/24673.htmlIt's considered bad manners to ask for help in 2 forums as resources get wasted, I will try to help you since you haven't received an answer there yet.We might try one other program since you have already run SDFix, which I would normally save for the last one to use in this forum.Please download Malwarebytes Anti-Malware (v1.33) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rul... Read more

9 more replies
Relevance 81.18%

First of all, let me say thank you! Honestly, any help at all that you provide will make a huge difference.

Essentially, I think that I very stupidly downloaded a false anti-spyware tool... winguard I think it was called. Now it is as if there is a proxy that is blocking access to anti-virus/anti-spyware upgrades (I even tried to download mbam as I saw in another topic and I wasn't able to).

Anyhow, due to the fact that I am essentially computer illiterate, I don't know what the virus could be. I'm sorry to not give you more information, but I look forward to hearing from you!

Thanks again!

DDS (Ver_09-05-14.01) - NTFSx86
Run by Mark at 21:46:44.13 on 25/05/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.2037.1063 [GMT -4:00]

AV: ZoneAlarm Anti-virus Antivirus *On-access scanning enabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ZoneAlarm Anti-virus Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k Local... Read more

Answer:unable to download antivirus/antispyware updates

Hello mkimmich,

If you still need help, then post fresh DDS logs.

2 more replies
Relevance 81.18%

My computer was infected with something about a month ago. Ran combo fix and was then able to do updates and virus software downloads for the past month but once again my computer is running very sluggishly and can no longer do the about named things. I have a combo fix log. Any help would be appreciated.

Answer:Unable to do windows updates or download antivirus

Hello please note the Blue text atop this forum.You will need to run HJT/DDS.Please follow this guide. ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

1 more replies
Relevance 80.77%

I can't access Mcfee download centre (error 102 connection refused) and also get redirected from google searches in ie8 to seemingly random sites .Browser works ok if type in web address. Google searches also seem ok in Chrome. HELP please.
 

Answer:google redirect in ie8/windows7 also cant access mcafee download centre

16 more replies
Relevance 80.77%

I admin the local newspapers website and got a phone call from a user who said that when they tried to access our site from google they got a popup saying their computer was infected...basically there was a dns redirect in place that (htaccess) tried to get end users to install antivirus 2009.the tech guy at my isp was very much aware of this, saw the problem right away and deleted it from our servers and sent me the following emaill re: the problem:____________________________________________________________________________Thank you for calling. Regarding the issue that you called in about, please review the following information.Basically, this rogue anti-virus software installs malware on your computer that then sends your sensitive data back to a source. This source then hacks your account and installs htaccess files that redirect to other sites for the download of this same rogue anti-virus software. Information on how this virus originated on the web can be found at the following link:http://www.techpavan.com/2008/07/15/google...-consider-them/Or if you are using a MAC, at the following address:http://www.dslreports.com/forum/r21346127-...09-on-a-MACBOOKThis hack that you are referring to is becoming more prevalent across the internet. As far as our security analyst can tell, all of these hacks are being conducted via malware that has gained access to your ftp login information. You will need to follow the following steps to protect your domains/account in the future. G... Read more

Answer:ftp access compromised - google search redirects to antivirus 2009

here is the results of the full scan:
_________________________________________
Malwarebytes' Anti-Malware 1.32
Database version: 1643
Windows 5.1.2600 Service Pack 3

1/11/2009 3:38:42 PM
mbam-log-2009-01-11 (15-38-42).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 182932
Time elapsed: 1 hour(s), 5 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_________________________________________
just for grins I did a scan with kaspersky online (and with avast, my pc's normal antivirus software)
kaspersky came up with this:
_________________________________________
Sunday, January 11, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, January 11, 2009 17:36:27
Records in database: 1603648


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan are... Read more

8 more replies
Relevance 80.36%

I have two computers running Windows XP SP2 [one is Home edition, this one is Media Center Edition]. Anyways, somehow my father has gotten the same virus/malware onto both computers. I can't download any files from anywhere [my uninfected vista PC was able to download everything I tested], and I can't run any online virus scans because they require downloading components. Ironically, both computers have Symantec Antivirus 9 Corporate [I got it free from school]. Both of them won't update. I had to do a manual virus def update and still came up with nothing. I tried spybot too, and it found some stuff but
the problem is still there.

My friend advised me to try ComboFix on this PC, but with no luck. In fact, System Restore is broken too. It says 'System Restore could not restore to your selected date," blah blah blah. Because Combofix would NEVER complete, my system clock also says the time in 24h format instead of 12h format and won't change in the control panel.

Here's my DSS log:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-09 20:16:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-09 20:16:46
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal
... Read more

Answer:XP Computer unable to download anything, including Antivirus Updates

bump. I know it's probably been pretty busy but I hadn't heard back in nearly a week now. thanks.

12 more replies
Relevance 80.36%

Hi

I think I was infected with the virtrigger spyware/malware. I believe I was able to get rid of it.

However, I am unable to run the Malwarebytes program that I saved on my usb even after changing the file name. Tried to run it in Safe mode and Normal mode but after selecting Malwarebytes, it did not do anything.

I'm stuck on what to do next. Please see my HJT log. Any help is APPRECIATED!!!

Answer:unable to download/run antispyware/malware program, google redirects, HJT log posted

Hi, babes_176 Welcome.Go to the Control Panel. Click on System. Select the Hardware tab, then the Device Manager. Select View from the menu, then "Show Hidden Devices". Expand the Non Plug And Play Devices and see if there is a device with a name starting with TDSS. If you do, post the exact name on your next reply.

14 more replies
Relevance 79.95%

Whenever I try to go to a link from Google, I get redirects and on the bottom of the browser where it says what it is loading, "5dayoftheweek.com" always comes up and brings me somewhere else. Also, whenever I try running a anti-virus software for the first time, such as Malwarebytes, it closes itself just as the scan starts and the icon turns into the generic "exe" icon. All subsequent trials of running the program lead to a dialog box that states "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." As you will see below (or not see for that matter), this happened when trying to create the GMER log, so that is why it is not attached to this post. Any help would be greatly appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Run by Gunjan at 21:15:03 on 2011-08-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.198 [GMT -4:00]
.
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
FW: Trend Micro Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\System32\wltrysvc.exe
C:\windows\System32\bcmwltry.exe
C:\windows\Explorer.EXE
C:... Read more

Answer:Google Redirects, Antivirus Software Stops Working and Says "CANNOT ACCESS SPECIFIED PATH"

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\windows\2768340019
Press Create button and post the content of the Result.txt.

Important: Restart the computer. Download TDSSKiller.zip and extract TDSSKiller.exe to your desktopExecute TDSSKiller.exe by doubleclicking on it.Press Start Scan
If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"Then click Continue > Reboot now
Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txtPost that log, please.Please include the following in your next post:DummyCreator logTDSSKiller log

12 more replies
Relevance 79.54%

Hi,

I am new to this forum and I truly appreciate the knowledge that the members shared in the forum.
For almost 3 days I realized I could not perform live update for my anti virus software and also when I tried to access the website of any anti virus website, i.e. symantec.com, avg.com, avira.com. the internet will prompt me saying "failed to connect".
I tried to run spyboot, it would not run, because it can't access the updated files online.
Please help me....

Answer:Unable to access any antivirus website or performing live update

Are you able to burn a disk or download to a thumb drive from another computer?If yes, try running mbam:------------------------Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal proces... Read more

2 more replies
Relevance 79.54%

Hi, would like some help please.
PC is connected to WiFi, but IE will not work nor Firefox.
Used safe mode to create new account and iconfig/release /renew to create a gap to the internet and allow mcafee total prot to update...
Cannot turn on real time scanning (due to safe mode??)
Found early on adware:win32/offerboxbrowser and also IE page opening to adserving.com
Do not know how to find removal or threat history as friends PC, do not know what it is I am trying to fix.
Major issue, only have iPad and the one computer to work with. No method of downloading extra tools.
Help please.
Reason created new account and safe mode is that all internet - even the hijacked pages was not working.
Could ping external sites though
Windows Def shows bservice.exe, fst_es_100.exe, n/a.exe (three of them) and we'd.exe as start up items
N/a are: ndstray.exe, googleeulalauncher.exe and appintegrator.exe
Have Activeris icons in the account of the primary user.. Is this the key threat?

