Over 1 million tech questions and answers.

Having issues with Dropbox and google drive syncing after Virus removal

Q: Having issues with Dropbox and google drive syncing after Virus removal

Hello, your site helped me in Nov 2014 with a ransomware virus. The link is below to that thread. They were very helpful. However, ever since then, my dropbox and google drive do not sync anymore. I tried booting in safe mode, but got same result, so it makes me think it is deeper in the registry possibly. I had two computers affected by the virus, but only this one with attached files was modified. I updated both computers post-fix with MSE, Malwarebytes, and Ad block Pro. The dropbox and google drive sync fine on the other computer, but not this one. It does not sync. Can you offer any assistance? Thank you


Malware/browser ads on computer - Tech Support Forum

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.18715
Run by RUDI BAUKNECHT at 7:20:25 on 2015-02-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6127.3539 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\RUDI BAUKNECHT\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Users\RUDI BAUKNECHT\AppData\Local\Akamai\netsession_win.exe
C:\Users\RUDI BAUKNECHT\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
C:\Users\RUDI BAUKNECHT\AppData\Roaming\Dropbox\bin\Dropbox.exe
D:\ITUNES\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Akamai NetSession Interface] "C:\Users\RUDI BAUKNECHT\AppData\Local\Akamai\netsession_win.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Amazon Cloud Player] "C:\Users\RUDI BAUKNECHT\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
uRun: [AirDroid 3] C:\Program Files (x86)\AirDroid\AirDroid.exe /start
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\RUDIBA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\RUDI BAUKNECHT\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~2.LNK - C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxp://components.viewpoint.com/MTSInstallers/MetaStream3.cab
DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://dl-ak.solidworks.com/nonsecure/edrawings/e2012sp03/12.3.0.113/cab//eModelsStandard.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://76.99.208.104:90/codebase/DVM_IPCam2.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B715E72B-0D1D-4582-91D5-05F5E3E1622F} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{B715E72B-0D1D-4582-91D5-05F5E3E1622F} : DHCPNameServer = 192.168.1.1
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Samsung Link] "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RUDI BAUKNECHT\AppData\Roaming\Mozilla\Firefox\Profiles\0smh1zvz.default-1415280521140\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Users\RUDI BAUKNECHT\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\RUDI BAUKNECHT\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
FF - plugin: D:\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-10 55280]
R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [2013-12-21 404360]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-9-28 239616]
R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-7-30 164200]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2014-10-13 223232]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-13 27136]
R2 Hp.Skyroom.Windows.Service;HP SkyRoom;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2010-3-3 124472]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-11 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-11 969016]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-7-17 124560]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-3-10 635416]
R2 rgsender;Remote Graphics Sender Service;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2011-3-10 379904]
R2 Samsung Link Service;Samsung Link Service;C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [2013-10-23 609632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-3-29 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-11 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-11 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
R3 PciPPorts;PCI ECP Parallel Port;C:\Windows\System32\drivers\PciPPorts.sys [2011-3-31 96768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2014-6-12 76328]
S3 CXPLRCAP;EVC2010;C:\Windows\System32\drivers\elvidcap.sys [2013-3-27 150856]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-9-9 1431888]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-13 1120752]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-2 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-30 1255736]
.
=============== Created Last 30 ================
.
2015-02-25 13:28:09 11910896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E3CE03B-A882-479C-95DD-D402B724AA64}\mpengine.dll
2015-02-24 13:28:09 11910896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-21 09:29:45 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6853B294-0BDA-4791-A33F-7A98F00117A2}\gapaengine.dll
2015-02-19 0032 -------- d-----w- C:\Windows\SysWow64\BestPractices
2015-02-19 0032 -------- d-----w- C:\Windows\System32\BestPractices
2015-02-19 0032 -------- d-----w- C:\inetpub
2015-02-18 22:03:13 -------- d-----w- C:\Users\RUDI BAUKNECHT\AppData\Roaming\FileZilla Server
2015-01-28 07:19:30 192000 ----a-w- C:\Windows\System32\iisRtl.dll
2015-01-28 07:19:29 55296 ----a-w- C:\Windows\System32\admwprox.dll
2015-01-28 07:19:29 50688 ----a-w- C:\Windows\SysWow64\admwprox.dll
2015-01-28 07:19:29 154624 ----a-w- C:\Windows\SysWow64\iisRtl.dll
2015-01-28 07:19:28 60928 ----a-w- C:\Windows\System32\ahadmin.dll
2015-01-28 07:19:28 16896 ----a-w- C:\Windows\System32\iisreset.exe
2015-01-28 07:19:28 15360 ----a-w- C:\Windows\SysWow64\iisreset.exe
2015-01-28 07:19:28 14848 ----a-w- C:\Windows\System32\wamregps.dll
2015-01-28 07:19:27 8192 ----a-w- C:\Windows\SysWow64\iisrstap.dll
2015-01-28 07:19:27 26624 ----a-w- C:\Windows\SysWow64\ahadmin.dll
2015-01-28 07:19:27 11264 ----a-w- C:\Windows\System32\iisrstap.dll
2015-01-28 07:19:27 10752 ----a-w- C:\Windows\SysWow64\wamregps.dll
.
==================== Find3M ====================
.
2015-02-26 12:12:23 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-10 19:52:56 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-10 19:52:56 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 0822 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 0811 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-14 06:09:27 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 06:05:30 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 06:05:30 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 06:04:56 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-14 05:44:59 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44:58 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41:09 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-13 03:10:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-01-13 02:49:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:11:00 1188864 ----a-w- C:\Windows\System32\wininet.dll
2015-01-12 03:10:47 610304 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-12 03:09:57 47616 ----a-w- C:\Windows\System32\mshta.exe
2015-01-12 03:09:51 174592 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-12 03:09:36 1538048 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-12 02:45:17 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-12 02:45:04 428544 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:44:19 50176 ----a-w- C:\Windows\SysWow64\mshta.exe
2015-01-12 02:44:15 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 02:44:04 1466368 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 02:33:52 482816 ----a-w- C:\Windows\System32\html.iec
2015-01-12 02:14:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
2015-01-12 02:10:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-12 01:53:57 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-09 02:03:01 3201536 ----a-w- C:\Windows\System32\win32k.sys
2014-12-31 11:14:31 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-19 0355 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-11 17:47:12 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-08 03:09:05 406528 ----a-w- C:\Windows\System32\scesrv.dll
2014-12-08 02:46:05 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
.
============= FINISH: 7:20:47.07 ===============

