Computer Support Forum

Infected with an unknown trojan preventing updates to antivirus and causing google redirects

Question: Infected with an unknown trojan preventing updates to antivirus and causing google redirects

I am infected by a Trojan/Virus that prevents me from updating my antivirus software as well as redirects any clicked links from a Google search. I've run Ad-Aware and it removed a trojan but apparently did not completely fix the problem. I have run online scans (Kaspersky and Panda) but the scan either didn't finish or my computer rebooted when the infections were trying to be removed. I've installed MalwareBytes but it will not execute. I've pasted the dds.txt log below and attached the attach.txt and hijackthis.txt logs.

I appreciate any help that can be given.

Thanks,
Brian

DDS (Ver_09-05-14.01) - NTFSx86
Run by brian at 20:38:36.45 on Wed 05/13/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3069.1563 [GMT -4:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\Windows\system32\lxdxcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\Dwm.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\brian\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/ig?hl=en
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070614
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: avgwlntf - avgwlntf.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\q1ct2wor.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\users\brian\appdata\roaming\mozilla\firefox\profiles\q1ct2wor.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-5-12 28544]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2009-2-10 98984]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\drivers\WMP54Gv41x86.sys [2007-3-12 286208]
S3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\system32\drivers\avgwfp.sys [2008-9-13 53768]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-6-29 29744]

=============== Created Last 30 ================

2009-05-12 21:52 330,087,825 a------- c:\windows\MEMORY.DMP
2009-05-12 20:28 <DIR> --d----- c:\program files\Trend Micro
2009-05-12 20:25 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-05-12 20:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-12 20:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 20:19 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-12 20:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-12 20:19 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-11 06:38 <DIR> --d----- c:\programdata\Kaspersky Lab
2009-05-11 06:38 <DIR> --d----- c:\program files\Kaspersky Lab
2009-05-11 06:38 <DIR> --d----- c:\progra~2\Kaspersky Lab
2009-05-09 07:11 <DIR> -cd----- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-09 07:11 <DIR> -cd----- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-08 16:47 <DIR> a-d----- c:\programdata\TEMP
2009-05-04 20:42 <DIR> --d----- c:\program files\Panda Security
2009-05-04 20:31 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-05-04 20:31 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-04-30 18:59 <DIR> --d----- c:\programdata\avg7(204)
2009-04-30 18:59 <DIR> --d----- c:\progra~2\avg7(204)
2009-04-30 17:17 <DIR> --d----- c:\users\brian\.autosave
2009-04-16 17:47 120 a--shr-- C:\autorun.inf
2009-04-15 18:50 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-04-15 18:50 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-15 18:50 <DIR> --d----- c:\program files\iPod
2009-04-15 18:50 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-15 18:50 <DIR> --d----- c:\program files\iTunes
2009-04-15 18:50 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

==================== Find3M ====================

2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-13 06:36 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-13 06:36 86,016 a------- c:\windows\inf\infstor.dat
2009-03-13 06:36 51,200 a------- c:\windows\inf\infpub.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-03 00:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 00:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 00:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 00:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 00:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 00:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 00:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 00:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 00:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 00:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 23:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 22:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-02 22:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-13 04:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 04:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2008-09-15 18:45 174 a--sh--- c:\program files\desktop.ini
2008-09-15 18:36 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-08 19:40 0 a------- c:\users\brian\appdata\roaming\wklnhst.dat
2008-03-21 19:30 4,096 a------- c:\users\brian\DesktopTrojan.Win32.BlackBird.exe
2008-03-21 19:30 4,096 a------- c:\users\brian\DesktopFWebdEditor.exe
2008-03-21 19:30 4,096 a------- c:\users\brian\Desktopfwebd.exe
2008-03-21 19:30 4,096 a------- c:\users\brian\Desktopfkwp2.0.exe
2008-03-21 19:30 4,096 a------- c:\users\brian\Desktopfkwp1.5.exe
2008-03-21 19:30 4,096 a------- c:\users\brian\Desktopfilemanagerclient.exe
2008-03-21 19:30 4,096 a------- c:\users\brian\DesktopEditorFKWP2.0.exe
2008-03-21 19:30 4,096 a------- c:\users\brian\DesktopEditorFKWP1.5.exe
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-08-12 13:45 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-08-12 13:45 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-11-16 19:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2007-08-12 13:45 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-02-05 19:02 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2009-02-05 19:02 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2009-02-05 19:02 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-06-14 04:30 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:41:10.69 ===============

Relevance 100%
Preferred Solution: Infected with an unknown trojan preventing updates to antivirus and causing google redirects

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Infected with an unknown trojan preventing updates to antivirus and causing google redirects

Just bumping this up. I'm still interested in getting some help if anyone is available.

I appreciate your time. Thanks.
Brian

4 more replies
Relevance 87.74%

Referred from here: http://www.bleepingcomputer.com/forums/topic418249.html ~ OBDDS.txt log and Attach.txt log are both attached to this post.GMer is currently running, I will post the report log as soon as it completes.Edit: My computer "blue screened" about two minutes after GMer started. I've not had a blue screen in quite a while. Should I attempt GMer again, or leave it be?

Answer:Computer infected, causing Google Redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

19 more replies
Relevance 86.51%

I believe a Trojan is causing my google searches to redirect to sites such as 'licosearch.com' among others.I found a closed thread on this forum with this exact problem, the user said they had developed this problem and even formatting had been unsuccessful...as it has in my case . Following instructions from said thread, I have run DeFogger, DDS and Rockit Unhooker and have saved the 3 reports which were supposed to be sent to the moderator/administrator who chose to reply...these reports are attached in this post .Anybody who chooses to help will have my eternal gratititude.Thank you in advance.Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

Answer:Possible Trojan causing Google search redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 84.46%

Hello, I've used BC before for help regarding some past issues with great success. My computer was recently infected with XP Security Tool 2010 and I used the fix described on BC. I installed Malwarebytes and FixExe.reg. This seemed to get rid of the problem, but then google chrome stopped working. Now while I browse on Firefox, I get random new tab pop ups stating: "Warning Warning!!! Your computer conatins various signs of viruses and malware programs presence. Antivirus Plus will perform a quick and free scanning of..." And then it performs a fake scan. Also when I am doing google searches, I am redirected to seemingly random advertisement websites. Lastly, I use Avira Antivirus protection and it pops up saying: HTML/Infected.WebPage.Gen in file C:\Documents and Settings\Network Service\...\2[1].php. Avira has detected other malware as well.To try and remedy the problem, I ran Malwarebytes, SuperAntiSpyware Free edition, Spybot Search and Destroy, and also the Combo Fix as described in another section of BC. I know I probably shouldn't have run ComboFix, but my problem seemed similar to another thread. Anyways, none of these scans seems to have fixed the problem. They all found malware, but I am still having the same issues.I hope this is enough information to get started, thank you in advance.Here is the dds log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Melissa Brown at 14:24:02.25 on Thu 04/08/2010Internet Explor... Read more

Answer:Infected with Antivirus Plus pop up, google redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

28 more replies
Relevance 83.64%

Google links redirect. Host service crashes. Any explorer browsing hangs, save as in any app hangs. Window appearance seems to revert back to classic style. Any and all assistance is greatly appreciated!!!
DDS (Ver_10-12-12.02) - NTFSx86
Run by Rexmaster at 10:26:18.27 on Fri 02/25/2011
Internet Explorer: 7.0.6000.17037

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Research In Motion\Smart Card Reader\BlackBerrySCRService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\... Read more

Answer:Infected with unknown, Google redirects, host service crashes

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.Do not do things I do not ask for, such as running a spyware scan on your computer. The one thin... Read more

28 more replies
Relevance 83.64%

Here are the requested files, as instructed.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by McLean at 17:04:48.57 on Tue 03/29/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.473 [GMT -5:00]
.
AV: Trend Micro Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS... Read more

Answer:Infected with unknown- IE/Google redirects to unwanted webites, and random pop-ups

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

14 more replies
Relevance 83.64%

Hello, I am infected with unknown virus/malware which is causing google to redirect and random popups. Additionally i notice that one instance of svchost.exe in the process list will eventually start to eat up the system resources and cause everything to slow down. If i disable it, the computer runs normal again but the windows themselves sort of flicker and revert to an older looking window and then eventually back to the XP look. Also a blue screen sometimes appears at startup indicating some sort of "invalid work queue item" I feel like there are multiple issues with this computer and i am overwhelmed. Thanks in advance for any assistance.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Run by Beth Senturia at 19:59:52 on 2011-07-24
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.418 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:&... Read more

Answer:Infected with unknown, google redirects, svchost eats resources

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 83.64%

Please help. I am really struggling with my computer. I have spent far too many all nighters trying to get this fixed to no avail.

I have read, reviewed and performed all steps in the READ ME FIRST:
http://forums.majorgeeks.com/showthread.php?t=35407

Follow the instructions in the above link for installing and running

1. SuperAntiSpyware - found no viruses - log file attached

2. Malwarebytes Anti-Malware - found no viruses - log file attached

3. ComboFix - One thing to note: I wasn't able get COMBOFIX.exe to run. It did appear to do something, my clock changed, but then nothing. No DOS prompts, nothing. Was unable to find any log.

4. MGtools - not sure this worked or not.

Please help me. I would be grateful for any and all help.
 

Answer:Google redirects, IE errors, unknown virus/trojan

Wanted to add more detail for the MGTools step:

4. MGTools: Not sure this worked at all. I tried to disable UAC via the instructions with DisableUAC.reg file, but nothing happened. I then tried to run GetLogs.bat, but didn't see the "Run as Admin" option which the instructions said I should have.

Thank you again.
 

3 more replies
Relevance 83.23%

Hi, my little brother has been using my laptop and he managed to get infected with a fake antivirus.
I don't know much more than that on the cause because I wasn't looking.

I managed to do a few work arounds and now I can execute the .exe's and download files on chrome. (I could not do that at first)
I also executed MBAM and the computer seems to be "clear" of viruses. Except for the redirects and the fact that it still blocking the msoft security essentials.

Here goes the logs, and I'd like to thank you guys in advance for any time you put into helping me!

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Administrator at 21:44:43.71 on 13/03/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6139.4525 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32 ... Read more

Answer:Infected with fake antivirus and google redirects.

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

2 more replies
Relevance 82.82%

An unknown Trojan (assuming due to the infections detected by AVG) has infected my pc. I am running XP, use Firefox to browse, and have AVG Free updated and full system scans run.

AVG is finding and cleaning programs, ("Fm9.exe", e.g.) but there are new ones each time I scan.

Symptoms include popup windows, and bogus "antivirus" download popups "antimalware" was one I saw.

I saw another post that mentions "whitesmoketoolbar", this is currently installed on this pc...is it the issue?

I can provide screen shots or whatever is most useful. Please let me know your questions.

THANKS FOR READING!
Jake

P.S. I've been trying to post to the Virus, Trojan, Spyware, and Malware Removal Logs, but it won't work...am I forbidden for some reason?

Answer:Infected with Unknown Trojan, causing popups, system instability

I think I put this in the wrong forum by accident. I am looking, but do not see a way to move it. Sorry for the inconvenience.
Thanks,
Jake

1 more replies
Relevance 82.41%

I get svchost.exe errors on bootup with references to 0x85993a44 and 0x01c8284.

I get Google redirects.

I cannot do a Windows update. I get Error number: 0x80072EFF

I've attached the logs.