More replies
Relevance 79.13%

All my google searches are being redirected to ad sites and am unable to get updates for antivirus software. Also, just as often, a page comes up that states that it cannot be displayed or that the connection failed, try again. I cannot even get to this site (I am using another computer) for help. It is somehow being locked out of sites that may help clear up the problem.

any help would be greatly appreciated.

thanks

hijacklog below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:24 PM, on 2/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\... Read more

Answer:google redirect, unable to get antivirus updates or tech help, HELP

6 more replies
Relevance 78.72%

My OS is windows XP professional. I have Nortal antivirus( trial version) & Malware bytes installed.
My browser is directed to a website other than entered address.
My antivirus software,Malware bytes can't get updates -message I get is " please check if computer is connected to internet"
Also my firewall is turned off after every rebot.
Please help.

Answer:browser redirected to unintended site, Unable to download updates for antivirus

you a virus that i have come across before.

boot into safe mode (while booting press F8 like crazy)

go into the device manager (right click on my computer and go to manage.) once there go to device manager, click on view (up at the top) and click show hidden devices. On the right hand pane you should now see a section that says non-plug and play drivers. Hit the plus sign and look for the thing that says TDSserv.sys (might be minor spelling but you get the idea). Right click on it and disable it (dont uninstall it).

Reboot the computer into safe mode again and attempt to update malewarebytes, and this should fix your problem (but i would definately download another program superantispyware and run it also just to be safe.

hope this helps if not let me know.

4 more replies
Relevance 78.31%

DDS (Ver_09-03-16.01) - NTFSx86
Run by Kenny at 16:20:20.31 on Tue 05/05/2009
Internet Explorer: 6.0.2900.3300
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1573 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kenny\Local Settings\Temporary Internet Files\Content.IE5\6P89SBUD\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe&... Read more

Answer:Unable to access Windows Update site....redirects me to Google.com

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

26 more replies
Relevance 78.31%

Hi there,i have been unable to access certain malware removal sites (specifically safer-networking for spybot and also counterspy for updates). i have also been getting occasional random pop up ads well as google redirects. the random pop ups seem only to happen with ie, all the other problems happen with both mozilla and ie.i managed to download spybot and the offline updates from majorgeeks.com, i ran spybot, repaired all of the detetcted problems but i'm still having most of the same problems as before (i think the pop up ads MAY have stopped).here is a copy of my hijackthis logLogfile of Trend Micro HijackThis v2.0.4Scan saved at 07:43:42, on 31/05/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Gigabyte\EasySaver\ESSVR.EX... Read more

Answer:unable to access spybot site, popups, google redirects

sorry, i copy and pasted that log with word wrap enabled. here it is without word wrap.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 07:43:42, on 31/05/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Gigabyte\EasySaver\ESSVR.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\M-Audio USB Quattro\Install\QuatInst.exeC:\Program Files\O2\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Fil... Read more

16 more replies
Relevance 78.31%

Just in case this helps others...(though DIY without expert help is risky)

Read a similar case on your forum here, and I know I should have waited, but this has been bugging me for days... so I ran Combofix and it deleted:

- ahuie.exe
-3460593599.dat

from the system32/drivers folder

- and found an infected copy of pci.sys in the same folder

I also found various ACMru entries in the Registry under the Search Assistand keys and deleted those since some referred to sdra64.exe which Malwarebytes had picked up in a scan.

All seems to be working normally now.
 

More replies
Relevance 77.9%

Been having trouble with my browser opening to a google analytics page that does not open at all. Really noticed something wrong when Trend Micro Internet Security will not gain updates anymore. Gets the message that "an error prevented your security software from contacting Trend Micro". I tried reinstalling the entire program to no avail. Vista will not create restore points anymore and the backup program will not recognize drive C: any longer. I attempted to run Trend's Housecall which turned up an error as well stating that it is "unable to complete download. Please ensure you have an internet connection and try again. Error E:1082046195:0 Not sure what to do here. Following is the info requested from DDS.DDS (Ver_10-10-21.02) - NTFSx86 Run by New Computer at 9:14:15.02 on Sat 10/23/2010Internet Explorer: 8.0.6001.18975Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3070.1836 [GMT -6:00]SP: Trend Micro Internet Security *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\... Read more

Answer:Google analytics/antivirus can't access updates

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

23 more replies
Relevance 77.49%

Hi - would be very grateful of some help! Running XP Media Center Edition, Version 2002, SP3. Using IE7 primarily, but also Firefox 3. :In IE, although it doesnt happen all the time, Google often re-directs to various ad-sites, although the correct site can be reached by clicking Back. It will not let me access the McAfee website - giving a "HTTP 501 Not Implemented or HTTP 505 Version Not Supported" error. Firefox randomly crashes and re-starts every now and then and gives a blank page with "The specified method is not supported" for McAfee.McAfee Security Centre does not start up automatically any more on startup even though I havent changed any settings. When the program is opened from the desktop it states the detection signiture is out of date, however when I try to update, it appears to try before giving an update error and telling me to reinstall McAfee Internet Security (which I can't do because I cant access the website!).Having looked at several topics on here and other boards, I have tried doing the following scans with the respective results - all without any success:SUPERAntiSpyware, first scan:SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 04/21/2009 at 01:23 AMApplication Version : 4.26.1000Core Rules Database Version : 3854Trace Rules Database Version: 1806Scan type : Complete ScanTotal Scan Time : 01:29:29Memory items scanned : 674Memory threats detected : 0Registry items scanned : 7459Registr... Read more

Answer:Google redirections, McAfee update error and McAfee website blocked

Install RootRepealClick here - Official Rootrepeal Site, and download RootRepeal.zip. I recommend downloading to your desktop. Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides.Click RootRepeal.exe to open the scanner. Click the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check the following items: DriversFilesProcessesSSDTStealth ObjectsHidden ServicesClick OKScan your C Drive (Or your current system drive) and click OK. The scan will begin. This my take a moment, so please be patient. When the scan completes, click Save Report. Name the log RootRepeal.txt and save it to your Documents folder - (Default folder). Paste the log into your next reply.

6 more replies
Relevance 76.26%

I am unable to access some web pages and have changed settings turned off the firewall, done everything that i can think of. My antivirus says that there are no viruses or spyware.
Please advise if you have any sugesstions as what to do, I have spent 4 days on this now.
 

More replies
Relevance 73.8%

I'm not sure what's going on - I'm unable to update my current McAfee SecurityCenter package and believe that something is blocking me from updating it and accessing the website.

I've downloaded HijackThis and have run a log. I'd appreciate any help/direction on solving the problem...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:44 AM, on 5/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA... Read more

Answer:Not Able to Update McAfee or access McAfee website

okay, well, thanks for looking at the problem! looking at taking my laptop to Best Buy or something to get it checked out.
 

1 more replies
Relevance 72.57%

Hello,

I have Windows XP with Mcafee virus protection and Firewall. The virus software fails to update because it can not connect to the Mcafee site. I use windows explorer 8 and can access all sites except Mcafee. Do I have a virus or malware? Need help to remove. I contacted Mcafee and they had me download their Stinger tool, but that did not find any virus.

Thanks.

Answer:Mcafee Virus software update - unable to access Mcafee site

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The... Read more

5 more replies
Relevance 71.75%

Hello All,I am not able to update my Zone Alarm Internet security suite for some weeks now. I was directed here from the Zone Alarm Forum. Although I can browse through most of the websites, I am not allowed to access Zone Alarm update, Microsoft update. I also tried http://www.malwarebytes.org/mbam.php and also http://downloads.superantispyware.com/down...AntiSpyware.exe but was denied access both on IE and FirexFox.Further Filemon and RootkitRevealer do not work any on my machinePlease help.Thanks

Answer:Unable to access Anti-virus updates / Anti-spyware website

Thanks guys,
All problems solved Thanks to SuperAntiSpyware.

2 more replies
Relevance 70.93%

I've had problems with google search results redirecting to spam sites sometimes resulting in the bogus "your computer is infected pop-ups".

I've tried to run a McAfee scan but i get a message that an errorwas encountered and the scan cannot continue. I also tried Spyhunter and Malwarebytes Anti Malware but these terminate seconds into the scan and then the executable stops functioning. All this happens is safe mode as well.

I appreciate any help you can offer...