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Having issues with Dropbox and google drive syncing after Virus removal

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 70

Somehow there has been a change in my dropbox account and it never quits syncing certain files, most of which seem to be associated with the program "sqlite" and it seems to be stroing information about all of the traffic from my computer.  is there anything i can/need to do about this?

A:dropbox never gets finished syncing

Drop box will only sync the files in your "Drop Box" Folder or the folder you have specified at the point of install. You can change the file which it syncs to in the preferences menu. Lastly you can re install. Hope that helps. 
 

Read other 1 answers
RELEVANCY SCORE 67.6

I'm new to Dropbox and found that I cannot drag and drop from Google Drive into Dropbox. When Dropbox and Google Drive are on the screen when I click on a G. Drive folder the Dropbox page disappears into the Task Bar and one cannot drop anything there.
 
Is this right or do I have a glitch somewhere? Thanks for help.
 
Using Win 7

A:Are Google Drive and Dropbox incompatible?

These instructions are from the Google forums. There are also third party products like Cloudsfer that will simplify this process.
 
 
 
 
https://productforums.google.com/forum/#!topic/drive/Z3JodNYfycw

Read other 6 answers
RELEVANCY SCORE 67.6

Everything worked fine on Windows 7, but not anymore.

Both Google Drive and Dropbox are set to autostart with Windows, but they don't. I even tried adding Drive shortcut to startup folder, but to no avail. I can start Drive manually though.

And Dropbox has another issue - I couldn't install it as "normal" admin account, so I had to run the setup as administrator (elevated), but Dropbox setup clearly stated "Dropbox will not work correctly if installed using "run as administrator command". However, I had not choice, since normal install didn't work. Now I can also run Dropbox manually, but only with "run as admin" command.

This whole admin and elevated rights issue with Windows 8 is a bit of a nightmare. Half of the installations don't work with normal rights.

Basically, what I want is both Google Drive and Dropbox to autostart with Windows and function properly.

A:Can't get Google Drive and Dropbox to autostart

OK, I guess I just fixed it myself by giving my user full elevated rights. Both Drive and Dropbox started normally after reboot.

Read other 3 answers
RELEVANCY SCORE 67.6

Hi. I need to know how to transfer files from Google Drive to my Dropbox, so as to keep everything in one place. All I have are pictures that need to be transferred. If anyone knows how to do this, I'd appreciate it. Thanks in advance. 