It looks like the limit for attachments is 4, but the 5th is short and is here:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/25/2008 at 04:17 AM

Application Version : 4.22.1012

Core Rules Database Version : 3685
Trace Rules Database Version: 1662

Scan type : Complete Scan
Total Scan Time : 01:39:58

Memory items scanned : 918
Memory threats detected : 0
Registry items scanned : 9108
Registry threats detected : 0
File items scanned : 47848
File threats detected : 0

Any help???
 

Answer:Malware preventing Update and causing redirects

Welcome to Major Geeks!

We need some additional info. Please run this: GMER - running with a random name and attach the log from GMER.
 

10 more replies
Relevance 82%

Hello,I received a popup McAfee security center message to reinstall McAfee, which is inlcuded with my Comcast subscription. I am unable to access the McAfee website through Google using IE. I also tried AVG and had a problem accessing the server to update the software. Below is the HJT log; attached are the logs created by DDS. Any help would be greatly appreciated!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:22:25 AM, on 5/17/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\MBK\MBackMonitor.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\PROGRA~1... Read more

Answer:Google redirects; Unable to access McAfee website, download antivirus updates

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 82%

Hi all,

EDIT - Sorry, just noticed my file didn't attach when I first posted this. It's attached now.

I'm having some issues with a random infection that occurred about a week ago. I've run just about every antivirus program under the sun, from Malwarebytes to AVG and Avast to try and catch everything, but something is lurking beneath the surface and away from the AV scans. I'm having a few performance issues, but to be honest this may not be related to the virus. Just random slowdowns here and there. However, I am completely unable to turn on the Windows security center. Every time that I try an error message pops up saying that it cannot be started. Also, whenever I google something (or even go to yahoo, for that matter) and attempt to open one of the search results, my browser is hijacked and taken to a random search engine like yellowpages.com Any help would be greatly, greatly appreciated. (Note: I'm using Windows 7 64 bit, so no GMER file) My log file is as follows:
.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Ryan Doan at 12:24:09 on 2011-06-22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2680 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E... Read more

Answer:Infected with unknown malware - Google redirects and Windows security center cannot be enabled

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 80.77%

Hello,

I was infected on 12/9/11 with something in the XP Antivirus/Home Security 2012 family. I immediately tried to run MalwareBytes, but it of course wouldn't start. I ran Spybot Search and destroy, which saw and shut down most of the "security" windows. After that, I was able to run MalwareBytes. After several runs of both those programs, they were showing the computer as clean.
However, I still have several problems. Firefox is occasionally hijacked. Sometimes extra tabs open and go to health ads, and occasionally links from a google results page are redirected to other 'results' pages, like "fast-web-search" or "search-web-results". There is also a process called ping.exe that keeps executing. It shows up in the task manager, sometimes using up to 99% CPU cycles and greater than 100M memory. I can kill it in task manger or process explorer, but it just starts again in a few minutes. I also occasionally get random windows alert sounds. This looks like the same problem many others are having here.
At this point I also tried tddskiller, but it did not find anything.
I've followed the reporting guide steps. Everything there worked fine except the DDS scan. DDS starts and appears to run normally for about 20 seconds, but then closes, and no log files open after that. GMER runs fine, and reported that a rootkit was detected. That log is below.
Thank you in advance for any help.
WF

GMER 1.0.15.156... Read more

Answer:Infected with XP Antivirus/Home Security 2012 -google redirects and ping.exe

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these stepsDownload and run OTLDownload OTL by Old Timer and save it to your Desktop.Double click on OTL.exe to run it.Under Output, ensure that Minimal Output is selected.Under Extra Registry section, select Use SafeList.Click the Scan All Users checkbox.Under the Custom Scan box paste this in

%TEMP%\smtmp�... Read more

33 more replies
Relevance 80.77%

This is awful. I noticed my PC Tools Spyware Doctor and Antivirus had stopped working. I found that Spybot tried to scan and then just disappeared from the screen - unable to start up again. Similarly with Immunet I installed. Using Google Updater I discovered that the google updater service wasn't started. I tried to manually start it but got an error "Error 1053"

I tried Windows Defender and it came up with a serious threat and called it Trojan:windows32 sirefef.B or something similar. It failed to remove it and now doesn't even pick it up.

Any search [using Chrome] to find out about it made my browser redirect to Stopzilla site. And then after a while an odd looking 'survey' about Google. Luckily I was able to use Maxthon browser to visit the actual sites behind the genuine links.

I have now tried to follow the instructions on this site about 'before you post'...

1. HijackThis. I managed to install it and run it but there was an hiccough and it disappeared! - I have no idea why and I cannot get it back and it didn't write anything to a log file. I even tried to re-install HJT but it wouldn't run. When I click on HijackThis.exe now I get the error 'Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item". [I am running this computer as a administrator.]

2. Downloaded DDS successfully and got that to produce the appropriate files - Attach.zip is... Read more

Answer:google Redirects, Antivirus doesn't work, sirefef.B trojan?

16 more replies
Relevance 80.77%

My laptop is redirecting Google clicks to odd search sites (or antivirus ads). I'm also getting TONS of Vimax ads (not that I'm insecure or anything). A porn site said I was infected with 'troj/rustok-N' and wouldn't allow me to access their video files.

Here's my cut & pasted DDS report, along with the requested attached files (attach.txt and ark.txt). Root Repeal (which I ran in SAFE MODE) would only work on its 'second' Disk setting, not its default (or even 'high') settings.

Many thanks for your assistance!!

DDS (Ver_09-07-30.01) - NTFSx86
Run by BDF at 9:30:44.85 on Thu 08/20/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.97 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\... Read more

Answer:Suspected Trojan Infection - Redirects Google & Antivirus sites

Hello 4bard,Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. **********************Note: If you already have Malwarebytes' Anti-Malware, then update, run it, then do a "Perform Full Scan"Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) ... Read more

29 more replies
Relevance 79.54%

The issue started yesterday with a black screen, no icons, and empty start menu folders. Programs could be run by accessing them through Windows Explorer. Internet Explorer tried to open repeatedly, but it is not my default browser and a security warning blocked it. McAfee was blocked. I started in Safe Mode and ran several passes of Malwarebytes. The first found Trojan.FakeAlert and several registry edits. It removed the infections, but the issue persisted. I tried to re-run Malwarebytes, but it was blocked. I downloaded it again, re-ran it, removed two more infections, ran it again and then a McAfee scan and no issues were found. Programs are usable, but all Google searches are redirected through Gameroom.com to fake search results. Updated Malwarebytes and ran again tonight, but it found no issues.

Unable to run GMER.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Run by Aryn Kennedy at 22:35:58 on 2011-08-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.434 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\s... Read more

Answer:Infected with Trojan.FakeAlert and Google Redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

12 more replies
Relevance 78.31%

Hi There,

I'm in need of some help and would be really grateful if you can?!

Im currently running windows XP on a samsung netbook and I've had problems for the last 2 weeks with some sort of virus.

It started with the Antivirus 2010 virus, which I managed to remove using the guidence on this site. After this was removed the netbook operated noramlly for 2-3days.

In the last 7 days when I use google and click on the links it supplies, this re-directs to other search sites and not the require links. Over the last 2 days this seems to have got much worse and now re-directs when i navigate within websites or enter URL's directly.

Today it has been redirecting to site claiming to scan my computer for viruses/spyware.

I've tried malwarebyes but it isn't picking anything up, I've also tried various other fixes previously posted.

Here are the details requested in the preparation guide.
Many Thanks in advance for any help you can offer!

DDS (Ver_10-11-10.01) - NTFSx86
Run by Tom at 17:28:43.87 on 13/11/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.390 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files&... Read more

Answer:Infected with unknown - antivirus 2010 malware previously removed - now google redirecting

Hello Mr Tom ,Sorry for the delay. If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. Thanks,tea

13 more replies
Relevance 77.9%

Well, i've been trying to fix this but it's getting to the point where i'm spending too much time "trying" to fix it. Btw, after we get this cleaned, i've been waiting to sign up for either Malware University class.

I went thru the entire cleaning guide so I have the logs ready. The only one I couldn't do was the Windows Update. I need to d/l the .NET Framework 3.5 but it won't let me. It goes thru all the motions and at the end I just get a "failed" to update pop up. I'm so glad there was a System Restore d/l because some jacked up virus blocked me from my system restore a long time ago.

I have wireless thru a router and looking at my event viewer I have repeated 4201 TCPIP errors. Literally every second.

I appreciate any help I can get with my mess.

Thank you in advance!
Mary

Answer:Infected:IERESETATTRIB, Win32.Trojan, Vundo, Google Redirects

hi,

sorry for delay, no shortage of posters. Still getting redirects? If you still need help post back.

10 more replies
Relevance 77.08%

I have a Windows XP machine (with a 2nd partition for Ubuntu Linux). On Friday, I began to notice strange things on my Windows machine. All of a sudden, my Security alert went off saying that my Norton AV has been disabled. After a while, I began to notice the taskbar change color, etc. I immediately ran malwarebytes anti-malware which found a Trojan.Hiloti trojan and cleaned it. However after I rebooted, My Norton online AV found a couple of malware and claim to have Quarantined one and cleaned the other. However, it couldn't tell me the location of the file because it claimed that they have been moved.Since this point in time, I no longer had access to the Windows Update website, and whenever I search for it on Google (and click its link), it sends me to some bogus website. I have tried to clean the Windows partition from my Ubuntu partition by using ClamAV 0.95. That found a Trojan.Rootkit-2660 virus amongst a few others I can't remember. I deleted those files and rebooted Windows, but the Windows Update and Google redirect problems where still there.I will surely appreciate anyone's help here. Attached below are logs from DDS and GMER

Answer:Infected with Trojan-rootkit. Google redirects and can't go to Windows Update website

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

28 more replies
Relevance 75.85%

I think I have a virus infection,Symantec scan in safe mode found the following viruses W32.Virut.CF, W32.Virut.H and InfoStealer and quarantined them successfully.Nothing seems to be wrong with the system, except I cannot access any of the antivirus sites like www.symantec.com, www.free-avg.com etc.So suspect something is still wrong. Ran sdfix.exe in safe mode and it threw errors running Regsvr32.exe and terminated them but proceeded to complete the scan. Post which still not able to access the above mentioned sites.Then tried following instructions in http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/The DDS log follows. Replaced a single string involving company details.DDS (Ver_09-07-30.01) - NTFSx86 Run by Pradeepkumar.T at 13:23:34.08 on Thu 09/24/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1342 [GMT 5.5:30]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Bonjour\... Read more

Answer:Unknown Infection preventing access to antivirus sites.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

2 more replies
Relevance 75.03%

Hi,

Firstly, thanks for taking the time to read this and for any help offered. It will be much appreciated.
Secondly, I think I know the original culprit. My bro-in-law downloaded some games for my son. He did it via torrents and said he "had some issues" with a Spongebob Monopoly game. He ignored "a warning" and installed it. It turned out to be a demo but ever since he ran it we've had a hijacker making constant redirects in our browsers.

I scanned my security programme at the time, Norton 360, which saw the spongebob game as a threat - i deleted it - but couldn't find what it left behind. I've since started using Trend Internet Security which doesn't find it either.

I've now found these forums and hope someone can help.

I've followed the instructions [topic="topic34773"]provided here[/topic] and have generated a dds report which i'll paste in below.