==========================================================

DDS (Ver_09-07-30.01) - NTFSx86
Run by JTMAHONEY at 20:28:47.82 on Wed 08/19/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.113 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hp\HP Soft... Read more

Answer:Google redirects/ McAfee not able to scan

Hello.

You have a nasty infection on board here.

Follow the instructions below please.

Backup Registry with ERUNT

This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.Please download erunt-setup.exe to your desktop.
Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-on...runt/erunt.txt

--

We will start with Combofix. If Combofix doesn't work let me know, and we may have to deal with this "manually" with some other tools. :)

--

Download and Run Combofix

Download ComboFix from this location:

Link 1

* IMPORTANT !!! Place it on your DesktopDisable your AntiVirus and AntiSpyware applications, They may otherwise interfere with ComboFix.
Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Usually via a right click on the System Tray icon and selecting "disable".
Refer... Read more

8 more replies
Relevance 70.52%

Hello, I am having a heck of a time getting rid of a virus/malware issue on a computer. Here is the HiJackThis! logfile.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:08:35 PM, on 2/9/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C: ... Read more

Answer:Antivirus.com virus followed by website redirects.

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

2 more replies
Relevance 70.11%

My computer is infected. When I use google or yahoo, it always redirects me when I click on a result from a search. (One thing of difference is that the search box is cut in half, which looks strange.) I've tried running Malaware, but for some reason, it won't start up. Same goes for Malware Sweeper, Spybot, and while Adaware ran detected what I think may be the problem, it wouldn't let me delete it, even though I could delete other problems that were detected. Also, if I type the URL for any site having to do with antivirus software or advice, it won't load it. Seems like these bastards have made escape routes airtight.

I apologize if I put the post in the wrong forum or if it was posted previously. I looked at other problems, and while they said to use certain software, it almost always won't start up. Could someone help?

Answer:Browser redirects, cannot access antivirus URLs or execute antivirus software.

Hello and welcome. Please try these and let me know.Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run. ***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.***If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

3 more replies
Relevance 70.11%

Dear Support Team,

My problems are similar to the ones described in this post

>>Can not access [COLOR=green ! important][COLOR=green ! important]Microsoft[/COLOR][/COLOR] or Anti Virus sites (In Progress<<
Link: http://forums.techguy.org/virus-other-malware-removal/995025-can-not-access-microsoft-anti-2.html
My computer got infected about a week ago, most security related websites are blocked, including ESET online scanner, but fortunately I can access your website.

After reading around similar cases so far I have run Malware Bytes scan, Combofix, TDSS Killer, Bootkit Remover, Spybot Search & Destroy, Superanti Spyware scans.

I had AVG virus scanner, but its resident shield was detecting EVERYTHING as a threat, therefore, I removed it (since it could not stop this malware infection in the first place, I wasn't too impressed with it anyway)

In the other post (link above) you suggested using MSE - but bcoz microsoft websites are blocked I am unable to download it.

I attach a HJT log to give you a starting point for your diagnosis. I would be grateful and happy to donate to your website, if you run such a system.

Thanks in advance.

Roger
Ps. In addition my computer won't start in safe mode ( - If i select safe mode, it laods a bunch of .sys files and gets stuck at one of them
 

Answer:Microsoft and Antivirus website's Blocked plus Redirects

16 more replies
Relevance 70.11%

Yeah. Every existing website (Even the websites i get redirected too!) Redirect me to a rogue antivirus. The most common website that redirects me is kongregate. And yet it only affects any admin user accounts. If i change the user account to a non admin one. It will never redirect me. I even ran a full scan. All it found was tracking cookies.

I need help here. The computer OS thats been infected is Windows vista basic SP2.

Answer:Every website redirects to a rogue antivirus for no reason.

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 68.88%

Laptop running Windows XP is acting weird. I cannot reinstall my McAfee software, I cannot update virus software, cannot access McAfee website, and I am being redirected to other sites. I cannot find the malware or virus doing this. Here is my HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:37 PM, on 4/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Progra... Read more

More replies
Relevance 68.88%

I am not that computer savvy so I hope I'm giving all the right information. I'm working on a dell inspiron 1721 which is running windows vista home version. I have Internet Explorer 7. I can go to all the websites I usually do except I can't access the McAfee website. I use McAfee as my computer protection. When I go to the site, a new window opens and then an IE window opens saying 'Internet Explorer has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available'. I tried going there in safe mode and I can access it in safe mode. A friend suggested I down load Foxfire and see if I can access the site and indeed I can through foxfire. But not through IE. I've scanned and cleaned up the computer but nothing shows up. I'm wondering if I have something that's keeping me from going to the McAfee site. I ran HiJackThis and here is the log. Thanks for your help. DBJoans

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:59 PM, on 3/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Com... Read more

Answer:can't access McAfee website

16 more replies
Relevance 68.88%

I am trying to update a free copy of spamkiller I got from a cover disk.For some reason I get a 404 error whenever trying to access the site. Also if I get it when clicking on this link, which is on the main uk siteclick hereAny ideas anyone, maybe my security isnt allowing me to progress.I have 128bit on my IE v6.0Cheers

Answer:Cant access McAfee website

Clicking your link worked ok for me. Try again, the site could have been suffering a temporary hiccup.

3 more replies
Relevance 68.47%

Hello,

I need a help since I have problem. When I open up Google, it always redirects me to hxxp://www.maliforex.tk/ I don't know why as I didnt go to weird places and didnt do anything unusual.

I have tried to scan the problem using Bitdefender, Malwarebytes, SuperAntiSpyware, Hitman Pro, but the problem remains exist.

Below is my dds log and also attachment:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Arie at 12:46:35 on 2011-09-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8040.5715 [GMT 7:00]
.
AV: Bitdefender Antivirus *Enabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Outdated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt... Read more

Answer:Google redirects to other website

Hello arieds and welcome,

You did just fine, thanks. :)

I'll need to see a log from another tool. Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. At this time, select No when prompted to download the Avast database.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

9 more replies
Relevance 68.47%

Hi.

I can't update my antivirus : BitDefender Free Edition v10.

I also can't enter windows xp in safe mode. An error msg will come out (like computer crash, in blue screen).

I also can't enter or scan online from any antivirus website.

Could this be virus?

Answer:Can't update antivirus, can't access any antivirus website, can't enter safe mode.

Hello it most likely is..I am moving this topic to the Am I Infected forum. Can you do these?You will need to Download and Run DDS which will create a Pseudo HJT Report as part of its log..If for some reason you cannot perform a step, move on to the next.Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help . Then go here Virus, Trojan, Spyware, and Malware Removal Logs ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

3 more replies
Relevance 68.47%

Hi there!

Maybe since I downloaded a file, "holdemindicator161_3019.exe (Trojan.FakeAlert)", as is reported by "Malwarebytes' Anti-Malware 1.33", I am no longer able to update my Anti-virus, AVG 8 Free.

I tried going to the Malwarebytes's site but the access was blocked, and while trying to solve my problem, I realized I couldn't access some anti-virus sites either.

I cannot install SpyBot, since it requires server access, and I could only access Malware's software by reinstalling it (it delivered me the error "vbaccelerator sgrid ii control runtime error '0' ").

Since some of the system files are infected, I don't think I should delete them, but I don't know how to heal them either.

I would appreciate your help.

Telmo
 

More replies
Relevance 68.06%

I have a laptop that was hijacked. I am not sure what the specific name of the hijacker was. I ran MalwareBytes and it cleared most of the issues but I found that McAfee Internet Security Real Time Scanning and Firewall are Off. They both will turn on for about 5 seconds then turn back off again. I tried to run the update of McAfee and it seems to download the files but will not install them, McAfee just hangs at 0% installed. If I try to run a manual scan, I get "An unexpected problem occurred during your scan" error. I installed and ran AVG Free 2013 and it found and cleaned Trojan Horse Cryptic.CKU. I rebooted and tried to update McAfee again, no go. I ran AVG in Safe Mode and kept the log if requested. I ran DDS and GMER. It was not until after I ran those that I removed AVG. I can run new scans if that is required. Any help would be great. I do not have access to Windows disks.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16635
Run by katie at 18:19:13 on 2013-07-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.787 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free... Read more

Answer:McAfee Will Download Updates But Not Install Them

******UPDATE****** McAfee is now working. I am able to update and am running a scan right now. All I did was reboot again. Please let me know if there is anything in the logs or if you would like me to rescan.