A:Transferring from Google Drive to Dropbox

Do you have Google Backup & Sync (formerly Google Drive Sync) installed on your computer, which makes your Google Drive, and its contents, show up under File Explorer just like any other folder?  You can always remove it afterward if you do not wish to keep it.
 
If not, install it, then do whatever you normally do to upload a file to Dropbox.  I don't use Dropbox, only Google Drive, so I can't speak to how you upload to it.
 
Another alternative would be to download all of your files from Google Drive to your local machine and then upload to Dropbox, but that's more tedious.

Read other 7 answers
RELEVANCY SCORE 66.8

Dropbox: 2B free
Google Drive: 5GB free
Sugarsync: 5GB free
Skydrive: 7GB free

Total: 19GB
This is all the space I need
But... is this asking for trouble?
Will my PC ground to a halt with these programs eating up CPU and memory power?

Bad idea? Just stick to one?
I read that Google Drive takes up loads usage compared to say Dropbox

Looking for opinions

Thanks
Omar
 

A:Dropbox + Google Drive + Sugarsync + SkyDrive

Read other 6 answers
RELEVANCY SCORE 66.8

I use Google Drive, Box Sync, Dropbox and iCloud, but I am running out of disk space on my "C" Drive. It looks like my C Drive has 216 GB and I have an E Drive of 931 GB. My C Drive is almost full at 196 GB and made me turn off/unsync many of my Google Drive folders so I could save some of my files for work. My E Drive has almost 900GB available. I think I have my Dropbox syncing to E Drive, but I can't choose how to sync Google Drive to E Drive....It points it automatically to C Drive. My Mac seems way easier than this $***...ugh, what a pain in the *$$...why do I even have two drives seperated like this?! My last work PC was way easier than this more expensive paperweight, but in order to Run all the DEsign intensive stuff we do [Adobe Creative Suite, Autodesk Design Suite, etc.]  we were told this computer should work well...ummmm, well, it's not..it's making my life more complicated and stressfull!

Read other answers
RELEVANCY SCORE 66

I need to replace Dropbox.
Wanted some opinions: Google Drive or One Drive?
Assuming I can install and then forget about - the files just sync themselves?

Any pros and cons I should be aware of?

Details:

I've been a user if Dropbox for more than 10 years - I started using very very early after it came out.
I have a syncing problem - one account doesn't sync out of 20 accounts that share the same folder.
I tried contacting support and asking on forums. Forums were helpful - but after uninstalling and resinstalling, the problem has come back. The support given by direct support really sucks. Slow replies. Replies where they haven't read what you said in your message to them. Really poor experience.
 

Read other answers
RELEVANCY SCORE 65.2

(Sorry, I must've hit something that made the post go through while I was typing a title. It's supposed to read "Problems after 'removing' AntiMalware Doctor & Google redirect: still experiencing issues after removal of virus".)***NOTE: I have not been able to complete a GMER scan. My system keeps crashing and restarting at some point during the scan. According to Windows, it has to do with a driver error. It only happens during the scan. Here is the error signature I get when it reboots:BCCode : 1000000a BCP1 : BA918008 BCP2 : 00000005 BCP3 : 00000001BCP4 : 806D98FE OSVer : 5_1_2600 SP : 3_0 Product : 256_1 And here are the files included in the report:C:\DOCUME~1\DAM\LOCALS~1\Temp\WERa6d1.dir00\Mini043011-01.dmpC:\DOCUME~1\DAM\LOCALS~1\Temp\WERa6d1.dir00\sysdata.xml*** Hello guys, and thanks for your help. Here's my story. A short while ago, my system became infected with AntiMalware Doctor and Google redirect. After some searching, I found Microsoft Customer Support. After a dozen or so sessions with as many agents, the viruses APPEARED to be gone. The agents would take over control of my system and use programs including SuperAntiSpyware, Malwarebytes AntiMalware, and HiJackThis (although I don't think he used it well). They also installed Microsoft Security Essentials, since I didn't have an antivirus installed. Here is a list of issues that APPE... Read more

A:Problems after 'removing' AntiMalware Doctor & Google redirect: still experiencing issues after removal of virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 62 answers
RELEVANCY SCORE 64

 
 
Attackers can access Dropbox, Google Drive, OneDrive files without a user's password
The so-called "man-in-the-cloud" attack is said to be a common flaw in most cloud-based file synchronization services.

http://www.zdnet.com/article/dropbox-google-drive-onedrive-files-man-cloud-attack/
 
research released at Black Hat conference. Scares crap out of me because I use Dropbox and MS cloud stuff - One Drive and One Note.
 