I also tried to run RootRepeal but got an error code (which I've sent to the author). I tried running it disconnected from the internet and with all security services off.

As I said, thanks for your time.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Andrew and Emma at 20:33:30.79 on 15/12/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3061.2017 [GMT 0:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe... Read more

Answer:Unknown Hijacker causing redirects

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,I am thcbytes and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to y... Read more

11 more replies
Relevance 72.98%

I'm usually pretty savvy when it comes to de-virusing a computer, but this one has got me completely stumped.

I recently noticed a browser hijack where in all browsers, any result from yahoo.com is redirected to porn. Also, every update (anti-malware application download, update, or windows kb download, or windows update) will fail, sometimes with a DNS failure, sometimes with a 404 at all times.

I have tried to download

Ad-Aware (updates fail, returns 404)
AVG Antivirus (updates fail, dns times out)
Avira AntiVir (updates fail, returns 404)
Microsoft Windows Update fails to open (just redir's back to windows update)
Microsoft KB Downloads (Service Pack 3, various KB patches return 404)

Can anyone help identify this? I updates avira, and avg manually (via a cd from another computer) and they say the computer is clean. All Conficker scan tools say the computer is clean. Microsoft live onecare says the computer is clean.

I also add that I'm going to format & reinstall, but I would really like to know what I have (had) so that when I am trying to recover data from the old HDD I don't reinfect myself.

Thanks in advance. Any help would be much appreciated.
 

Answer:Malware causing multiple antivirus updates, windows updates, patch downloads to fail.

Re: Malware causing multiple antivirus updates, windows updates, patch downloads to f

Welcome to Major Geeks!


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash dri... Read more

1 more replies
Relevance 72.98%

I've tried multiple anti-everything programs from Super Anti-Spyware, Malwarebytes, ComboFix, Spybot S&D, and various online scans that have found nothing, or found something but never fully cleaned my system. For a week or two, Google was being redirected to various ad sites, but after my system was "cleaned" everything was fine. Now today, anything remotely related to Google won't load at all. I've tried to manually remove the TDSS google-redirecting virus, but I have none of the files that supposedly come along with the virus.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Des at 14:42:16 on 2012-02-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.1903 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\nvsvc32.... Read more

Answer:Infected with a virus that redirects Google, shows Google "not found nginx" also, no Youtube, Google Chrome or Google E...

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

38 more replies
Relevance 70.11%

Hi all,

Thanks in advance for being nice to the new guy. Well, I clearly downloaded something bad the other day because my computer was going nuts! I finally cleaned out the major virus I had gotten and the rest of the spyware, but there must be something left in there because any Google search result I click on brings me to sites like pebble.com, goingnorth.com, and buddytv.com. Any help would be much appreciated.

Thanks much!

Answer:Malware Causing Google Redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 70.11%

Hi there

I keep getting redirected to a few Web sites called: asktofriends.com, mydealhero.com, admanage.com among others, from Google searches. I had a fake antispyware program (installed by malware) which kept saying that I had 25 infections, and that I needed to buy the full version to remove them. I managed to remove this, although it did prevent admin priviliges and .exe files from running for a period. This problem remains though.

I also think that my PC could have other hidden trojans and/or malware. I have scanned it with AVG Free, Lavasoft AdAware, and ESET.

Thanks.

Answer:Malware causing Google redirects in FF/IE

Hello. as the rquired logs for this forum are not posted,i am moving this to the Am I Infected forum.Let's look at these logs and tel me how its running after.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.If TDSSKiller does not run, try renaming it. To do this,... Read more

4 more replies
Relevance 69.29%

Hello

I am using Windows XP and seem to have picked up some unwanted malware. Whenever I open either Explorer or Firefox the software often attempts to open up a second window that takes me to Google or sometimes Blinkbox.com.

If I do use Google and then click on any of the search results, I am redirected to completely different sites. These often advertise malware removal software.

Might be unrelated but I have also noticed that soon after start up my PC can start to run very slowly and a look in the Windows Task Manger shows a process called svchost.exe that takes up more than 90% of the CPU resource for lengthy periods of time. If I end this process, things speed up but soon after the system can hang meaning I have to reboot.

Have run scans from AVG antivirus software and from Malwarebytes Anti Malware and nothing is being picked up.

Have followed the excellent advice in the preparation guide on this forum and have attached various files as suggested.

Many thanks in advance and really looking forward to getting my old PC back.
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Run by Jason at 17:44:08 on 2011-06-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.611 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\... Read more

Answer:Malware causing redirects from Google results

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 69.29%

Hello Guys,I have had this problem for a few days now. I'm using Windows 7 32-bit with Google Chrome.I had the System Check virus about a week ago, which I removed with Norton Internet Security.I'm not sure if it is that or another virus that is causing the current problem.In the last few days, whenever I went to a Google search result, it redirected me to a malicious website.I also had this problem a few months ago but it went away by itself.Also when I was playing MW3, it had an error which is attached about a debugger being found. TDSSKiller won't run after I open it.Norton IS doesn't show anything.I have run quick scans on MBAM which have shown some things at times but nothing at other times.MSE has also revealed nothing.Thanks in advancePS: Sorry i don't know how to attach stuff.http://imgur.com/F02YC (debugger problem)Edit:Attached DDS log .DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.0.0Run by DAVID at 18:22:39 on 2012-02-01Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1425 [GMT 11:00].AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}.============== Running Processes ==... Read more

Answer:Virus (rootkit?) causing Google Redirects

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated f... Read more

41 more replies
Relevance 69.29%

hello bleeping computer,since i accidentally visited an attack site, i've had occasional google result redirects to generic pages. also, my antivirus (nod32) has lately been detecting intrusions. right now it has failed to start after a reboot. in the last day i've also had ads pop up in browser windows, for example for fake registry cleaners or antiviri. these are popping in google chrome windows when i use it, even though firefox is my default browser.i've tried numerous software, such as ad-aware, spybot s&d, malwarebytes anti-malware, and the nod32 scan. they've picked things up and deleted them, but the main symptoms keep reoccuring (ie they don't seem to be detecting the main problem).looking forward to your assistance.attached are my Attach.txt and Rootrepeal logs:below is my DDS.txt:CODEDDS (Ver_09-12-01.01) - NTFSx86  Run by Compaq_Administrator at 18:32:20.79 on Mon 01/25/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1469 [GMT -5:00]AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)   {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:&#... Read more

Answer:rootkit causing popups, google redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS or GMER log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

12 more replies
Relevance 69.29%

Hi Folks,

I have done my best to read all the rules and, as this is my first ever post, I'm hoping to have done this correctly. Since earlier this morning, I've been experiencing Google redirects even after (seemingly) "successfully" having removed about 14 suspicious items with the latest version of MalwareBytes.

As well, I've tried making several System Restore attempts to which I consistently receive a message to the effect that the restore effort was unsuccessful and that the files have not been changed.

I would be sincerely grateful for any guidance on helping restore my PC to normal!
Thank you very kindly in advance,
Michael

_______________
Here's my info:

HP Pavillion dv6000 : Windows 7 Ultimate 32 : 4 GB RAM
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by Michael at 14:15:56 on 2011-08-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.3070.1429 [GMT -3:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.ex... Read more

Answer:Malware causing Google redirects when searching

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. P2P - I see you have P2P software (BitTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes at BC are complete. Download TDSSKiller.zip and extract TDSSKiller.exe to your desktopExecute TDSSKiller.exe by doubleclicking on it.Press Start Scan
If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"Then click Continue > Reboot now
Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10... Read more

10 more replies
Relevance 68.88%

I think my original post was in the wrong place... I read all the instructions for posting etc and now I think I'm posting in the right place. =/ Sorry for the inconvenience.Original Post:I've never posted in a forum for help before because usually just coming and reading other posts/topics on one has helped me enough to get whatever I need to removed but this time it has proved more resilient. Thank you in advance for your time/help.I have two problems, though I think they aren't entirely related.First:I seem to have some sort of redirect virus/spyware. Half of the time when I click a link, the address in the URL bar changes, but the screen stays solid white. Refreshing does nothing. Typing the URL directly/hitting enter does nothing. The other half of the time instead of getting the white screen, I get a solid white page with the text: "This page has moved here."Clicking the link "here" successfully takes me to the page I was originally going to "most" of the time. Sometimes it just takes me to the solid white page (this is always the case with GMail.. I can only use gmail on my phone)I also randomly have a new window pop up with an ad page.I use RKill and then run Malwarebytes and it finds nothing. At the suggestion of a friend I downloaded and ran Microsoft Security Essentials, and it found 2 items and "removed" them, after which it asked me to restart my computer. Once I restarted I got a blue screen in startup (between... Read more

Answer:Infected causing redirects, Blue Screens etc..

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434678 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 68.88%

Hello,
I have the following symptoms:
Google update is crashing
Google chrome can no-longer access webpages
Firefox and Internet Explorer will jump to incorrect malicious sites when I click on links given by a google search
Cannot access antivirus sites (like this one) from browser
Anti virus software cannot update
System sometimes freezes during startup when not running in safe mode

I ran the log generators in safe mode and results are below.

GMER would not run.

Any help will be appreciated.



DDS (Version 1.0) - NTFSx86 NETWORK

Run by user2 at 10:59:13.37 on Sat 11/29/2008

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1710 [GMT -8:00]



============== Running Processes ===============



C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware_2008\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Documents and Settings\user2\Desktop\dds.scr



============== Psuedo HJT Report ===============



uStart Page = hxxp://www.google.com/ig/dell?hl=en

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en

mDefault_Page_URL = hxxp://www.dell.com

mDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext ... Read more

Answer:Virus redirecting google search links and preventing access to Antivirus sites

Rename Gmer.exe to Omer.exe. Then try running it.

8 more replies
Relevance 68.47%

I have some form of malware that is causing my Google searches to redirect to advertisement sites and tabs to these advertisement sits to open in new, unauthorized, while using firefox.When I first got these symptoms I ran:McAfeeAdawareSpybot S&DMalwareBytesSuperAntiSpywareThe problem was still not fixed.I searched the symptoms (on another computer), found this site, and completed the preparations. Below is my DDS.txt file, and I've attached attach.txt. gmer froze the first time I tried running it, so I rebooted my computer. The next time I tried to run gmer, about 10 seconds into the scan I got a blue screen that said something along the lines of 'Windows needs to shut down to protect the system.' The computer shut down before I could read or copy down the entire message. I rebooted the computer in safemode and ran gmer again. ark1.txt is the initial scan that gmer made while not in safemode. ark2.txt is the scan made in safemode. While this scan was running, a balloon on the task bar informed me (from gmer) "the file or directory C:\DOCUME~1\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\search is corrupt and unreadable. Please run Chkdsk utility."I do not know if this is relevant, but when I restarted after the first time I ran gmer my Windows Theme had been changed to classic.If you need any more information, just tell me and I will be happy to provide it.Thank you in ad... Read more

Answer:Malware causing Google redirects and Firefox Tab openings

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

13 more replies
Relevance 68.06%

VET antivirus has proved totally ineffective against this virus. It started when VET could no longer access its server to download updates. Then came redirects and all manner of problems with Google, such as when the browser is started, it tries to Google search the address that is set as my homepage, and ranges to redirects of unspecific searches (search results for Adobe Flash Player will NOT redirect, but results for Flash Player will).

This is on all four computers networked in our house. Even on my brother's, who recently formatted his computer and had it again by the time he installed his antivirus and tried to update it, before he even launched his web browser.