1 more replies
Relevance 68.06%

I'm infected with something that recently stopped me from getting updates from Mcafee. I tried reinstalling Mcafee and now it simply cannot connect to its servers. I also get redirected to random sites after clicking google search links. Other miscellaneous server connects do not seem to work either. For example I tried using the Trend Micro Housecall to scan my computer for viruses and it couldn't connect to the server with that either.It seemed to start when I got infected with antimalware doctor. I thought I got rid of it, but it popped up again. Please help me remove that and whatever else may be infecting. GMER had also picked up rootkit activity. =/ Thanks a ton!!!DDS (Ver_10-03-17.01) - NTFSx86 Run by Armand Mignot at 19:27:43.10 on Sun 04/25/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.252 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.ex... Read more

Answer:Infected - Can't download Mcafee updates as well

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

10 more replies
Relevance 68.06%

For the last few weeks I have not been able to access classic google on firefox. Setting my homepage to http://www.google.com results in a "404 Not Found" page with "nginx" at the bottom. When I attempted to google the issue (using Google SSL) through firefox, certain links would redirect me to the Google SSL homepage. When using internet explorer 64 bit, I can access google, but I am often redirected to Google in a random language. I have uninstalled firefox and all addons multiple times but it has had no effect. I've downloaded Antimalware bytes, avast, and AVG which resulted in the removal of some viruses, but I can only assume not all. I've been following this guide thusfar http://www.bleepingcomputer.com/forums/topic34773.html . When I installed gmer, I wasn't able to deselect certain options, as most were grayed out, but I still scanned my computer and uploaded the log. 'g.png' that I've uploaded shows what I mean. Any help would be greatly appreciated.

Answer:Google Redirects to Google SSL, Random Popups, Can't access classic google

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

13 more replies
Relevance 68.06%

The last 3 weeks i have been reading and researching to try to eliminate this ongoing annoying issue where GOOGLE redirects my searches to other search websites...
I have followed the strict instructions provided in the following thread
http://forums.techguy.org/virus-oth...00673-browser-mainly-google-redirects-me.html by dvk01 but not sure if my computer is affected with other little worms and viruses.
I have also performed avast asw scan but no infected files found as per other forum advise.

I would really appreciate if i can get someone to have a look at my logs belows and provide some permanent fixes

Below is the log from Combo fix:-

ComboFix 11-07-26.02 - John 26/07/2011 20:14:25.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.242 [GMT 10:00]
Running from: c:\documents and settings\John\Desktop\username123.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-12-05 23:35 . 2009-08-06 09:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-12-05 23:35 . 2009-08-06 09:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-12-04 16:48 . 2008-11-10 01:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-12-04 16:48 . 2006-10-26 09:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\... Read more

More replies
Relevance 68.06%

hi
when i open the google browers 3 windows open delta search funmood and ask.com
TIA
 

Answer:google redirects to delta website

We still need the log from running Hitman.

In the meantime:

Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Attach the logfile to your next next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

8 more replies
Relevance 68.06%

Hi, recently I got the rogue XP Security Tool 2010, ran by the file ave.exe, which had caused a good load of problems. Because I just found out about this forum today, due to desperation before, I did some myself, but following the exact guide here,
http://www.malwarehelp.org/ave-exe-a-multiple-rogues-in-one-trojan-fakerean-2010.html
which had been quite helpful of clearing off this virus. I will post the MBAM Log in Post 3. In MBAM, at the Quarantined tab, there's this rogue of Internet Security 2010, another malware I got in January, has been lurking. I pressed "Delete All" in the Quarantine tab of MBAM, it gets deleted, but when I switch to some other tab and switches back, it's there again... Anyway, during some Google searches, I sometimes get redirected to another website, and sometimes random unknown websites just pop-up out of nowhere. One of the example sites is like (registrydefender.com) something. It's obviously related to this rogueware. That's where I hope to receive help. Also, sometimes services.exe or svchost.exe of SYSTEM take up huge amount of CPU, causing the computer to slow down.

I have HiJackThis log from before following that guide above in removing ave.exe, and one after. I will post both.

Here is log 1, during which ave.exe was running, before I followed the steps of that guide from the link above:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:15, on 2010-4-4
Platform: Windows XP SP3 (WinNT 5.01.2600)
M... Read more

Answer:Random Website Pop-Up & Google Redirects

8 more replies
Relevance 68.06%

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 1730.57 on Mon 03/23/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.174 [GMT -4:00]

FW: McAfee Personal Firewall Plus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\P... Read more

Answer:google redirects me to unwanted website. Help please.

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

----... Read more

9 more replies
Relevance 68.06%

Recent issues with Google search redirects. If I click on a web link, I get redirected to another site - typically an index / content directory type site. It's maddening, and it's building momentum. The back button isn't functioning now - Where I would typically return to the search results page, I'm being redirected again. Now I have to re-click the browser to return to the results page. It usually takes 4-6 attempts to get me to the correct site.
Please help. Many thanks!

I just downloaded HJT and saved a log file (following).
I'm on Windows XP Pro using IE 8. I run PC Tools Spyware Dr. and Malware Byte - Anti Malware apps, and RegCure registry fixer.
I'm okay with fundamental fixes, but no expert.

Thanks again.

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:57 AM, on 11/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system3... Read more

More replies
Relevance 68.06%

VET antivirus has proved totally ineffective against this virus. It started when VET could no longer access its server to download updates. Then came redirects and all manner of problems with Google, such as when the browser is started, it tries to Google search the address that is set as my homepage, and ranges to redirects of unspecific searches (search results for Adobe Flash Player will NOT redirect, but results for Flash Player will).

This is on all four computers networked in our house. Even on my brother's, who recently formatted his computer and had it again by the time he installed his antivirus and tried to update it, before he even launched his web browser.

No antivirus, antimalware or other similar software seems to be capable of downloading updates, but Malware Bytes, without its update, detected eight trojans. Deleting them caused a lot of internet sites to return Not Found, until I restarted and everything seemed normal. Antivirus couls still not update, but the redirects ceased. For about five minutes. Another run of Malware Bytes found four trojans, fixing them had the same effect.

I also notice that when searching in Google, the status bar shows "connecting to www.ecata.com" and ends up at what appears to be Google. The Google toolbar also searches like this, but attempting to use anything other than a normal search (eg, image search, I'm Feeling Lucky) will return a normal search. Before ecata, it was smpt.com.

HijackThis log:

Logfi... Read more

Answer:Antivirus updates blocked and redirects.

16 more replies
Relevance 67.65%

i am being asked to check that javascript is installed

Answer:unable to install mcafee antivirus

have you uninstalled the previous AV properly?Some HELP in posting on Computing.net plus free progs and instructions 7 Medals

2 more replies
Relevance 67.65%

Yesterday night I went on a website, which was probably full of malware. Pop-ups began to show up and on the system tray, some XP Defender Pro program (malware I assume) said that I had viruses on my computer and I needed to download it. I disregarded it and went on google to look for a fix, in which there was one on this site. I used Method 2, (the following script) to remove it:[Version]
Signature="$Chicago$"
Provider=Myantispyware.com

[DefaultInstall]
DelReg=regsec
AddReg=regsec1

[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command

[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"I restarted the computer and the XP Defender Pro icon disappeared from the system tray. However, Norton Antivirus refuses to attempt to scan the computer for viruses and ZoneAlarm is stuck at initializing its UI. Mozilla Firefox also, on a few occasions, has miscellaneous pop-ups.Hopefully is this sufficient information to help!

Answer:Unable to virus scan & website redirects

Did you also run malwarebytes as is suggested

13 more replies
Relevance 67.65%

Here's my hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:02:29 PM, on 5/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\bgsvcgen.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\stsystra.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program... Read more

Answer:Can't access McAfee's website or update AVG or Avast

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 67.24%

Hi all, I have a bunch of problems with my computer right now. Every once and a while I will get a random pop-up. Also I can't download updates for Windows Defender, and I can't even download updates through Windows Updates. When I try and install McAfee it says "preparing to download information" and it just hangs there and then times out. I checked my hosts file and didn't see anything suspicious. Attached is my HJ log, any help would be greatly appreciated. Thank you!!