Can someone with knowledge tell me whether 2factor authentication can protect you from man-in-the-cloud attacks?

Read other answers
RELEVANCY SCORE 63.6

So...how do I do this? I have the GD folder on my desktop, and I'd like the convenience of dragging folders into it and having them automatically saved to GD online. As I recall this used to work great for me, but haven't used this way in a long time....nowadays I mainly just go to my Google Drive, and then do a "New---Upload Folder or file".......I'd prefer to be able to do it the easier way. Thanks for any help with this.
 

Read other answers
RELEVANCY SCORE 54.8

Hello! First, please excuse me if I include irrelevant information. I'm pretty slow when it comes to computers x_x.
A few hours ago I encountered Antivirus Action. I looked up guides on how to remove it. So I went into safe mode, ran Malwarebytes, and it came up with three infections. Two of them were backdoors, and I forgot what the other was. I rebooted, but it didn't seem to work. So I went into safe mode again, and this time, I ran HiJack This. I removed one of the items on the list (I'm sorry, I'm not sure what they're called) and then ran Malwarebytes again. It came up with nothing, so I rebooted and everything seemed fine.
However, I realized that my Google was EXTREMELY slow. I also wasn't able to log into my Youtube and Blogspot accounts, both of which are linked to Google. And sometimes, when I searched something on Google, I would get redirected to a site like Tazinga or Scour, or some other random website. I also can't log into my AIM email address. I scanned with Malwarebytes again, but nothing.
One of the steps in the guide had something to do with proxy and LAN settings on Internet Explorer? But for some reason I don't have IE so I just skipped that step. Could this have anything to do with it? What can I do to fix this?
Thanks!

A:Post-Malware Removal Issues With Google

Hello, Please run these and Post back all logs thanks. I hope you did not remove the wrong thing with HJT.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser clic... Read more

Read other 5 answers
RELEVANCY SCORE 54.4

Hey everyone,
 
This one is a bit of a mystery to me, I was wondering if anyone could help.
 
We have a users PC on our work network who cannot get Dropbox to work.
 
The problem is the installation;
 
When we go to install Dropbox (using Admin credentials) it will ask for the Dropbox username and Password. When typed in it the Window will disappear and Dropbox will not be installed. (we have tried multiple credentials)
 
We have tried this on the PC's log on (not the domain) and it worked. We have also installed Dropbox successfully on other PC's on our Network. This PC has a fresh installation of Windows 7 the same as the others with Dropbox.
 
The Dropbox website suggests that this can be caused by an Anti-Virus getting in the way but when installing Dropbox no AV was installed (we wanted to try Dropbox before we installed it)
 
Any ideas would be great,
 
Thanks,
 
Darktune
 

A:Dropbox issues

Have you tried turning off UAC and trying the installation?

Read other 10 answers
RELEVANCY SCORE 53.6

Hello,

I recently caught the antivirus soft virus. Using Rkill and malwarebytes I was able to fix the major problems (pop ups and being unable to open programs without getting prompts saying they are infected) and thought I had gotten rid of it. However, I seem to still have a google redirect virus. After doing a search using my google toolbar, clicking on seemingly harmless links (i.e. wikepedia) will redirect me to fake search sites or other sites that have nothing to do with my search. I have no idea how to get rid of this virus and any help would be very appreciated!

Thanks,
Peter

A:Virus removal left me with google redirect virus

Hello,A deeper look in your system is warranted. Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues.If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 53.2

I have a serious computer problem I have read numerous posts to self diagnose and correct the problem. When I think it's good it comes back to haunt me, I am stuck with a computer that constantly freezes, Google redirects me to malicious sites and mostly everytime I try to run the control panel it freezes up on me. I also have this error messege that pops up and says "Generic Host process for Win32 services has encountered a problem and needs to close." Some additional info for that error message:SzAppname: svchost.exeSzAppVersion: 5.1.2600.5512SzModname: ntdll.dllSzModVersion: 5.1.2600.5755I have run Malware bytes numerous times quick scan, full scan it will detect then I will remove and when I restart the computer and run it again it's back on there! I am getting to my witsends over this I don't know what to do and need some help please! here is my HiJackthis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:52:09 AM, on 11/30/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17091)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WI... Read more

A:Google redirect virus, generic host process win32 error messege, constant virus removal with malware bytes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 2 answers
RELEVANCY SCORE 53.2

My operating system is Mac OS X Version 10.7.5. Earlier, I accidentally quit Dropbox (from my Menubar). The green checkmark that indicates all files are updated was still there prior to my quitting the application. But when I quit Dropbox, it disappeared from my Menubar. I then downloaded and installed the latest version of Dropbox for Mac, and now the icon appears on my Menubar... but it's still connecting. It's been like this for around 4 hours already. I don't understand why my Dropbox folder doesn't indicate "connected" and why I can't access the Dropbox website, because I'm able to connect to the Internet.