No antivirus, antimalware or other similar software seems to be capable of downloading updates, but Malware Bytes, without its update, detected eight trojans. Deleting them caused a lot of internet sites to return Not Found, until I restarted and everything seemed normal. Antivirus couls still not update, but the redirects ceased. For about five minutes. Another run of Malware Bytes found four trojans, fixing them had the same effect.

I also notice that when searching in Google, the status bar shows "connecting to www.ecata.com" and ends up at what appears to be Google. The Google toolbar also searches like this, but attempting to use anything other than a normal search (eg, image search, I'm Feeling Lucky) will return a normal search. Before ecata, it was smpt.com.

HijackThis log:

Logfi... Read more

Answer:Antivirus updates blocked and redirects.

16 more replies
Relevance 68.06%

I've recently found that I've been infected with either some sort of virus or malware. I ran Malware Bytes and Super Anti Spyware, and an AVG full system scan, and nothing has fixed the problem. I also tried running a GMER log but I keep getting an error message saying it has encountered an unknown problem, so I could never get the log from it. Also, I do not have access to a boot cd.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_25
Run by Robert at 12:31:31 on 2011-12-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2541 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG2012\AVGID... Read more

Answer:Unknown Virus & Google Redirects

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{83F61848-694F-4D18-9624-3FE02CB55575} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{B7D01D15-BCDF-427E-A934-B2F09063E854} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{FF0F0B7C-4083-4348-AC0A-942AB35DDFDC} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\robert\application data\mozilla\firefox\profiles\9j8m59u2.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - component: c:\documents and settings\robert\application data\mozilla\firefox\profiles\9j8m59u2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\robert\application data\mozilla\firefox\profiles\9j8m59u2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:... Read more

19 more replies
Relevance 67.65%

The problem started about 3 weeks ago. I somehow obtained a virus entitled AntiMalware Doctor. After this, the main problem I was having was that Google Chrome would not open. I would click on icon, hour glass pointer would come up, and then turn back into regular pointer with nothing else happening. After running Norton Antivirus and MBAM, I though I was able to get rid of virus. However, each time I ran MBAM, another infected file would be discovered. Recently, I've been noticing that I've been getting redirects to Infomash and other sites when I click on a legitimate Google search result. Need help figuring out what is going on with my computer. I've attached the Attach.txt and ark.txt files discussed in the prep guide. Thanks in advance for any help.

Answer:Virus causing Google Chrome to not work and search redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

12 more replies
Relevance 67.65%

Hello,

When I do Google searches to get a list of links....then click on one of the links.....I almost always get redirected to different websites that are mostly other non Google search engines as opposed to the correct URL. This is very frustrating because I often cannot get to the link I need/want to get information from. I've tried more than one Spyware program (including CA/Computer Associates Anti-Spyware) that is not detecting and removing the problem. I heard that ComboFix from bleeping computer works great for this type of removal and was about to download and run it, however I saw the warning "Do not use Comboflix unless you are specifically asked to by a helper". Therefore I'm creating this post to be sure a helper thinks that Comboflix can work and that I should run it and am asking how to use it safely without damaging my computer but removing whatever is causing the redirects. Any suggestions would be HUGELY appreciated! Thanks much and I look forward to your response.

-Doug

Answer:suspected Malware causing Google Redirects, need ComboFix helper please

Try to restart your system in Clean boot . To do this disable all the Start up items from MSCONFIG and disable all non Microsoft services.

Then reboot your system in safe mode or in normal mode. Scan your system with any of the Antivirus Such as MalwareByte or SuperAntispyware. To fix the Windows issue, You should register all the DLLs to do this run Dial-a-fix tool. It will resolve your issue .

After that try to run Combo fix or the SmitFrodFix

2 more replies
Relevance 67.65%

There are trojans/viruses that were redirecting my Google search results. I can surf the internet without problems, but cannot access the Windows update or any other Microsoft page. Malwarebytes found and removed some things, but a few hours later would find them again. I did a Malwarebytes scan and the results were clean. But, I still cannot access Windows Update, even though my Google results no longer redirect.

I have absolutely no idea what's going on, as my Internet settings were never altered to cause the redirects in the first place. I use this computer for everything, please help?

Answer:Virus causing google redirects and no access to Microsoft pages.

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 67.65%

Hello kind helper types,

I have spent the afternoon running through the 1st steps. Attached are my logs. RootRepeal, SUPERAntiSpy, ComboFix, and MB were all put into one .zip since you can only upload 4 files.

My problems are 2: google links redirecting me to worthless sites, and svhost process errors causing my my computer to restart after a 1:00 timer (60 seconds).

Thanks very much for the help, and please let me know what other info i need to provide.

-Lance'sPC
 

Answer:Google link redirects and svhost error causing reboots

Your logs are clean. You had a bad system file that was infected and fixed, in spite of not turning off TeaTimer.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /u, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other ... Read more

1 more replies
Relevance 67.65%

About 2 weeks ago i noticed the virus. McAfee supposedly detected and removed (possibly Vundo?) by virus re-appeared. Loaded Malware Bytes, ran scan, virus found and supopsedly removed, re-appeared. Malware Bytes found viruses and removed for a while, but then no longer detected virus. Pop ups and redirects continued. Loaded Avast. Scan found virus, but virus re-appeared. Did boot-scan with Avast, found viruses, but kept re-appearing. Unfortunately I did not write down the viruses. Loaded Ad-Aware because a friend says it sometimes catches bugs others do not. Ad-Aware did detect viruses and by this time I was writing them down. Ad-Aware showed fraudtool.win\, trojan.win32.generic!bt, and win32.adware.abetterinternet. Ad-aware supposedly removed virus but it persisted and last time I scanned with Ad-Aware it found nothing.I tried doing a Windows update but it is disabled. I tried doing a Windows restore but that did not help. I tried booting in safe mode to scan in safe mode but got a blue screen that says SAFEMODE FAILS.......STOP: 0X0000007b OXF7C2F524, OXC0000034, OX00000000, OX00000000 and it says to check for viruses and run CHKDSK /F.I then found this website. I have backed up data, Enabled E-mail Notification, Enabled Windows Firewall, Disabled CD Emulation with Defogger, downloaded DDS tool and ran. However, I had problems running GMER. The first time my PC rebooted but got hung up during reboot. The next two times it began to scan but then l... Read more

Answer:Infected with unknown virus - Pop ups and redirects

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.2) System Performance Problems: Your system may lock up due to both products attempting to access the ... Read more

27 more replies
Relevance 67.24%

Hello,
Even if I have internet explorer turned off I get a popup IE ad every 5 minutes. It's usually for cars direct. Also, links in google search results pages sometimes get redirected to unexplained locations like cowsurvey, searchfeed.com, and google.com/undefined.
-Chris
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:31 PM, on 4/13/2009
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.ex... Read more

More replies
Relevance 67.24%

On random occasions, weather Im using my computer or not, it has had a few errors and some of the windows graphical elements get transparent. The errors are usually missing .DLL files or memory cannot be "written" errors, but I've had one or two other ones as well. More recently I can't even properly shut down or restart my computer because it will either freeze or do nothing when prompted. A virus scan reveals a lot of trojans but they re-appear not too long after avg gets rid of them.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by cindy at 17:02:54 on 2013-09-25
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1097 [GMT -6:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.ex... Read more

Answer:Unknown trojan causing crashes

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that....     Let's get going!!  
----------
 Are you aware that your system is set to connect to a proxy server or do you use this system to connect to school/work?
------------
  Please download TDSSKil... Read more

20 more replies
Relevance 67.24%

I am pretty much at the end of my ability trying to remove the infection on this PC. I am pretty sure it is infected with a rootkit of some type. I am getting Google search redirects and also cannot load MSE after install. The PC is running Windows 7 Home Premium x64. I have tried running the following programs in attempt to clean it:MalwarebytesMicrosoft Security EssentialsKaspersky Rescue CD 10Kaspersky Removal ToolSpybot S&DHyjackthisCombofixTDSSKillerSophos RootkitNon of these tools have resolved the issue. In fact, MSE will install, but won't run. I have uninstalled all of the security products at this point and am looking for some help. I am willing to run any type of scan and post results if directed to do so.Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

Answer:W7 x64 Unknown Rootkit - Help Needed - Google Redirects and more

Hello ,,,We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Skip Gmer,wont run on the 64.Let me know if that went well.

2 more replies
Relevance 67.24%

Hi Guys,First time posting so I hope I have done everything correctly.When I search for something in google, the first page of results contain redirects. The title of the result seems meaningful, however the website is a random ad site, For example, this is the first result that comes up when I search for "SQL" in google. See below.***START OF FIRST RESULT***SQL - Wikipedia, the free encyclopediaSQL (Structured Query Language) (pronounced /ɛsk'juːˈɛl /) [1] is a database computer language designed for the retrieval and management of data in ...www.seeklearning.com.au - 115k - Cached - Similar pages***END OF FIRST RESULT***DDS (Ver_09-02-01.01) - NTFSx86 Run by Dave at 12:56:01.10 on Sat 14/02/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.401 [GMT 11:00]AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ATKKBService.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\ASUS\NB Probe\SPM\spmgr.exec:�... Read more

Answer:Google - Unknown issue related to redirects

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

6 more replies
Relevance 67.24%

Hi Sir, I've been experiencing redirects to unknown sites when clicking on search results in Google. Please help me remove this bug/virus. Thanks in advance.

Answer:Google Search Redirects to unknown sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

9 more replies
Relevance 67.24%

Internet Explorer and Firefox are both redirecting random Google searches to ad-pages. Internet explorer is opening automatically and directing to ad-pages without prompt.Random ad-pages opening in new tabs in Firefox.System performance appears severely degraded.Taskbar is unresponsive.Wireless will not connect to routerLAN will connect to router but not to internet. (internet connection and router connection verified as good)DDS (Ver_10-03-17.01) - NTFSx86 Run by michael at 14:01:34.81 on Mon 08/16/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1526.503 [GMT -4:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\acs.exesvchost.exeC:\Program Files\Com... Read more

Answer:Google redirects and pop-ups: IE+Firefox / unknown infection

Please cancel request. I reformatted the computer instead.

2 more replies
Relevance 67.24%

Hi folksWell, after 15 infection free years I've now got one that I can't shift! Google has brought me to this forum and from what I've read you are the people to help! Anything you can offer will be gratefully received - I've exhausted my small box of tricks and without some help it would be the reinstall for me.The symptoms all arrived at once and are as follows:- Firefox crashes out of any google search. Uninstalled, tried to reinstall, installer fails (Run then disappears, no action)- IE redirects links from google search results into seemingly random sites (potting sheds when searching for MBAM is an example). Also strange IE skin change- AVG update "connection to server failed". Ran AVG "rmagent" (their suggested fix) didn't find anything and still fails to connect to server- Spybot update also fails. SB (manually updated - Tea Timer off) finds no infection. AdAware finds no infection (and works normally)- MBAM closes without trace after scanning for only a second or two- Sound settings vanished- win32kdiag returned an empty reportAttach.txt and ark.txt attached.DDS report below - thanks in advance for any support you can give me -------------------------------------------------------------------------------------------------------------------------------------------------------DDS (Ver_09-11-24.02) - NTFSx86 Run by Andy at 8:14:02.95 on 25/11/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.44.... Read more

Answer:Unknown Infection - MBAM closes / AVG and SB Updates Blocked / Random Redirects

Hello VSanWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked by defa... Read more

14 more replies
Relevance 67.24%

Hi,

I'm currently battling a virus that is causing a lot of trouble. My internet is basically unusable, any links I click on through Google are redirected to other sites, or cause Firefox to crash, or in some cases the computer to freeze and give me a blue screen (haven't seen one of those in a while...)