Answer:Can't install McAfee, can't download windows updates, etc.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

2 more replies
Relevance 67.24%

Hello, this is my first time visiting your site.I seem to have a problem, either malware or a virus. Its symptoms include redirects of my Google/Bing search results, System Shutdowns that indicate NT AUTHORITY/SYSTEM has caused an error in DCOM Process Server and disabling of my McAfee. I also cannot seem to boot into safe mode. My computer stalls after loading mup.sys and I get a blue screen error that reads 0000007E. It really seems to be debilitating my computer. Any help would be greatly appreciated. Thank you, thank you, thank you!Here are my logs:DDS (Ver_09-12-01.01) - NTFSx86 Run at 11:24:04.67 on Sat 02/06/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ============================= Pseudo HJT Report ===============uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/openmanageuInternet Settings,ProxyOverride = *.localBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: bho2gr Class: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\S... Read more

Answer:Virus causing Google redirects, NT Authority/System shutdown, disables McAfee

Please download TDSSKiller.zip and unzip it to your DesktopRun the TDSSKiller and wait until it finishes (should be just a few seconds or below a minute).. Then find the log at your %systemdrive% (drive that contains Windows)The log shall be named something like this one..(TDSSKiller.version_date_time_log) for example.. (TDSSKiller.2.1.1_22.12.2009_19.33.44_log)Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.During the download, rename Combofix to Combo-Fix as follows:It is important you rename Combofix during the download, but not after.**NOTE: If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".After that, double-click and run Combo-Fix. Let it finish its job and post the log hereIf ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

6 more replies
Relevance 67.24%

The first thing that I noticed was that google links were not taking me where they said they were (initially in Firefox, then also in IE), and then noticed that my McAfee Security Center was not running. When I tried to start it up and update it, it simply sat there. I tried to access their website, but it is completely blocked. I obviously have something messing with my system, but I have no idea where to start. I am including the HijackThis log below. Any suggestions?

Thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:51 PM, on 4/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\OPLIMIT\ocrawr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:... Read more

Answer:McAfee update/website blocked, google links redirected

bump
 

1 more replies
Relevance 67.24%

Google redirects me to the wrong website - a virus. McAffee installed but ineffective. Help needed, what do I do? Many thanks in advance :)

Answer:Google redirects me to the wrong website - a virus.

I would get rid of McAfee anyway, that virus program has not done so well against the new threats that are out there. Go to download.com and grab the program AVG For Free 2012, it will find the virus and kill it. Afterwards, I would download Spybot - Search and Destroy and run that and see what it finds. I hope this helps!

4 more replies
Relevance 67.24%

I've recently discovered that every time I search on Google and clicked on a link from its search results it always redirects me to www.goingonearth.com website. Is there a way to resolve this problem.

Eric

Answer:Google searches redirects me to GoingOnEarth's website

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

20 more replies
Relevance 67.24%

Hello,

I get redirected to random websites, asktofriends or happili when I click on certain google search results.

I ran Malwarebytes Anti-Malware and Superanti Spyware but they didn't solve the problem.

I get the following 2 RunDLL boxes whenever I start up my computer:
There was a problem starting C:\User\Acer\AppDAta\Local\winmapSnap\Smartcfg90.dll The specified module could not be found.

There was a problem starting C:\User\Acer\AppDAta\Local\Google\ElevatedDiagnostics\weiplhyp.dll The specified module could not be found.

I will be grateful for any assistance. Thank you.
 Attach.txt   13.58KB
  1 downloads

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Acer at 11:03:28 on 2012-05-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.1652 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\s... Read more

Answer:Google redirects to different website or asktofriends/happili

Hello lotus203 ! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems. Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.Please download ComboFix from the link below:CombofixSave it to your Desktop <-- Important!!!Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.
Double click it & follow the prompts.
If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
When finished, it will pr... Read more

14 more replies
Relevance 67.24%

I am trying to intall McAfee Antivirus supplied by Comcast as a perk for using their services but I get an error code saying it will not install because I have Norton Antivirus 9 still installed on my PC. I removed that software over a year ago!?!?

I am running XP pro with SP2
 

Answer:Unable to install McAfee antivirus because of Nortons

Welcome to TSG.

Try running the Norton Removal Tool, it should get rid of the rest of Norton.
 

2 more replies
Relevance 66.83%

I'm trying to get rid of being redirected to the Letstrywithme website. Everytime that I try to go to another website, I get redirected to the Letstrywithme website. I've tried everythin I know to get ris of it, but it still persists in redircting my access to anyother website I've chosen.

Answer:Whenever I try to access a desired website, it redirects me.

Hi HDR68,Please do not create duplicate post.Refer to the link given below:http://bit.ly/1c2bGehThanks & RegardsManshu S#iworkfordell

2 more replies
Relevance 66.42%

I am facing issues with the suspected virus/trojan attack.

I run WinXP on my machine and I noticed this issue when I started seeing Vimax ads on my yahoo account. I initially was amused, but then I noticed the automatic updates to my McAfee installation are failing. Also, I'm unable to play any sounds on my machine.

Too some extent I was able to tie audio not available issue to Windows Service being in terminated status. For the internet connectivity issue, I am able to connect to most sites; except a few which provide anti-virus services.
Even after starting all networking services, I am unable to see any items under my "Network Connections". The Windows service for XP themes also gets terminated after few minutes from restart.

I also check the EventViewer logs, and most services have logged unexpected termination.

I tried performing cleanups by using "Malwarebytes' Anti-Malware".
The C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) keeps appearing in mbam logs when I run mbam utility after booting the system in safe mode. Strangely enough, mbam identifies it as infection, but doesn't quarantine the file and just says "No Action Taken".
Upon deleting the C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent), it keeps re-appearing with each reboot.

Can you please help me getting rid of this completely?

Appreciate all your help.

Thanks.

Attaching the log as per the prep guide.

-=--=--=--=--=--=--=--=--=--=--=... Read more

Answer:Vimax Ads, Antivirus sites not opening, no updates for definitions, AVG, McAfee, SuperAntiSpyware did not help

I am facing issues with the suspected virus/trojan attack.I run WinXP on my machine and I noticed this issue when I started seeing Vimax ads on my yahoo account. I initially was amused, but then I noticed the automatic updates to my McAfee installation are failing. Also, I'm unable to play any sounds on my machine.Too some extent I was able to tie audio not available issue to Windows Service being in terminated status. For the internet connectivity issue, I am able to connect to most sites; except a few which provide anti-virus services.Even after starting all networking services, I am unable to see any items under my "Network Connections". The Windows service for XP themes also gets terminated after few minutes from restart.I also check the EventViewer logs, and most services have logged unexpected termination.I tried performing cleanups by using "Malwarebytes' Anti-Malware".The C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) keeps appearing in mbam logs when I run mbam utility after booting the system in safe mode. Strangely enough, mbam identifies it as infection, but doesn't quarantine the file and just says "No Action Taken".Upon deleting the C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent), it keeps re-appearing with each reboot.Can you please help me getting rid of this completely?Appreciate all your help.Thanks.Attaching the log as per the prep guide.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--... Read more

3 more replies
Relevance 66.42%

I am facing issues with the suspected virus/trojan attack.My earlier post on this issue (http://www.bleepingcomputer.com/forums/topic211900.html) had to be closed due to lack of feedback as I was out on vacation.Since the problem still persists, I am creating a new topic.I run WinXP on my machine and I noticed this issue when I started seeing Vimax ads on my yahoo account sometime around early March. I initially was amused, but then I noticed the automatic updates to my McAfee installation are failing. Also, I'm unable to play any sounds on my machine. Too some extent I was able to tie audio not available issue to Windows Service being in terminated status. For the internet connectivity issue, I am able to connect to most sites; except a few which provide anti-virus services. Even after starting all networking services, I am unable to see any items under my "Network Connections". The Windows service for XP themes also gets terminated after few minutes from restart. I also check the EventViewer logs, and most services have logged unexpected termination.I tried performing cleanups by using "Malwarebytes' Anti-Malware". The C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) keeps appearing in mbam logs when I run mbam utility after booting the system in safe mode. Strangely enough, mbam identifies it as infection, but doesn't quarantine the file and just says "No Action Taken".Upon deleting the C:\WINDOWS\system32\gaopdxc... Read more

Answer:Vimax Ads, Antivirus sites not opening, no updates for definitions, AVG, McAfee, SuperAntiSpyware did not help

Hi PrinceHector,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert coach before I post so there may be a slight delay. Don't worry I won't abandon you. Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.Thanks

16 more replies
Relevance 66.42%

Hello I am wokring on a computer for a friend and I found several ad-ware, male-ware, and trojans. I removed them by using Spy Sweeper, Spybot, and Ad-ware 2007.