I need to access my updated Dropbox folder (urgent). Please help, and thanks in advance!
 

A:Solved: My Dropbox folder won't update + the Dropbox website won't load.

I see you've marked your thread as being "solved". Would you please be so kind as to reply back what the solution was as this can be helpful to others who may experience the same problem.
 

Read other 3 answers
RELEVANCY SCORE 52.4

Hi there,

So my dropbox has stopped working on my win 7 pc. It started first with the tray icon disappearing and now it doesn't sync or anything at all.

I tried writing to dropbox support but they said they didn't have time to respond to my enquiry (something along those lines), so here I am asking you guys.

A little info that might be relevant. When my computer was set up, it was given the name PC. I wanted to change that, so I found a resource that explained how. A little registry editing and some other stuff. I don't know if this has had an effect or not, but thought I should mention it anyways.

Hope you can help.

A:[SOLVED] Dropbox tray icon gone, dropbox not working

Did the PC name change coincide with dropbox not working...when you change your PC name is that when dropbox started acting up?

Read other 3 answers
RELEVANCY SCORE 52.4

when i do a google search and hit one of the links to the search.....goes directly to some ohter websites, not the listed search results.....very frustrating and time consuming.....also is causing computer to run very slow and continually see high memory usage by windows explorer due to this......any ideas what this is and how to remove?

A:google virus removal

Hello it appears you have a browser HiJack..Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Sta... Read more

Read other 1 answers
RELEVANCY SCORE 52.4

Hi Guys,

Any help will be greatly appreciated! I had a virus on my computer so took it to a compute shop, all virus are now gone but they obviously didnt pick up what I now know to be the google virus. On lots on differnt advice ive run malware bytes, TDSS Killer, Hit Man Pro3.5, Hijack This, Microsoft Security and also combofix on somebodies advice! None of these have picked up anything and this is driving me nuts! Im running windows 7 64 bit so couldnt included the GMER log.
Forgot to add, when following instructions to look for files in the host file it would not allow me access. This was also the case when i ran Hijack this, it said it was not allowed access to host file even though i ran it as administrator.

DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by Andrew at 13:48:03.13 on 05/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3893.2332 [GMT 0:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.e... Read more

A:Google Virus Removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 22 answers
RELEVANCY SCORE 52.4

After removing a fake antivirus virus using rkill and mbam, windows security alerts indicated automatic updates was turned off. In system properties it is checked to be on. I cannot turn it on in the security center, but I was able to stop the alert by changing the alert settings. When I try to go to the widows update site through the update link in the start- all programs list and manually get updates, the site says "The website has encountered a problem and cannot display the page you are trying to view..." I have tried to do a system restore to about 3 different restore points and all failed to restore. I also noticed that "administrative tools" is empty. I'm guessing the virus altered the registry and I'm definitely not qualified to mess with that without specific instructions. I backed up all data I don't want to lose in this machine. I can do a reinstall of the OS, which will obviously solve all problems but there is a lot of software I use which I'd rather not have to reinstall, not to mention about 7 years of MS updates, so does any of the knowledgeable people on this site have any ideas?

A:Issues After Virus Removal

Hello ans welcome. Lets do this and see how it is.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>>Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, sel... Read more

Read other 16 answers
RELEVANCY SCORE 52

hey all,

i recently had an issue with low disk space which i sorted out by deleting and moving alot of stuff. anyways, today i re-synced my mp3 player and noticed that nearly all that space i freed up and got back has dissapeared. it always happens when i use m:trip! i dont know why?! im not adding anything to my c:/ drive so where the heck does the space go? someone please help!

thanks!
 

Read other answers
RELEVANCY SCORE 52

Infected with a vipsearch virus that re-directs when using google search engine.Thought I'd removed it using varius malware removal tools but as soon as I re-installed google toolbar it was back again.Windows XP SP3 - IE8How do I permanently remove the virus?DDS and Security Check details below ...DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24Run by Steven Carr at 0:32:43 on 2012-04-19Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.92 [GMT 1:00].AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: ZoneAlarm Free Firewall *Enabled* .============== Running Processes ===============.C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\Program Files\CheckPoint\ZoneAlarm\vsmon.exeC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IObit\IObit ... Read more

A:Google vipsearch virus removal?