It's also opening multiple instances of Internet Explorer (which I NEVER use) where the program is running but not visible. Between 5 and 6 instances, doesn't use much memory. And it opens up several instances of rundll32.

I've run Kaspersky and deleted the 4 infections it found but the trouble persists. I've also run ComboFix and it deleted several files, including rundll32.exe and several .dlls which I assume were infected.

I'd really appreciate it if someone can help me through the next steps to getting rid of this virus. I'm somewhat familiar with the steps involved but I keep a pretty clean computer so I haven't had to do this in a couple of years... Thank you!

Answer:Virus causing multiple instances of iexplore and rundll32, Google redirects

An update: the extra instances of iexplore.exe and rundll32 no longer appear after the ComboFix fix, however, I'm still having occasional Google trouble with redirected links. So it's not completely gone yet.

19 more replies
Relevance 66.83%

Just found this on my dad's pc and it's been giving me a real headache. I've googled about and tried all of the stuff i found, to no avail, norton's not detecting anything and i've deleted the directory it had installed itself under Program Files\Files-Secure but it's still popping up on outlook, IE, or explorer.exe

thanks for help in advance
Anyway, here's a hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:32, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Sha... Read more

Answer:Solved: unknown trojan - “Your computer was infected by unknown trojan”

here's a screenshot of it
 

3 more replies
Relevance 66.83%

A few days ago, I picked up an unknown virus that caused me to experience numerous sporadic Internet Explorer popup windows (I'm a Firefox user). The virus also prevents me from connecting to antivirus sites such as AVG, Mcaffee, Norton, etc, and help sites such as bleepingcomputer.com (I'm having to access this on my laptop). The message I get when attempting to connect to these sites is "Unable to connect. Firefox can't establish a connection to the server at www.bleepingcomputer.com.) I have run scans using Spybot - Search And Destroy, but the success was limited as again I was unable to connect to update the definitions. I really need some help with this, and hope that the logs attached will help identify the problem.

Many thanks in advance for any assistance you are able to provide.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Stephen at 20:57:07.40 on 18/03/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.906 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\s... Read more

Answer:Infected with unknown virus, redirects and popups

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,I am thcbytes and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes m... Read more

44 more replies
Relevance 66.83%

1. After downloading and installing a free software "FROG" (for opening RAR files), I found that homepages of all my three browsers viz. Firefox,Chrome & IE has changed from GOOGLE search to CONDUIT search with some advertisements.The option column of the browsers ,however, continue to show google as the homepage.
 
2.I have uninstalled Conduit as also Frog but the homepages continue to be conduit.
 
3.I have been able to remove Conduit from appearing in Firefox(thru about:config) but I neither get Conduit nor Firefox as homepage; however, I am able to access websites other than google.
 
In chrome , I am able to get the google search engine but it is not my usual search engine and when I  input the URL (google.co.in) of the search engine I do not access anything.
 
In Internet Explorer ,the position is different, everytime I try to access the Google homepage , the MS Windows Software site is opened.
 
As adviced , I reproduce below the contents of dds.txt :
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by atul at 19:05:15 on 2013-11-15
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2038.836 [GMT 5.5:30]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* ... Read more

Answer:Infected with CONDUIT search engine which is preventing access to google homepag

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Delete junk with adwCleanerPlease download AdwCleaner to your desktop.Run adwcleaner.exeHit Scan and wait for the scan to finish. Confirm the message but don´t uncheck anything.Hit CleanWhen the run is finished, it will open up a text filePlease post its contents within your... Read more

18 more replies
Relevance 66.42%

Hello, this is my first time visiting your site.I seem to have a problem, either malware or a virus. Its symptoms include redirects of my Google/Bing search results, System Shutdowns that indicate NT AUTHORITY/SYSTEM has caused an error in DCOM Process Server and disabling of my McAfee. I also cannot seem to boot into safe mode. My computer stalls after loading mup.sys and I get a blue screen error that reads 0000007E. It really seems to be debilitating my computer. Any help would be greatly appreciated. Thank you, thank you, thank you!Here are my logs:DDS (Ver_09-12-01.01) - NTFSx86 Run at 11:24:04.67 on Sat 02/06/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ============================= Pseudo HJT Report ===============uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/openmanageuInternet Settings,ProxyOverride = *.localBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: bho2gr Class: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\S... Read more

Answer:Virus causing Google redirects, NT Authority/System shutdown, disables McAfee

Please download TDSSKiller.zip and unzip it to your DesktopRun the TDSSKiller and wait until it finishes (should be just a few seconds or below a minute).. Then find the log at your %systemdrive% (drive that contains Windows)The log shall be named something like this one..(TDSSKiller.version_date_time_log) for example.. (TDSSKiller.2.1.1_22.12.2009_19.33.44_log)Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.During the download, rename Combofix to Combo-Fix as follows:It is important you rename Combofix during the download, but not after.**NOTE: If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".After that, double-click and run Combo-Fix. Let it finish its job and post the log hereIf ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

6 more replies
Relevance 66.42%

Hello,

I am running Windows 7 Home Premium with Service Pack 1 64-bit. (I forgot I was running on 64-bit and ran GMER. I'll post it here anyway but I did have problems running it. The only boxes that could be checked were Services, Registry, Files, and ADS. The rest were all grayed out. Maybe it's because I'm 64-bit. I don't know.) A couple days ago I accidentally clicked on some ad when my toddler hit my hand and ever since I've been randomly redirected on Google and even when clicking on something on Facebook (that only happened a couple times). My browser is running slowly and when I go to a site Firefox will say on the bottom that it's waiting for or transferring from some completely unrelated, spammy-sounding site before it goes to the page I typed in. I assume this is something spying on my activity?? Other than that I haven't noticed anything else. My Trend Micro is expired but I ran Malware Bytes and it found some trojan files. I removed those and rebooted and scanned again and it found nothing but I still have the problem. I also have HijackThis if you would like me to post that. For now I will just post what you asked for. Here it is:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by TrudyMama at 20:42:23 on 2012-03-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1935 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2... Read more

Answer:Unknown Virus causing Google and random other sites to redirect!

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Ba... Read more

7 more replies
Relevance 66.42%

I have an HP dv6 1355dx laptop running a 64bit version of Windows 7.

I didn't deviate from any normal day-to-day internet activities, but got really worried when IE started opening up popups. I NEVER use Internet Explorer, so I was instantly on alert. The popups close easily, but are becoming more frequent. I also learned that whenever I try to search using Google on any of my broswers, about 80% of the time I get redirected to random, shady looking sites.

I have run all of my virus programs multiple times regularly and in safe mode. Microsoft Security Essentials would not open normally, and did not detect anything when I ran it in Safe Mode. In safe mode, it tells me that Malwarebytes picked up four different trojans, but successfully removed them and is now coming up clean.

Any help would be so greatly appreciated.

I ran one of the DDS logs, which gave me the following:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Teddi at 22:36:44 on 2011-06-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.1823 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows&#... Read more

Answer:Unknown Infection causing multiple popups and Google redirect.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

16 more replies
Relevance 66.42%

Hello,I have a Dell Latitude E6400 that was recently infected with a bundle of malware. I've already manually removed Antimalware Doctor, Security Suite, and ran a Norton scan (out of date software) that found a few trojans (Trojan.FakeAV!gen30, Trojan Horse, Trojan.FakeAV!gen38, Trojan.Dropper). I thought this would end the computer issues but these are the symptoms that remain:Whenever I connect to my home network I get a message titled "You are about to be logged off" which reads, "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now." The computer always restarts after this message, even when automatic restart is turned off under advanced system settings, and even when I plug in directly to the modem, bypassing the router. I took the computer in to Best Buy to have the Geek Squad look at it and they were able to access the wireless network in their store without a problem.I then tried going online using my dad's Sprint Mobile Broadband USB Modem. I was able to connect to the internet for a few minutes on this, but eventually received the same error message and automatic restart. While online I tested the connection by doing a "microsoft" google search, but was redirected to a site called Infomash.org that advertised business cards.I am sure there is still some malware in the system, or at least some malfunctioning bits of it, but I don't think its Antimalare D... Read more

Answer:Unknown malware causing automatic restart, google redirect

Hi neyens,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will revi... Read more

1 more replies
Relevance 66.42%

Hello,

I have a Dell Latitude E6400 that was recently infected with a bundle of malware. I've already manually removed Antimalware Doctor, Security Suite, and ran a scan that found a few trojans (Trojan.FakeAV!gen30, Trojan Horse, Trojan.FakeAV!gen38, Trojan.Dropper). I thought this would end the computer issues but these are the symptoms that remain:

Whenever I connect to my home network I get a message that reads something like "Windows has encountered a critical error and will restart automatically in one minute," which it does faithfully, even when I plug in directly to the modem, bypassing the router. I took the computer in to Best Buy to have the Geek Squad look at it and they were able to access the wireless network in their store without a problem.

I then tried going online using my dad's Sprint Mobile Broadband USB Modem. I was able to connect to the internet for a few minutes on this, but eventually received the same error message and automatic restart. While online I tested the connection by doing a "microsoft" google search, but was redirected to a site called Infomash.org that advertised business cards.

I am sure there is still some malware in the system, or at least some malfunctioning bits of it, but I don't think its Antimalare Doctor or Security Suite as I've gotten rid of all those files, registry keys and registry values. If anyone has any ideas of what I might have or what to do I would greatly appreci... Read more

Answer:Unknown malware causing automatic restart, google redirect

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

2 more replies
Relevance 66.01%

Ok my title and description make me sound a little dumb, but I know a little about what I'm doing, It's just I think there are many unwanted processes working on my computer.

The most obvious thing is when firefox loads its default homepage and I try to search something, the search automatically redirects to a site called "SEARCH" with the letters using GOOGLE's colors and font. In the adress bar it says the page address is : search.feedandme.com.

Also often when I click anywhere on a webpage two pop-ups are generated, this is not related to the site visited, it happens on every site, usually in the first 5 minutes of a new firefox session. (I've notice this has been going on for the last 3-4 weeks.

There may be other processes/malware at work, if you can help me with cleaning my computer as much as possible it would be appreciated, although I know perfection is not of the computer world hehehe!

Finally you should know I downloaded and ran combofix, but when i heard my computer beep, i panicked and stopped it before it started (the beep was in relation to a message asking me to turn off my anti-virus, but it made me realize combofix was not something I was trained to play around with!) So I'm pretty sure it did not have the time to do much but it did create a folder and an executable file in my C: I do not dare to touch! Just wanted to let you know before we do anything!

Thanks for your help in advance! Here are the repo... Read more

Answer:Infected with various unknown processes - firefox home redirects + 2 pop-ups

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/436138 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

40 more replies
Relevance 66.01%

Alright, so I've got this trojan on my Virtual machine that I'm unable to remove.
Here's some symptoms of the trojan:
Redirects my google searches
Opens 2 Internet explorer from the parent process c:\windows\system32\svchost.exe
Connects to random site with IE command line "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "random site"
And the other IE process' command line is "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:(4 random number) CREDAT:14337
Closes and reopens the IE process every few minutes to connect to other site and connects to multiple tcp/ip.
It injected code into c:\windows\explorer.exe, c:\windows\system32\winlogon.exe and c:\windows\system32\svchost.exe (virustotal detected them 5/43)
Keeps creating tmp files in C:\Documents and Settings\All Users\Application Data. When i open these files, it looks like a .job file.