After doing so there was still something worng with the computer. I would do a google search and I will click on the links found in the search results and I will be sent to a completely different webstie. None of the other programs I mentioned above found this problem or fixed it

I used the untility Fixwareout and I thought it did fixed the problem but it did not. I Posted a log of Hijackthis and Fixwareout below. I ran Fixwareout first then Hijackthis.

The computer I am on is A Windows XP Pro SP2 copmuter Pentium 4 2.4 GHz Dell Dimmention 2400.

Thanks for any help you can give me

Fixwareout report-------------------------------------------------------------------------------------------------------

Username "Daniel MacDonald" - 04/12/2008 10:29:55 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"... Read more

Answer:Google search links redirects me to a unrelated website

8 more replies
Relevance 66.42%

I had purchased Dell Inspiron N5050 laptop few months back. I was give pre-installed MsAfee antivirus.
Later I formatted my system. Since that I am not able to re-install the same.
Please resolve ASAP.
 
 

Answer:Unable to install the pre-installed McAfee antivirus software again.

Hi era.sharma31,Do you have the disc so that you can reinstall? If that was unsuccessful, and you have registered with McAfee, contact them so they can access your record and advise you.

3 more replies
Relevance 66.01%

Alright, Vimax pill ads keep appearing at every place a regular ad is supposed to appear on a website. I tried my McAfee & AVG 8.5 & SpyDoctor but it didn't fix it. The virus definition files are not being updated. No antivirus site is opening brower gives the message that "Page not found". Then I started looking at the forums with the same problems and heard that you can get rid of it. So I used it, but it didn't work. So I became a member of this site and am pleading for help.

Answer:Vimax Ads, Antivirus sites not opening, no updates for definitions, AVG McAfee, SpyDoctor did not help/ Moved

Hello NewToWorld and welcome to BC

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.

What is your operating system: Windows XP, Vista, etc.?

Are you running 32 bit or 64 bit windows?

Orange Blossom

14 more replies
Relevance 65.6%

Hello, So I was recently infected by some Trojans, not sure which ones. But when I rebooted my computer my taskbar was unable to load and only showed a sliver of it at the bottom of the screen. Also i'm unable to drag any desktop icons and my sound drivers are unable to load. I've tried running multiple anti-virus programs such as Malwarebytes and Kaspersky and unable to do so since I receive an error trying to run it. When I try to open Windows Firewall, I get a popup saying "Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) Serice?" But when I press yes I get an error saying ICS cannot be started. Can anyone help?

-Chris

I have Windows XP Professional SP3

More replies
Relevance 65.6%

When trying to download, I get the "Windows encountered a problem and has to shut down" message. Google gets redirected in both Firefox and Explorer. Pop-ups "thewebsitesurvey.com" and "thedailyheraldnews.com" appear on an irregular basis. The computer freezes frequently and needs to be rebooted. I am running windows xp.

Your help is appreciated.
-Claude

More replies
Relevance 65.6%

Hello, I've used BC before for help regarding some past issues with great success. My computer was recently infected with XP Security Tool 2010 and I used the fix described on BC. I installed Malwarebytes and FixExe.reg. This seemed to get rid of the problem, but then google chrome stopped working. Now while I browse on Firefox, I get random new tab pop ups stating: "Warning Warning!!! Your computer conatins various signs of viruses and malware programs presence. Antivirus Plus will perform a quick and free scanning of..." And then it performs a fake scan. Also when I am doing google searches, I am redirected to seemingly random advertisement websites. Lastly, I use Avira Antivirus protection and it pops up saying: HTML/Infected.WebPage.Gen in file C:\Documents and Settings\Network Service\...\2[1].php. Avira has detected other malware as well.To try and remedy the problem, I ran Malwarebytes, SuperAntiSpyware Free edition, Spybot Search and Destroy, and also the Combo Fix as described in another section of BC. I know I probably shouldn't have run ComboFix, but my problem seemed similar to another thread. Anyways, none of these scans seems to have fixed the problem. They all found malware, but I am still having the same issues.I hope this is enough information to get started, thank you in advance.Here is the dds log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Melissa Brown at 14:24:02.25 on Thu 04/08/2010Internet Explor... Read more

Answer:Infected with Antivirus Plus pop up, google redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

28 more replies
Relevance 65.6%

Hi. First off, I just want to say that I'm definitely not a computer expert, and this is my first time posting something like this.

I'm currently experiencing a virus that is not allowing me to run any Antivirus programs (Spybot, Malwarebytes, Windows Defender). Avast seemed to work for a while, but now it also will not run.

Search results from Google are also being randomly redirected.

One last problem I've noticed is that once I log into Windows Live Messenger, I get an error message for "Windows Live Communications Platform", and it logs me out.

Please help me to solve these problems, and thanks in advance.

Answer:Can't run Antivirus programs, Google redirects

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 65.6%

Hello, I'm working through an apparent slough of bugs in my parents computer.

They are running Windows XP, SP3. They've been having Google redirect issues for a few weeks and CPU usage in the upper 90%'s.

In the process of (and after running all these scans) fake antivirus software has popped up making the system unusable, offering that rundll32.exe and logonui.exe are disabled.

I am working in Safe mode right now, and have since removed AVG Free to replace it with Microsoft Security Essentials. I have also reset the wireless router in case it has been infected.

Any help would be greatly appreciated.

Thanks,

Amber
 

Answer:Google redirects, fake antivirus, etc

We still need the log from running MGTools --> C:\MGlogs.zip.
 

15 more replies
Relevance 65.6%

Hi. As the title states, I can't even run my real antivirus (adaware, malwarebytes, hijackthis, etc) even in safe mode. I can't even find some of the files, and it won't let me update or install programs. I read in an old thread to use win32kdiag, so I did that and here is the log, which is hardly anything:

Running from: C:\Documents and Settings\Heba\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Heba\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

Answer:Fake antivirus, google redirects

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Relevance 65.6%

I recently recovered from a particularly crippling virus, but now I'm stuck with a few remnants I guess. Google search results redirect me to irrelevant sites and the majority of antivirus websites simply won't load even if I visit it directly. In addition, AVG and AdAware won't update, Avast won't install (it claims to not be able to detect an internet connection, but here I am). I don't think it's a problem with my internet configuration since my Steam client can update just fine; it's only the antivirus that can't connect. In addition, my system 32 and temp folders are filled with suspicious files such as 8B.TMP, 8D.TMP, IadHide5.dll (in my temp folder), MAR6.tmp, two text files called _hphtra07 and hpodvd09 and a bunch of other locked and rather shady files. I would really appreciate any help on the topic, thanks.

Anyways, reports:


DDS (Ver_09-10-26.01) - NTFSx86
Run by HP_Administrator at 9:23:19.96 on 14/11/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1383 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched... Read more

Answer:Google redirects, antivirus won't update

Hi,

* Go here to run an online scanner from ESET.Tick the box next to YES, I accept the Terms of Use.
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish
Copy and paste results to your reply.

2 more replies
Relevance 65.6%

I've been having this problem for a Month now. Every time I use Google or another search engine, sometimes when I click on a link from the search result to go to a desire website, I get re-directed to the wrong website often another search engine website. To bypass this I have to click the back button and try again or sometimes I double or triple click on the link to get to the correct website. However, that is not the only problem I have. Sometimes whenever I'm using a website such as twitter or norton website for example, the page goes blank on my firefox browser and on the bottom left corner of the firefox windows it says something like 'transfering data from gostats.com' and it just stays like that unless I hit the back button several times or refresh the page. However, that doesn't always work. My antivirus can remove the gotstats.com cookie but it regenerates itself.

I already created a topic before on this website, but the problems was unresolved after doing several steps.
Here is the original topic:
http://www.bleepingcomputer.com/forums/topic360651.html/page__p__2018292#entry2018292

I was refer to go here and seek help.