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

Read other 26 answers
RELEVANCY SCORE 52

I have run the following tools and results listed below. WinXP Media EditionSuperAnti-SpywareMalware Bytescombofix Can't find the log for SAS, but it did find viruses and deleted them. the logs are deleted or not shown cause I'm logged in safe mode. I just want to know if my computer is still affected and what kind of virus was it.Thanks for your help. Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4320Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187027/16/2010 5:38:00 PMmbam-log-2010-07-16 (17-38-00).txtScan type: Quick scanObjects scanned: 174139Time elapsed: 21 minute(s), 17 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 2Registry Data Items Infected: 2Folders Infected: 0Files Infected: 8Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted ... Read more

A:Google Hijack Virus - Removal Help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 52

Hi
I have a Dell laptop that appears to be infected.
System - 64 bit and Windows 7 home premium.
When I launch IE' the default web page is Google and this loads properly but when I click on a link from the results list after a search I am redirected to some junk site or a blank page.
I have run a full scan on McAfee and Malwarebytes AM but the results show zero detections.
Searching the net for these symptoms suggests a "root kit" virus or a Trojan infection- I don't know what these mean but it does lock like my laptop has got the flu!
Any help or advice in helping me rid of this virus, if indeed that is what it is, would be very much appreciated.
Warning - my IT competence level is pretty low but I am keen to learn and improve.
thank you

A:Google redirect virus removal

Please do the following:Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.e... Read more

Read other 14 answers
RELEVANCY SCORE 52

I have been infected with a googe redirect virus. I tried using AVG but couldn't even detect the virus properly so rebooted windows but the problem is still there. I am fairly inexperienced in dealing with this sort of stuff so hopefully I have given you the correct information. Please, please help.I have followed your instructions and here is the gmer scan:GMER 1.0.15.15570 - http://www.gmer.netRootkit scan 2011-04-06 23:04:22Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\00000032 WDC_WD25 rev.11.0Running: gmer.exe; Driver: C:\Users\Norman\AppData\Local\Temp\kgdiqpoc.sys---- System - GMER 1.0.15 ----Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8E3C998E]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8E3C9928]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8E3C993C]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8E3C99CC]Code \SystemRoot\system32\drivers\mfe... Read more

A:google redirect virus removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

Read other 2 answers
RELEVANCY SCORE 52

Hello. I am a new member and this is my first post.Google Chrome does not work anymore. When opening, the page is blank and nothing will load. If you type in an address and press enter, it doesn't do anything. The spinning arrow does not appear on the tab either.In IE8 and Firefox, when doing a search for something, I get redirected to sites that have nothing to do with what I am looking for. For example, if I type in Nanotechnology in Google or Bing Search, the top listing is a link to wikipedia. If I select that link, I get redirected sites like readyyourpalm dot com or nexplore dot com. Nothing that has anything to with wikipedia.I tried the following software to remove: Ad-ware, Panda Cloud, SuperAntispyware, Spyware Doctor, Norton, Malwarebytes, and Spybot just to name a few. Nothing will resolve this issue and I am at the end of my rope and out of patience. Not to mention the computer and Internet speeds seemed to have come to a crawl which makes me even more angry.Running XP SP3 and current on all updates.This is a production computer and I can not afford the downtime to reformat and start all over again. Any guidance, tips, and removal tools would be greatly appreciated.If there is anything else I can provide, please let me know. Thank You,IblastrockDDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 19:13:01.36 on Mon 05/17/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.138... Read more

A:Google Redirector Virus Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 52

I have posted before but not sure if i got an answer. I need help installing combo fix. I got a rootkit virus called "volsnap.sys" i have manually located it and disabled it. when i restart to delete it the rootkit doesnt allow me to choose any options other than "restore" to before i did the changes. so im not able to disable it. please help.