I need ideas on how to remove this. I am not a beginner in malware removal. I tried many things and nothing helped.
Here are my logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 20:35:42 on 2012-01-05
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.247 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\... Read more

Answer:Unknown backdoor trojan, redirects searches.

Nvm fixed, I just booted with recovery console and replaced the infected svchost, explorer and winlogon.
Should have though of that before :/

2 more replies
Relevance 65.6%

Hello, I'm working through an apparent slough of bugs in my parents computer.

They are running Windows XP, SP3. They've been having Google redirect issues for a few weeks and CPU usage in the upper 90%'s.

In the process of (and after running all these scans) fake antivirus software has popped up making the system unusable, offering that rundll32.exe and logonui.exe are disabled.

I am working in Safe mode right now, and have since removed AVG Free to replace it with Microsoft Security Essentials. I have also reset the wireless router in case it has been infected.

Any help would be greatly appreciated.

Thanks,

Amber
 

Answer:Google redirects, fake antivirus, etc

We still need the log from running MGTools --> C:\MGlogs.zip.
 

15 more replies
Relevance 65.6%

I recently recovered from a particularly crippling virus, but now I'm stuck with a few remnants I guess. Google search results redirect me to irrelevant sites and the majority of antivirus websites simply won't load even if I visit it directly. In addition, AVG and AdAware won't update, Avast won't install (it claims to not be able to detect an internet connection, but here I am). I don't think it's a problem with my internet configuration since my Steam client can update just fine; it's only the antivirus that can't connect. In addition, my system 32 and temp folders are filled with suspicious files such as 8B.TMP, 8D.TMP, IadHide5.dll (in my temp folder), MAR6.tmp, two text files called _hphtra07 and hpodvd09 and a bunch of other locked and rather shady files. I would really appreciate any help on the topic, thanks.

Anyways, reports:


DDS (Ver_09-10-26.01) - NTFSx86
Run by HP_Administrator at 9:23:19.96 on 14/11/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1383 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched... Read more

Answer:Google redirects, antivirus won't update

Hi,

* Go here to run an online scanner from ESET.Tick the box next to YES, I accept the Terms of Use.
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish
Copy and paste results to your reply.

2 more replies
Relevance 65.6%

Hi. As the title states, I can't even run my real antivirus (adaware, malwarebytes, hijackthis, etc) even in safe mode. I can't even find some of the files, and it won't let me update or install programs. I read in an old thread to use win32kdiag, so I did that and here is the log, which is hardly anything:

Running from: C:\Documents and Settings\Heba\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Heba\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

Answer:Fake antivirus, google redirects

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Relevance 65.6%

Hi. First off, I just want to say that I'm definitely not a computer expert, and this is my first time posting something like this.

I'm currently experiencing a virus that is not allowing me to run any Antivirus programs (Spybot, Malwarebytes, Windows Defender). Avast seemed to work for a while, but now it also will not run.

Search results from Google are also being randomly redirected.

One last problem I've noticed is that once I log into Windows Live Messenger, I get an error message for "Windows Live Communications Platform", and it logs me out.

Please help me to solve these problems, and thanks in advance.

Answer:Can't run Antivirus programs, Google redirects

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 65.6%

I've always had issues with AVG anti-virus and Windows Defender. Upon a series of fights with the two programs, I somehow stopped the conflict. This may be irrelevant, but I thought it might be good to include since Windows Dfender is now unable to start and AVG doesn't seem to catch evrything/anything. About a month ago Windows Defender caught a Trojan (I can't remember correctly but I believe it was called Alureon) and said to have contained it. It further instructed me to restart and remove traces of the trojan. I restarted and was going to follow instructions which I found online to remove any of it's traces but I never got to that after restarting. According to the instrutions I was to download TSSDKiller.

So that was my history so far. Now I am faced with many other problems which I think the trojan is responsible for. I was recently attacked by the UKash virus which held me ransom from my computer. I went through multiple manual ways of removing the virus but had no luck since I was unable to locate the virus files to delete them or did any files on my system look suspicious (I am not computer expert though). I resorted to system restore which I believe will give me temporary relief. Also, last week I was trying to open internet explorer and load the google search page, but my computer froze up on me. I had to force my computer to shut down since I could not even open task manager. That's when the mess started and my computer told me... Read more

Answer:Unknown trojan infection causing a slur of troubles

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Please download GMER from here(doesnot work on 64 bit OS)http://www2.gmer.net/download.phpTemporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply. DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here

15 more replies
Relevance 65.6%

I believe this all started when my McAfee Enterprise 8.70 (w/ Antispyware) popped up a message saying it detected SpyAgent-br.dll - and required a reboot to remove it. Done.Then last night, I discovered an entry in my registry and msconfig for "akaqg" which pointed to a small executable - a google search came up with nothing, so i went about scouring my registry and other system files for other entries referring to this program. I also disabled, re-enabled, and disabled System Restore to flush it out.While searching for "remove entries from msconfig windows xp", any link that I clicked that pointed to the official microsoft support page was redirected to a bogus search page. I had to copy and paste the address into firefox myself.So, following the preparation procedures, I ran the scans in order.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Administrator at 9:12:55.57 on Wed 06/30/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262.925 [GMT 8:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Sett... Read more

Answer:Google Redirects, misc. unknown entries in msconfig and registry

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

25 more replies
Relevance 65.6%

Hi Everyone,

First of all, thanks for providing such a useful forum!

My girlfriend's laptop has been acting up lately. When she clicks on search results in Google (among others), she gets redirected to completely unrelated websites like wiseto.com or nomoresurfing.net.

I ran a scan on the laptop using AdAware and ThreatFire and did sort out a few suspicious objects, but the re-directing is still occuring.

Here is the HiJackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:20 PM, on 01/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lav... Read more

Answer:Help! Clicking on Google search results redirects to unknown sites!

16 more replies
Relevance 65.6%

I have HP compaq 6720s Intel core duo t7250 2ghz 1mb RAM, win xp sp3, NOD32 3.0 updated, Spybot search and destroy 1.6.2. updates, spyblaster 4.2. (i should update it). IE8.0. I have accidently clicked on a weird e-mail message and after that computed started to redirect web pages and NOD32 is constantly reporting that some weird web pages and or IP addresses are trying to connect to my computer. Google is redirecting all antivirus web pages to something else. I have run spybot and nothing. Then I have run NOD32 and daonol.g and IRCbot were deleted, but computer still redirects web pages and NOD32 constantly reports that some web pages are trying to connect to my comp. I have tried system restore to the date before I oppened that e-mail and nothing happened. HELP IS WELCOMED? Should I run combofix? or daonolfix? or something else? The worst thing is that I am on a trip far from home and I cannor reinstall windows since I have to use comp all the time on the business trip. Joe

More replies
Relevance 65.6%

1. Initially infected with a Google redirect; Hitman Pro appeared to "fix" it.
2. Within a couple of days, Antivirus IS showed up; used Hitman Pro again.
3. Some sporadic redirects continued.
4. Maybe a week later, Antivirus IS showed up again; used MalwareBytes to find/fix.
5. Frequent redirects have continued. Redirects often take me to epoclick.com, an advertising site.

DDS (Ver_10-11-10.01) - NTFSx86
Run by Jamie at 22:26:30.96 on Mon 11/15/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.477 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Fi... Read more

Answer:Infected with Antivirus IS, plagued by redirects

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

26 more replies
Relevance 65.6%

I'll try to keep this as brief as possible, but I've been battling this for a couple weeks so there are a number of details.I first noticed a problem that sprung up as the Vista Antivirus 2012 problem with prompts coming up notifying me a virus had been blocked or that I needed protected or something. I took the necessary steps. RKill under Safe Mode 'finds' nothing. Malwarebytes found a few different things the first time (I didn't save those, unfortunately). Under Safe Mode with Networking or the normal start-up, RKill ALWAYS identifies \\.\globalroot\Device\svchost.exe\svchost.exe as a problem. If I run RKill 5 times in a row (without restarting), this will always come up. Some times a few other items will be identified. (Since all of this I haven't gotten any Vista AV 2012 problems)Here is the result of one RKill finding:\\.\globalroot\Device\svchost.exe\svchost.exeC:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2539636-x86.exec:\605f9bc8a57274a668\Setup.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeMost of the time I cannot get Malwarebytes Anti-Malware to open up in Safe Mode w/ Networking or regular mode. If I am able to get it to operate, it certainly won't a second time. AVG wouldn't really run either, so yesterday I updated it. I actually was trying to uninstall it (because of the new virus bleep... Read more

Answer:Infected with unknown virus. Firefox redirects, & some programs don't function

While looking at other people's threads, I saw someone recommend RKUnhooker. I put this on my computer and ran it. Here is the report.

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x90009000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7225344 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82039000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82039000 PnpManager 3907584 bytes
0x82039000 RAW 3907584 bytes
0x82039000 WMIxWDM 3907584 bytes
0x96E80000 Win32k 2113536 bytes
0x96E80000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x90806000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1343488 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x8AC0F000 C:\Windows\system32\drivers\ql2300.sys 1277952 bytes (QLogic Corporation, QLogic Fibre Channel Stor Miniport Driver)
0x8B206000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8B006000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8AF11000... Read more

27 more replies
Relevance 65.19%

Hi,I have a virus,will not let me run .exes,and redirects I.E. I seem to have gained a virus/trojan,despite using AVG Free.It has disabled resident shield and email scanner in AVG,cannot reactivate,cannot install Hijack this-the installer runs for a minute then vanishes.The same happens with MBAM,Spybot,and AdAware.No luck starting and running in Safe Mode either.The brwser-IE8-has been hijacked too;I have http://www.google.com/webhp?=0as my homepage-this turns off autosuggest,-when I perform a search,the relevant google search results appear,but when clicking on a result,Google.com appears in the address bar,then suddenly clicks through about 3 or 4 different addresses eg exoclick.com,then askolot.com.Is there any way of avoiding a reinstall please?I have cured many a PC but this one has me stumped!Many Thanks. Tony.

Answer:Help!Trojan redirects,and will not allow me to run antivirus

try safe mode.
restart computer and tap "F8" when prompted. select safe mode with networking.
once logged in. click start and use internet explorer without add-ons.
do. google.com. type this exactily. "combofix download" select like the 5 or 6th one.
web will be like ironic.com.....
there will be a post in it for combofix download. click the 2nd "here" and download to desktop
run program. and when it asks if you want to install "restore" option. i normally NEVER do. cause windows already has a built in restore option.
BEST of luck. (after doing combofix. RUN FULL VIRUS SCAN IN SAFE MODE!)