I was ask to post my DDS log:

DDS (Ver_10-11-10.01) - NTFSx86
Run by Julio at 11:42:01.07 on Fri 11/19/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.123 [GMT -8:00]
============== Running Processes ===============

C:\WINDOWS\s... Read more

Answer:Google Search Results Links Redirects To Wrong Website

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

15 more replies
Relevance 65.6%

I have run HiJackThis and have the following log. Can anyone help please?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:46:32 PM, on 9/13/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\WINDOWS\Explorer.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\Bonjour\mDN... Read more

Answer:Clicking Google, Bing search result redirects to website.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 65.6%

Hello Everybody.Let me start off by wishing all the members (specially the kind people who run this show) a MERRY X'MAS AND A HAPPY NEW YEAR!Lately, I have been having problems of chrome redirecting a link that I click. It happens randomly and the frequency seems of this happening has been increasing. It doesn't happen all the time but quiet frequently. The link that opens up is more or less a website that shows that my PC is infected with Viruses/malware/spyware and does a "scan" of my system to confirm it (ofcourse, its all nothing but a lame animation made to look like a real windows application). Edit:This link shows the screen that I get when I get redirected:http://www.breakitdownblog.com/redirected-...om-with-chrome/System Specifications:Win XP ProfessionalSP 3Chrome 4.0Here is the HijackThis log output:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:40:19 PM, on 12/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\P... Read more

Answer:Chrome redirects google results (and other links too) to some dodgy website

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

13 more replies
Relevance 65.6%

I have been having trouble in internet explorer 8. Every time I go to a website, it automatically redirects to a google image search. Sometimes it's doubleclick.net, other times it's something different. I am not connected to the internet through a router, rather I am wirelessly tethered to my rooted LG Optimus S, running the RebornROM. I'm not sure that this has anything to do with my problem, though. I am only having this problem in Internet Explorer, I can use Safari with no problems. I am running Windows Vista Home Premium, 32-bit.

Here is my DDS log:
.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by WES at 23:09:21 on 2011-06-10
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3062.1358 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe... Read more

Answer:every website in internet explorer redirects to google image search!

Hello and welcome to Bleeping ComputerMy name is etavares and I will be working with you to fix your computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.Please refrain from running tools or applying updates other than those w... Read more

2 more replies
Relevance 65.6%

I'm trying to download updates through Windows Update, it shows that I have 139 important updates, and 40 optional ones. I selected them and clicked the install button but it got stuck at "Downloading updates (0 kb total, 0% complete)". I cancelled and retried choosing only 24 important updates and the same happened. I tried the check for updates option but it also keeps checking forever.
I also tried downloading updates from Microsoft Download Center but when I try to install them it hangs on "searching for updates on this computer".
I already ran the Microsoft Fix It tool, disabled my anti-virus and firewall, but nothing works.
I cannot install the SURT because it also keeps searching for updates.

I need to update so I can upgrade to Windows 10 - the setup also got stuck while checking for updates, so I was hoping that updating beforehand would do the trick.

Any suggestions on how to fix this problem are appreciated.

More replies
Relevance 65.19%

Hi,The problem with my Dell 4700, Windows XP Home, is this:  I am unable to access any websites that I need to update my antivirus or to download my free (from Comcast) McAfee. I've been online chatting with Comcast techs and have tried different things, none of which worked. I've been told that I might have a virus keeping me from accessing those sites.I had McAfee, but uninstalled it due to a problem and thought I would reinstall it and be ok. After I failed to reinstall because it wouldn't let me into the McAfee website, I downloaded AVG as a temporary back-up. It ran but when I tried to update it, I could not go to their website.  Can anyone give me some suggestions? I am feeling insecure with old virus definitions and nervous about the possible virus I do have. Thank you

Answer:Cannot access websites such as McAfee, AVG, other antivirus sites

try getting avg off a frends comp with a thumb drive or a cd(avg kills mcaffe get avg)

1 more replies
Relevance 65.19%

PROBLEM SOLVED, TROJAN DNSCHANGER MALWARE BYTES TO THE RESCUE!tried malware bytes tried to install new mcafee 404 on both the installs google locks up...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:32:14 PM, on 9/21/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18226)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\ehome\ehtray.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynToshiba.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\DllHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,... Read more

More replies
Relevance 65.19%

Dear Sirs,

Would you please help me fix those bunch of problems? Thanks so much in advance.

Recently, my laptop is infected by several kinds of spyware, rootkit,...
Google redirects to unknown websites (I believe there must be something with Cliccker.cn).
McAfee disable itself (it keeps disable after 3 seconds everytime I re-enable it).
Windows Antivirus Pro keep popping up.
Problem with Widows sidebar and other programs i.e. can't read .exe file.
More... and more... T__T

I tried to fix those problems using several anti-spyware programs but none of them worked, just made the situation worse!
Finally, I came up to your website and found an interesting topic about "Going Crazy! Google Redirect cliccker.cn" which is very similar to my problem. I tried to follow your steps (I know you are busy answering the same questions) but it seems you provided specific steps for each PC. So, I decided to create a new topic for this.

Here is the log from Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:46 PM, on 8/20/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\... Read more

Answer:Pls help: Google redirect (Cliccker.cn), McAfee disable itself, Windows Antivirus Pro

Hello,

After I used my computer for a while, I found out that my laptop is getting worse. I don't know if something has been changed; so, I decide to run HijackThis again to update my current status. Sorry if you don't need this one, don't mean to mess up your board. Thank you very much.

Here is the most updated one:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:42 PM, on 8/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\MagicLnk.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\... Read more

1 more replies
Relevance 65.19%

Dear awesome powers, facing a number of problems with laptop atm. i will began by describing the symptoms, followed by previous solutions tried. Appreciate any provision of assistance provided.

I mainly use chrome or firefox on my vista system. Over the last few week i've had to reboot my computer after every use as it slows down significantly after a few hours of usage, While surfing the internet, the search bar redirects me back to google or displays a website unavailable for a couple of instances before working fine again. Lastly, box ads pops up on the bottom right of the screen every few hrs.

For solutions garnered over the internet, i've tried the latest versions of tdsskiller.exe, Malwarebytes, AVG, Karpersky. All the above have been attempted to no avail.

Defogger have been used to disable emulation before i proceed. I have attached the ark and attach text files and the Dns file is as per below:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 7.0.6000.17037
Run by Liu at 23:47:56 on 2011-06-20
Microsoft? Windows Vista? Home Basic 6.0.6000.0.1252.61.1033.18.2045.498 [GMT 10:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Wind... Read more

Answer:Chrome and firefox redirects back to google or website unavailable page

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

16 more replies
Relevance 65.19%

I have a Windows XP machine (with a 2nd partition for Ubuntu Linux). On Friday, I began to notice strange things on my Windows machine. All of a sudden, my Security alert went off saying that my Norton AV has been disabled. After a while, I began to notice the taskbar change color, etc. I immediately ran malwarebytes anti-malware which found a Trojan.Hiloti trojan and cleaned it. However after I rebooted, My Norton online AV found a couple of malware and claim to have Quarantined one and cleaned the other. However, it couldn't tell me the location of the file because it claimed that they have been moved.Since this point in time, I no longer had access to the Windows Update website, and whenever I search for it on Google (and click its link), it sends me to some bogus website. I have tried to clean the Windows partition from my Ubuntu partition by using ClamAV 0.95. That found a Trojan.Rootkit-2660 virus amongst a few others I can't remember. I deleted those files and rebooted Windows, but the Windows Update and Google redirect problems where still there.I will surely appreciate anyone's help here. Attached below are logs from DDS and GMER

Answer:Infected with Trojan-rootkit. Google redirects and can't go to Windows Update website

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

28 more replies
Relevance 65.19%

Hello,

I am having issues with both of my Internet Browsers (Firefox and Internet Explorer). Whenever I click on a link it re-directs me to a bogus fake anti virus sites, random sites and fake web search sites. I have run Malwarebytes, Norton AV, AVG AV, CCleaner and Tune up utilities and this prob. still exists.
I have also uninstalled and installed each of the browsers and made sure to clear all info such as cookies, customizations, bookmarks, etc.
One thing I did notice is that when I re-installed FF, I was not being re-directed, until I accessed my bookmarks (that I backed up), then BAM! re-direction craziness!
I am at my wits end, ready to throw my laptop across the room. I have attached GMER and OTL logs to my post (My computer is not allowing me to copy and paste the logs directly within the body of the e-mail, so I have attached them to my post instead.
Thanks for reading and hopefully you can help!
 