A:Google redirect virus removal help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 52

Hello. I have been, countless times, redirected to the wrong page when I click google links. I'm directed arbitrarily, sometimes more often sometimes less often. I am getting annoyed. Please, kindly give me some help. This is a site that I'm annoyingly redirected to sometimes:http://wigsforkids.com/search.phpGMERlog attachedDDS file attachedDDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 13:14:58.93 on Thu 04/08/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.594 [GMT -7:00]AV: avast! antivirus 4.8.1368 [VPS 100408-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exesvchost.exec:\program files\a-squared free\a2service.exeC:\Progra... Read more

A:Google-redirecting Virus Removal

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end. Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

Read other 61 answers
RELEVANCY SCORE 52

I've been hit with the Google redirect virus. Actually, all search engines are affected, not just Google. In both Firefox and IE. I've run AdAware, CCleaner, SpyBot Search and Destroy, Hitman Pro 3.5, TDSSkiller, and Avira Anti Virus programs. Additionally, I've been following the instructions of Boopme from another thread, so I've also used the MiniToolBox, reset the Hosts file, run GooredFix, and aswMBR. I've now run through the steps in the Preparation Guide (though I didn't know how to disable script-blocking programs, and the otherwise very thorough guide lacked instructions on this ... I ran the DDS program anyway but I'll run it again if needed after learning how to turn the script-blocking programs off) and am posting the logs and reports from the various scans.The log from the aswMBR scan:aswMBR version 0.9.9.1509 Copyright© 2011 AVAST SoftwareRun date: 2012-01-23 14:39:57-----------------------------14:39:57.984 OS Version: Windows 6.0.6002 Service Pack 214:39:57.984 Number of processors: 2 586 0x680114:39:57.984 ComputerName: MCDONALD UserName: Nonie14:40:04.848 Initialize success14:40:35.892 AVAST engine defs: 1201230114:41:02.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006614:41:02.194 Disk 0 Vendor: Hitachi_ SB2O Size: 76319MB BusType: 614:41:02.209 Disk 0 MBR read successfully14:41:02.225 Disk 0 MBR scan14:41:02.318 Disk 0 unknown MBR code14:41:02.318 ... Read more

A:Google Redirect Virus removal help

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

Read other 3 answers
RELEVANCY SCORE 52

Hi! I've been doing my best to get rid of what seems to be the google redirect virus from my pc with no luck. I've run both updated versions spybot and malewarebytes in safe mode however Malewarebytes keeps finding 2-3 specific entries it can't seem to get rid off but are in quarantine.Also, I have an acer runnning windows xp, and ever since I got the virus, when I start up my laptop I get an acer security error pop up on the screen but other than that error and the annoying redirecting in google everything seems to be running fine.Thanks ahead of time for all your help!I will patiently wait for your response!~FoxyHere are the malewarebytes, hijack this & DDS logs:Malwarebytes' Anti-Malware 1.39Database version: 2528Windows 5.1.2600 Service Pack 27/29/2009 9:08:56 PMmbam-log-2009-07-29 (21-08-50).txtScan type: Quick ScanObjects scanned: 101563Time elapsed: 3 minute(s), 17 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:\\?\globalroot\systemroot\system32\hjgruiuxnweqcw.dll (Trojan.TDSS) -> No action taken.Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files ... Read more

A:Google redirect virus removal

Hello FoxyKitsuneko,You have a rootkit causing all these problems, but we can fix it. This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.What AntiVirus do you use? I don't see one, so please get one of these before you come back online, after you run ComboFix : AVG, Avira OR Avast are good FREE antivirus.Thanks,tea

Read other 18 answers
RELEVANCY SCORE 52

Over the past month or so, I've been fighting various Windows XP system crashes, unstable program behavior, Google search result redirects, etc. My primary security suite is ZoneAlarm; however, I have also been scanning with Malware Bytes, A-Squared, Ad-Aware, and Spybot Search & Destroy. Several viruses have been reported and quarantined or removed, some of them keep coming back.

Here are some more of the specific symptoms / scan results:

o Google search results are intermittently redirected to unrelated sites (usually they seem to be ad-related, e.g. www.whitepages.com, www.realtor.com, www.info.com, www.bmxok.com). Note that this happens in both Mozilla Firefox and Windows IE.
o Firefox crashes frequently.
o svchost.exe crashes frequently.
o Regedit immediately crashes (or is blocked?), and seems to restart
Windows Explorer.
o The PWS-Delf virus is found in C:\Windows\khp.yrw but every time that
file is quarantined or deleted, it comes right back.
o Other viruses found and removed include Trojan-Dropper.Agent,
Trojan.Win32.Agent2, Trojan.Win32.Cinject, Hijack.StartMenu,
Win32.SuspectCrc, Trojan.Win32.Daonol

I have downloaded HiJackThis.exe and ComboFix.exe. Any guidance on how I can correct these problems would be GREATLY APPRECIATED! Below is my initial HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:52 PM, on 4/15/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running ... Read more

A:Google Redirect Virus Removal

Read other 16 answers
RELEVANCY SCORE 52

Hello all!My computer was recently infected with the google redirect virus after I was trying to download a codec I now realize was fake. I have been downloading virus removers but none have worked. I downloaded hijack this and I was wondering if anyone could take a look and maybe give instructions for me to get rid of the virus.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:30:21 PM, on 12/9/2009Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\AirPort\APAgent.exeC:\Program Files\HP\HP Software Update\hpwuschd2.exeC:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exeC:\Program Files\Razer\Lachesis\razerhid.exeC:\Program Files\Razer\Tarantula\razerhid.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\AVG\AVG9\avgtray.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\RocketDock\RocketDock.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Spybot - Search & Destroy\TeaTime... Read more

A:google redirect virus removal?