4 more replies
Relevance 65.19%

I am new to the forum. I ran across it last week looking for information about the XP Antivirus 2010 virus. I have learned a lot of general information but the specific help seems to be geared to each poster based on the logs from their computer so I thought it would be best to try it that way. Last week my computer became infected with the XP Antivirus 2010 that many have complained about on here. By using system restore and Spyware Doctor I believe I have removed the virus however I am still having problems with Google redirecting search links to other sites. I purchased Spyware Doctor and ran a full scan however I am still having the same issues. That is now the only spyware program that I have. I also have Malwarebytes Anti Malware although that scan is coming up clean as well. Both programs are up to date. I just purchased Spyware Doctor specifically for this and it comes with a 30 day money back guarantee. I am disappointed that it has not fully fixed the problem, should I get rid of Spyware Doctor and try something else? I thank you in advance for any help that you might be able to provide. I have attached the requested logs. If there are any problems with the logs please just let me know and I can try again.

Thank You, Stan Holmes

DDS (Ver_10-03-17.01) - NTFSx86
Run by holmes at 14:29:32.26 on Thu 04/22/2010
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============


============== Pseudo HJT Report =============... Read more

Answer:XP Antivirus 2010 Aftermath Google Redirects

Hello Stan,

I see several areas of concern in your logs. It will require more than 1 round to clean the system. Please stay with me until given the 'all clear' even if symptoms seem to abate.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see t... Read more

15 more replies
Relevance 65.19%

Hey everyone. First time posting!

Here are my symptoms:

First of all, when I start the computer in normal mode, I get an error. "explorer.exe: The application failed to initialize properly (Oxc0000005)" However, this error does not occur in safemode. I can get back to the explorer in normal mode through the taskmanager: run: explorer.exe.

Now regarding the browser: Google redirects me whenever I try to go to an anti-virus website. Including this site!! (I'm posting from my Dad's computer). This occurs in both IE7 and Firefox.

In addition to this, Whenever I try to start an antivirus program, the process appears in the task manager, but no window will pop up. This occurs with SpybotS&D and Combofix.exe and Malwarebytes. This happens in normal AND safemode.

As you can imagine this is very frustrating. Thank goodness RSIT ran and gave me some logs, or I'd be SOL.

Here are the logs. My computer is a Dell Inspiron 6000 laptop running XP SP2 Pro with BSafe filtering.

Thanks in advance guys.

Answer:google redirects, cant open/run antivirus programs

Hello Pennyman,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

2 more replies
Relevance 65.19%

I let my friend borrow my computer for the past month and when I got it back no programs would open, I got a command window titled desot.exe and it closed.

I was able to get malwarebytes to finally open by right clicking and running as user, and renaming the program. now every day I have to force quit windows antivirus pro (fake I know) and then close svchast.exe and run malewarebytes again, PLUS after running malwarebytes and it comes up clean, the search engines are still doing the redirect.

DDS (Ver_09-07-30.01) - NTFSx86
Run by administrator at 14:23:43.68 on 2009-08-25
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.250 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com... Read more

Answer:Windows Antivirus Pro & Google/yahoo redirects

it has since escalated. I can now no longer start the computer. in regular mode I can only do 2 commands, windowskey+L (switch users) and windowskey+U (utility manager). alt+ctrl+del or shift+ctrl+esc both yield "task manager has been disabled by the administrator" who there isn't any other users on the computer but myself. rebooting into safemode yields the same results.

I slaved the HD to another computer and was able to run malewarebytes full scan and came up with 22 infections which were promptly removed. attempted to boot from hard disk again adn it is doing the same thing.

3 more replies
Relevance 65.19%

Hello,

I am having issues with both of my Internet Browsers (Firefox and Internet Explorer). Whenever I click on a link it re-directs me to a bogus fake anti virus sites, random sites and fake web search sites. I have run Malwarebytes, Norton AV, AVG AV, CCleaner and Tune up utilities and this prob. still exists.
I have also uninstalled and installed each of the browsers and made sure to clear all info such as cookies, customizations, bookmarks, etc.
One thing I did notice is that when I re-installed FF, I was not being re-directed, until I accessed my bookmarks (that I backed up), then BAM! re-direction craziness!
I am at my wits end, ready to throw my laptop across the room. I have attached GMER and OTL logs to my post (My computer is not allowing me to copy and paste the logs directly within the body of the e-mail, so I have attached them to my post instead.
Thanks for reading and hopefully you can help!
 

Answer:Bogus antivirus programs & Google redirects

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:

:Processes

:Services

:Reg

:Files
C:\WINDOWS\System32\15724.exe
C:\WINDOWS\System32\19169.exe
C:\WINDOWS\System32\26500.exe
C:\WINDOWS\System32\6334.exe
C:\WINDOWS\System32\18467.exe
C:\Documents and Settings\Taheerah\Application Data\grwqhp.dat

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open... Read more

3 more replies
Relevance 65.19%

any time i go into google and try and search for a way to fix my problem i get redirected to nothing sites...also i have read many other threads and tried to download/install other programs that may help and i can usually get the installer to work by changing the name but once installed they all just crash when i open them except for hijackthis....any help would be greatly appreciated since i am only home for a week from school to fix this

here is a hijackthis log

also i forgot to add i use nod32 but i cannot get the update to work and when i scan it says its clean but i believe that is only cause the av updates i have are from like 2007 since it wont update
 

Answer:google redirects cant access antivirus pages

i managed to get my internet working by renaming combofix. i ran that it took care of some problems so i was able to update and run nod32 but i would really like someone with more experience to take a look at what i have now....if you need more info just tell me what i need to do to get it to you...any help would be GREATLY appreciated since i have till next weekend to fix this since no one in my family knows how to even use a computer and i will be heading back to school

edit: about 2 hours later i ran superantispyware and it has found 18 threats and its not done i will post what happens tomorrow seeing as it is not done i am drunk and i ahve to sleep......please help

and i understand it takes time and effort so thanks for any help at all
 

1 more replies
Relevance 65.19%

Today I some how get a pop up that I have antivirus 2011 and its detecting stuff. I know I didnt intentionally download this thing so I remove it using Revo uninstaller and its gone but now I am getting redirects when in google and my malwarebytes wont take care of the problem. Thanks for any help you can provide.

DDS

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Randy at 13:18:58.81 on Tue 04/12/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3069.1474 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
... Read more

Answer:Google redirects after removing antivirus 2011

We'll start off with this.Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


If an infected file is detected, the default action will be Cure, click on Continue.


If a suspicious file is detected, the default action will be Skip, click on Continue.


It may ask you to reboot the computer to complete the process. Click on Reboot Now.


If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

14 more replies
Relevance 65.19%

I've been battling some kind of system exploit that has been installed on my system for the last week. As far as I know I've dealt with the higher level infections such as fake antivirus software but I'm having trouble with the root system exploit.

OS: Windows 7 64-bit, I do not have access to the recovery CD right now otherwise I'd just format!

Symptoms: I will be browsing the internet (firefox) and I will see my firewall blocking (McAfee) the browser from connecting to an unknown IP address. This will happen several times until eventually my antivirus (McAfee) software will say it blocked a trojan and deleted a file consrv.dll calling the trojan zeroaccess.e (I think this is what I need help to remove). After this happens, a full payload of other nasty software is unleashed that I seem to have removed although I'd appreciate any help in checking this!

Solution Attempts: I've basically hit this with all the anti virus software I know, MBAM, spybot and a variety of online scanners and tools (I haven't tried combo fix or any of the more advanced software yet). This seems to have been moderately successful in that the computer itself seems ok now, although some of the software did attack windows action center and I had to use a system restore to get that functionality back. I realise using system restore when I wasn't 100% sure the virus had been fixed was a bad idea but I didn't know what else I could do at the time.

I've a... Read more

Answer:Unknown Rootkit Or Trojan Causing Repeated Malware Infection

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

31 more replies
Relevance 65.19%

Referred from here: http://www.bleepingcomputer.com/forums/t/316443/infected-and-not-sure-anymore-what-to-do/ ~ OBWhenever I enter Google and search for websites that I frequenlty visit and click on them most of the time I get redirected to other websites with really long URL's (probably websites that infects or do something else)...however there's not even any content on these strange websites..I just get blank space all over the browser window. Malwarebytes Anti-Malware keep saying that it is blocking access to potentionally malicious website with some unknown IP following afterwardsSometimes I do manage to enter my websites through google but very rarely, also from what I've noticed this only seem happen when I try to enter websites through google search. If I just were to write the websites I want to visit directly in the URL bar it works fine. I've noticed that around the time I most likely got infected (that was when I opened an obvious fake mail by mistake) my computer has been working really slow as well.I've followed the Preperation Guide Step 6-9 and have created a DDS and Attach log. I tried to run GMER and while it did scan it would take forever to scan but that's not the problem, the problem is that GMER basically freeze my whole computer, I can't do anything, not run a simple application..I can't even save the results from the scanning done in GMER because if I do click on the save button my computer will just show this loading icon and nothing will ever happen.... Read more

Answer:Google work slow, redirects me to unknown websites (possibly Virtumonde)

It seems that everytime I try to post a new post with my whole DDS log more then half of it disappear, everytime I try to modify the post by putting the whole log it gives me an error. I can't even attach the file. What's wrong?

16 more replies
Relevance 64.78%

Hi all

I've been hit with a virus, which normally wouldn't be an issue because I run antivirus scans a couple of times a week and can clear out most problems. But, this time whatever has infected me won't let me run any of the antivirus programs to clear out the infection.

So far I have tried:

Spybot: Opens, starts scan and shuts itself down after about 15 seconds. Happens in Safe and Normal mode.
Malwarebytes: Opens, starts scan and shuts itself down after about 15 seconds. Happens in Safe and Normal mode.
SDFix: (only run as administrator in Safe mode) Opens, starts and shuts itself down after about 20 seconds, screen turns black and no further activity, need to shut down PC and switch back on again.
Hijackthis: Managed to get it to start scan once, then it closed down. Haven't been able to get it to start since. Last attempt at HJT gave the message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to run the item".
I would have attempted combofix but as I don't really know what it does and because advice on its use usually comes with a warning, I've left it alone.

Have also tried using system restore but all restore points are failing.

At the moment I can still use the PC as normal but am avoiding it as much as possible because I've got no idea if someone's stealing all my details plus when I do use the internet I'm getting redirected half of the time. Current... Read more

Answer:Infected !!! Cannot run antivirus programs and internet redirects

16 more replies
Relevance 64.37%

when ever i try to go to widows update site, i am redirected too google search page. it was recomended i run combofix which i have done said it found 2 files , i am attaching the log file could somebody please help as to what to do next.ComboFix 09-04-19.01 - stephen 04/20/2009 18:00.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.817 [GMT 1:00]Running from: c:\documents and settings\stephen\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Autorun.infc:\docume~1\stephen\LOCALS~1\Temp\install_flash_player.exec:\recycler\ADAPT_Installer.exec:\recycler\S-2-8-17-100013573-100032011-100026260-6005.comc:\temp\PRE45c:\windows\system32\drivers\gxvxclvawedrfqnqavavrtnnbplrrpbvoemhs.sysc:\windows\system32\drivers\gxvxcmtnbmnreeoamdbwuxxoboivdylktlexv.sysc:\windows\system32\drivers\gxvxcrnqaiqmupqoqxylkrjigbnxgwwepxfuj.sysc:\windows\system32\drivers\gxvxcrvkbgixboewprqhovtlnapjeimudmvcm.sysc:\windows\system32\gxvxccounterc:\windows\system32\gxvxckpljqloygaecxnmffyvuridvbvsppfds.dllc:\windows\system32\sX3i02.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_GXVXCSERV.SYS((((((((((((((((((((((((... Read more

Answer:when trying to run windows updates it redirects me too google every time

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic in the Am I Infected forum.http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.This topic is now closed. The BC Staff

1 more replies
Relevance 64.37%

Hi,

My computer runs Windows XP Pro.