Answer:Bogus antivirus programs & Google redirects

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:

:Processes

:Services

:Reg

:Files
C:\WINDOWS\System32\15724.exe
C:\WINDOWS\System32\19169.exe
C:\WINDOWS\System32\26500.exe
C:\WINDOWS\System32\6334.exe
C:\WINDOWS\System32\18467.exe
C:\Documents and Settings\Taheerah\Application Data\grwqhp.dat

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open... Read more

3 more replies
Relevance 65.19%

Today I some how get a pop up that I have antivirus 2011 and its detecting stuff. I know I didnt intentionally download this thing so I remove it using Revo uninstaller and its gone but now I am getting redirects when in google and my malwarebytes wont take care of the problem. Thanks for any help you can provide.

DDS

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Randy at 13:18:58.81 on Tue 04/12/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3069.1474 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
... Read more

Answer:Google redirects after removing antivirus 2011

We'll start off with this.Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


If an infected file is detected, the default action will be Cure, click on Continue.


If a suspicious file is detected, the default action will be Skip, click on Continue.


It may ask you to reboot the computer to complete the process. Click on Reboot Now.


If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

14 more replies
Relevance 65.19%

Hi, my little brother has been using my laptop and he managed to get infected with a fake antivirus.
I don't know much more than that on the cause because I wasn't looking.

I managed to do a few work arounds and now I can execute the .exe's and download files on chrome. (I could not do that at first)
I also executed MBAM and the computer seems to be "clear" of viruses. Except for the redirects and the fact that it still blocking the msoft security essentials.

Here goes the logs, and I'd like to thank you guys in advance for any time you put into helping me!

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Administrator at 21:44:43.71 on 13/03/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6139.4525 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32 ... Read more

Answer:Infected with fake antivirus and google redirects.

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

2 more replies
Relevance 65.19%

Hey everyone. First time posting!

Here are my symptoms:

First of all, when I start the computer in normal mode, I get an error. "explorer.exe: The application failed to initialize properly (Oxc0000005)" However, this error does not occur in safemode. I can get back to the explorer in normal mode through the taskmanager: run: explorer.exe.

Now regarding the browser: Google redirects me whenever I try to go to an anti-virus website. Including this site!! (I'm posting from my Dad's computer). This occurs in both IE7 and Firefox.

In addition to this, Whenever I try to start an antivirus program, the process appears in the task manager, but no window will pop up. This occurs with SpybotS&D and Combofix.exe and Malwarebytes. This happens in normal AND safemode.

As you can imagine this is very frustrating. Thank goodness RSIT ran and gave me some logs, or I'd be SOL.

Here are the logs. My computer is a Dell Inspiron 6000 laptop running XP SP2 Pro with BSafe filtering.

Thanks in advance guys.

Answer:google redirects, cant open/run antivirus programs

Hello Pennyman,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

2 more replies
Relevance 65.19%

I let my friend borrow my computer for the past month and when I got it back no programs would open, I got a command window titled desot.exe and it closed.

I was able to get malwarebytes to finally open by right clicking and running as user, and renaming the program. now every day I have to force quit windows antivirus pro (fake I know) and then close svchast.exe and run malewarebytes again, PLUS after running malwarebytes and it comes up clean, the search engines are still doing the redirect.

DDS (Ver_09-07-30.01) - NTFSx86
Run by administrator at 14:23:43.68 on 2009-08-25
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.250 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com... Read more

Answer:Windows Antivirus Pro & Google/yahoo redirects

it has since escalated. I can now no longer start the computer. in regular mode I can only do 2 commands, windowskey+L (switch users) and windowskey+U (utility manager). alt+ctrl+del or shift+ctrl+esc both yield "task manager has been disabled by the administrator" who there isn't any other users on the computer but myself. rebooting into safemode yields the same results.

I slaved the HD to another computer and was able to run malewarebytes full scan and came up with 22 infections which were promptly removed. attempted to boot from hard disk again adn it is doing the same thing.

3 more replies
Relevance 65.19%

I am new to the forum. I ran across it last week looking for information about the XP Antivirus 2010 virus. I have learned a lot of general information but the specific help seems to be geared to each poster based on the logs from their computer so I thought it would be best to try it that way. Last week my computer became infected with the XP Antivirus 2010 that many have complained about on here. By using system restore and Spyware Doctor I believe I have removed the virus however I am still having problems with Google redirecting search links to other sites. I purchased Spyware Doctor and ran a full scan however I am still having the same issues. That is now the only spyware program that I have. I also have Malwarebytes Anti Malware although that scan is coming up clean as well. Both programs are up to date. I just purchased Spyware Doctor specifically for this and it comes with a 30 day money back guarantee. I am disappointed that it has not fully fixed the problem, should I get rid of Spyware Doctor and try something else? I thank you in advance for any help that you might be able to provide. I have attached the requested logs. If there are any problems with the logs please just let me know and I can try again.

Thank You, Stan Holmes

DDS (Ver_10-03-17.01) - NTFSx86
Run by holmes at 14:29:32.26 on Thu 04/22/2010
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============


============== Pseudo HJT Report =============... Read more

Answer:XP Antivirus 2010 Aftermath Google Redirects

Hello Stan,

I see several areas of concern in your logs. It will require more than 1 round to clean the system. Please stay with me until given the 'all clear' even if symptoms seem to abate.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see t... Read more

15 more replies
Relevance 64.78%

I was in the process of updating my antivirus software. I switched from Norton to McAfee. While downloading, McAfee required that I uninstall all Norton applications. This action required me to restart my computer. Then, when I tried to start the McAfee download again, the main install screen would open for a split second, then close itself. I tried several times to open the software through My Computer, with the same results each time. I then tried to go to McAfee's website for support, but the internet browser closed itself when I typed "mcafee.com" and enter. I can view other websites (this one, for example) but not mcafee's.

So, I am currently without any type of virus protection whatsoever, as I have successfully deleted Norton, but cannot install McAfee. Please help.

Thanks.
- Technotard

P.S. I also called McAfee for support - they confirmed that I have a virus and offered to connect me to a "virus removal specialist" who would walk me through repairs for only $89.95.
 

Answer:Unable to open antivirus website

13 more replies
Relevance 64.78%

using google chrome or ie 11 I could not access any webpages. I was able to get to most webpages after checking a box in internet options advanced security by check enable enhanced protected mode...and then downloading malwarebytes, however I cannot go to www.google.com and I cannot reinstall google chrome or avg free antivirus as it will download but then it says there is no internet connection you must be connected to the internet, yet in my ie11 browser I am connected to the internet and can get to usatoday.com msn.com espn.com etc...but never google.com  strangest thing I have ever seen it says web page not available....after my initial run of malwarebytes the scan discovered over 1100 problems and I quarantined them all, and rebooted and for a short time I could go to google.com, but then when I tried to download AVG it bombed out again, and then I could not get to google.com again and have not been able to since....When I try to go to google.com using IE10 (I rolled back to ie10 to see if it resolved the problem as I had read about ie11 problems with google, and that did not work) the error message I get says  "THIS PAGE CAN'T BE DISPLAYED"   in big letters then under it it says make sure the web address https://www.google.com is correct and under that "look for the page with your search engine" then under that "Refresh the page in a few minutes" then under that ""Make sure TLS and SSL protocols are enabled go to internet options>advances>setti... Read more

Answer:Cannot download google chrome, avg free antivirus, or go to www.google.com webpg

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/528862 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

3 more replies
Relevance 64.37%

Hello I was reading your post from 05/19 regarding someone unable to access the McAfee site, and I'm experiencing similar problems. I've ran Combofix, as well as hijckthis (Log included). Now I was told to uninstall and re-install McAfee, so I know why it's not in my log but how do I re-install if I cant get into the site?
Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:05 PM, on 5/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.ex... Read more

More replies
Relevance 64.37%

Hello, I am unable to update my antivirus software (Norton Internet Security) as it cannot connect to the LiveUpdate server even though I am connected to the internet and can access all sites except for those such as Symantec or Microsoft. I've even checked if I was able to websites for free antivirus such as AVG and Avast! but still I am unable to do that. On reading the forum thread posting rules, I tried downloading DDS and GMER but still wasn't able to do so since bleepingcomputer.com and gmer.net was unable to load.

I was however able to use HijackThis, and this log was created:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:42:39, on 8/8/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Common Files... Read more

Answer:Unable to update antivirus software or access any antivirus websites

7 more replies