A few weeks ago I got the Windows Recovery fake antivirus, which hid my files, told me the hard drive was corrupt, etc. I immediately realized it was a threat, shut off the wireless, ran antivirus and anti-malware scans. The Windows Recovery disappeared, but my browser was then taken over, redirecting web searches, random audio ads when Internet Explorer hadn't even been opened, etc. Interestingly, this all started within an hour of installing a Java update.

Over the next couple of weeks, I ran several of more scans, in safe mode and normal mode, and updated on a regular basis. Symantec, Spybot, Adaware, and Windows will not update automatically, and Windows cannot even be updated manually. Several trojans and viruses have been detected and deleted. A couple more fake antivirus programs have popped up, but each have been quarantined/deleted. I've been able to manually remove some of the source files, and fix some of the registry files. At one point, it seemed like I had gotten rid of everything, but when I tried to do a system restore (unsuccessfully), I realized it was not all gone as the audio ads and browser redirects have come back.

Thanks for your help!

Programs I have run include:
Symantec Antivirus Corporate edition
Adaware
Spybot
Malwarebites
SuperAntiSpyware
Norton Power Eraser
HijackThis

Deleted since this began:
Trojan.Agent (Gen-Nullo; Gen-IEFake; IExplorer; and Gen-PEC)
Trojan.FakeAlert
Trojan.Mijapt
Troj... Read more

Answer:Fake antivirus, audio ads, browser redirects, hidden files, blocked updates, etc

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

26 more replies
Relevance 64.37%

 hijackthis.log   6.98KB
  7 downloadsEDIT: I am unable to run DDS, when I try and command window appears for a fraction of a second and then nothing happens that I can see. I believe that whatever is causing my problem is preventing DDS from running.This is a log from my Windows XP Pro SP3 machine that is exhibiting symptions as described in the title of this topic and in this thread: http://www.bleepingcomputer.com/forums/t/206736/run-cmdexe-causes-explorer-to-crash/Whenever I run cmd OR regedit OR batch files explorer.exe crashes as evidenced by my taskbar and desktop icons disappearing and then coming back after a second or two. I’ve also been experiencing occasional redirects when clicking on search results from google, this happens in both Opera and Firefox. I have no idea how this is happening since the redirects happen after arriving at the exact URL that the results give me since my back button will bring me back to the page I was expecting most of the time.I believe I first noticed the problem with the redirects Thursday night (Feb 26), but it is subtle enough that I might have seen it sooner.I have tried running the following to resolve this with no success:Malwarebytes Anti-MalwareSpybot Search & DestroySUPERAntiSpywareAd-Aware 2008Norton Anti-Virus Corporate Edition (my school’s IT department gave it to all students)I have also tried renaming cmd.exe to cmd1.exe and running cmd1 and that DOES work.I checked my hosts file i... Read more

Answer:Unknown Infection - cmd and regedit crashes explorer, google search result redirects

 rsit_log.txt   26.79KB
  3 downloads

Upon the suggestion of one of the moderators I used the RSIT tool since I was unable to get DDS to work. Hopefully this will be of more help.

3 more replies
Relevance 64.37%

I?m on a Windows XP with Media Center PC and I?m experiencing Google redirects while in my Firefox Browser, background audio from iexplore.exe, iTunes pops up then random download of podcast occurs, and hidden start up menu. Booting up to safe mode produces a blue screen which keeps me from running programs in this mode.
My tech friend fought off a prior System Fix virus which came up last week using programs like Stringer, ComboFix, etc. I noticed he left the programs on my son?s desktop. Can you help? If so, I?m not familiar with how to produce the log lists you will need to diagnose the problem.

Answer:Google redirects on XP PC, background ads/audio from unknown sources, hidden start menu.

Hello,Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button. Since you have run ComboFix, please include the ComboFix log in the reply.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, include the information that you were unable to produce the other logs, include the ComboFix log, and describe what happens when you try to create the other logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

4 more replies
Relevance 64.37%

Hello. Yesterday, my computer started showing signs of malware; Google search results were being redirected to other sites. Today when I got home from work, my computer was infected by Antivirus 2010. I had followed manual instructions to remove it, but I could not find any matching registry files, dlls, or any such related files. The only thing I did manage to find was an Uninstall under Add and Remove Programs; this removed the pop-ups for Antivirus 2010 upon boot up.

However, the Google Redirects persist. Any Anti-Malware program I used ended up either closing on their own, along with the message, "Windows cannot access the specified device, path, or file. You may not have appropriate permissions to access the item.", or they simply refuse to work properly. HijackThis, Hitman 3.5 Pro and GMER all cannot run anymore in the former fashion. Hijack This, Hitman 3.5 Pro and GMER will not run as soon as I start the scan, although they are fully functional from the start. Spybot Search and Destroy refuses to open from the get-go. Spyware Doctor and Avira AntiVir have buttons that cannot be clicked; most importantly, the scan functions will not run. Any games that have any anti-hack/cheat systems will also not load properly.

I am unable to obtain a GMER log due to the above problem.

DDS (Ver_10-10-21.02) - NTFSx86
Run by Raymond at 1:26:45.06 on Sun 10/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.260... Read more

Answer:Anti-Malware Cannot Run, Google Redirects, Antivirus 2010

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

4 more replies
Relevance 64.37%

Having issues with links in google getting lots of VIMAX ad'spopping up i cannot download any security updates or access microsoft IE secuirty updates or spy blaster tools

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:32, on 06/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
c:\acer\KnobService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Aspire\WFTVFM\WFWIZ.exe
C:\acer\KnobMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Real\Update... Read more

Answer:Google redirects, cannot update antivirus/windows explorer

16 more replies
Relevance 64.37%

well not sure where to start. My antivirus subscription expired and well I made big mistake of leaving the machine unprotected and I got infected with god knows what. I notice I am getting google re directs like crazy so I went and try to run trend micro online version but it will not run giving an error that window installer cannot be started. So I downloaded and try to install trend micro same errors. The computer is running crazy slow and I know I am infected I am just completely clue less what is going on. I hope this is the right forum I posted this topic if not can someone please move it? thank you I appreciate it.

Answer:Cannot run or install any type of antivirus software and getting google redirects

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

19 more replies
Relevance 64.37%

I keep getting redirected by google and everytime I try to run a scan it loads then exits and won't let me open the programs. It says that I don't have the appropriate permissions.

DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Troy Wahl at 7:54:05 on 2011-08-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3199.2676 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: ZoneAlarm Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - c:\program files\zonealarm_extreme_security\prxtbZon0.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\comp... Read more

Answer:Google redirects me and I can't open any antivirus scan software

Hello troywahl,Welcome to Bleeping Computer.Please tell me why you are running the tools from Safe Mode with networking.
Please download DummyCreator.zip and unzip it.
Run the tool.Copy and paste the following into the edit box:

C:\WINDOWS\659951078Press Create button and post the result.Important: Restart the computer.
Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

4 more replies
Relevance 64.37%

Hello, I am not sure how to go about this, so I figure I should just explain the situation.

I am currently battling "Privacy Protection" and it's fellow infections, the computer in question belongs to my parents, and I have been attempting to assist them in removing the virus for some time. In the past 2 months, I have removed several of these infections through various methods, and today it has reamed it's ugly head for the last time and so I come to you, for assistance.

A little background, I have been warning my parents about the lax policy of computer security, I have taken steps to install precautionary measures for some time *No script, Ad block plus etc,* And yet, they remove them as it is more convenient for them.

I have, in the recent two months, installed and successfully ran trial versions of malware bytes removing a whopping 8xx infections. I have also ran Kapersky crysis cd, and have run avast from an ubuntu live anti-virus iso which included malware bytes.

I am at my whitts end, I have college work that I need to do and can't keep fighting with this.

Does anyone have any suggestions for me in order to help my parents out? I would start to post logs, but I saw that they are strictly forbidden in this subforum and so I await to be instruction.

Thank you in advance, it is much appreciated.

edit: I forgot to post operation system specifications.

XP Home edition x86

More replies
Relevance 64.37%

Recently I noticed my laptop slowing down.

-I attempted to use my antivirus (ESET NOD32 Version 4) and got a message along the lines of "Cannot communicate with kernel."

-I then tried to use Malwarebytes and Superantispyware. Both worked at first but when I tried to remove what they found, the windows would immediately shut. After that happened once in each program I was unable to open the program again. Instead I was told that "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

-Also, anytime I click on a link in Google or Bing I'm redirected to some random site.

-In addition to that, I started to get pop-ups every time I started Internet Explorer.

-Internet Explorer would crash and "not respond."

-So of course I tried to bring up my taskmanager only to find that I couldn't! It refuses to open by keyboard shortcut or through the run command.

After that, I came here to ask for help.
I followed the preparation guide.
-I downloaded the DDS Tool but it did not generate a log. Instead there was a long line of "#########" across the bottom line of the DDS Tool's screen.

I moved on as the guide said but ran into another problem.
-I downloaded the GMER and followed the directions but as soon as it was done scanning the window closed.

Therefore I have no logs to show you.

Any and all help is appreciated.

Answer:Google/Bing Redirects & Cannot Access Antivirus Software

Welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OTL from... Read more

32 more replies
Relevance 64.37%

Every time I search anything on google the searches come up right but the link is to random other sites and the first search link is always search-antivirus.com. I'm not tech savvy and I have norton 360 and did a complete scan and it came up clean so I think it might be malware but I'm really not sure. Any help would greatly be appreciated.

Answer:Google search redirects - first site is always security-antivirus.com

"Bump Please"

12 more replies
Relevance 64.37%

I continue to get re directed during google searches. Most of the time when I click a link I get redirected to other sites. I noticed this almost 2 weeks ago.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Heather Bianchi at 21:16:09 on 2011-10-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.2121 [GMT -4:00]
.
AV: Trend Micro Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.e... Read more

Answer:Google search redirects - Malware antivirus not picking it up

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

6 more replies
Relevance 63.96%

I'm hoping someone here can help. I've been working on this for over a week. I have already run quite a few programs (to say the least), the latest being Combofix (this was suggested by our AVG tech support). I have finally gotten the Alureon off, I think. I was able to finally download and update the machine to XP sp3 and IE 8. I removed the Alureon using the MS Malicious Software Removal Tool. The Antivirus 2010 is showing as a program but of course, cannot be removed. I have run MS Security Essentials, Malwarebytes, Superantispyware, AVG, Trojanremover, etc. The main problem I am having now is the redirect. Anytime I try to access a site with any type of security update, patches, etc., I am redirected to a fake search engine type site. I cannot access Microsoft Update. I reloaded XP Pro (which took it back to SP 2 and I manually installed SP 3)on the machine and it fixed many of the problems, but the redirects will not go away so I'm assuming something is still in there, I just don't know what. As mentioned, I have run many of the reports already at the request of my AV provider but they have been useless in helping. I'm attaching the files that I have, if anyone could help I would be deeply indebted.

EDIT: I ran ESET Online Scanner. Found plenty of Virtumonde, and Antivirus 2010. It removed them all and then I ran the fix for Virtumonde and it found nothing. Ran the scanner again in safe mode and it found more including Bamital, and rem... Read more

Answer:Machine infected with Alureon.dx, Antivirus 2010, IE redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

24 more replies