Hi ,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then we'll take a look.
Regards,

Rosty.

Read other 2 answers
RELEVANCY SCORE 52

I am an intermediate computer user running WinXP SP3, and use Avast! antivirus. I recently contracted a virus which disabled folder options in Windows Explorer, disabled regedit and system restore, and has hijacked my web browsing regardless of whether I used IE, Firefox (preferred), or Chrome. After countless hours of reading through forums like this one and using removal tools including HJT, ComboFix, and Ad-Aware, I have been able to correct all of the problems EXCEPT the hijacking. I read somewhere that I wasn't supposed to post any log files here until requested. Clicking on the link to gmail from my (fake) Google home page results in a warning of an unsecure connection and invalid site certificates, so I have been avoiding any site that requires logins/passwords. There was another topic here which contained discussion of a problem very similar to mine, but there seems to be a difference in the specific infected files because I had no luck in following the instructions given there. I would VERY much appreciate any help you can offer, and would be happy to provide any further info that you need. Thanks!EDIT: Moved from XP to Am I Infected...please follow all admin suggestions/directions posted in AII from this point on ~ Hamluis.

A:Google redirect virus removal help

Anyone at all have any ideas on this???

Read other 1 answers
RELEVANCY SCORE 52

I originally posted under 'Am I infected? What do I do?', and after some assistance, was asked to create a new topic here. http://www.bleepingcomputer.com/forums/topic439491.html/page__pid__2570044#entry2570044

My desktop computer started running really slow a few weeks ago. IE won't open, and other programs run REALLY slow. I looked at Windows Task Manager and the CPU usage is above 90%. I was able to figure out if the Plug and Play service is not running, then things speed up (of course there are a lot of things that won't work without Plug and Play). I've run Malwarebytes and it comes back clean. Any help is much appreciated.

DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0
Run by The Kings at 21:16:54 on 2012-01-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1692 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\syst... Read more

A:Issues after Virus Removal - almost %100 CPU usage

Hi,Please do the following:Please download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan
Only if Malicious objects are found then ensure Cure is selectedThen click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)NEXTDownload ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Win... Read more

Read other 16 answers
RELEVANCY SCORE 52

Hi,

Recently I've been having virus issues after avoiding them for years. Ran into the Win 2012 AntiSpyware virus, but I believe I cleared that up, but yet still had many issues with slow laptop and random popups during internet browsing. I ran malware antispyware and spybot as the usual and still did not solve the issue. Then, without researching enough (coming here), I did the unthinkable and one of the biggest mistakes of my computing career and attempted to use ComboFix to fix the problem. It identified a Rootkit.ZeroAccess and went through its processes. Now however I am unable to get on the internet, and I am not convinced that I solved the issue. I am running Windows 7 32 Bit and tried to follow the directions on manually resetting the internet connection but that did not work. I'm not convinced I've solved the problem, or if the problem is actually what is now stopping the internet. I attempted to System Restore after realizing I messed up using ComboFix (like I said did not come here before using to read about how dangerous it was), but it could not complete. I have also restarted my laptop.

I would much appreciate any help or guidance, but I definitely do understand if I cannot be helped due to violating a cardinal rule around here. I accidently posted in the logs forum unsure of where my post belonged since I mainly feel it is an internet issue but if it needs to be put back let me know!

A:Internet Issues after Virus Removal

Please download Farbar Service Scanner

http://download.bleepingcomputer.com/farbar/FSS.exe

and run it on the computer with the issue.

* Make sure "Include All Files" option remains checked.
* Press "Scan".
* It will create a log (FSS.txt) in the same directory the tool is run.
* Please copy and paste the log to your reply.

Someone will help you soon

Read other 13 answers
RELEVANCY SCORE 52

I just discovered that I cannot open my Firefox browser nor my jpg pictures since removing the virus I posted about on the 29th. I thought maybe I could uninstall Firefox and reinstall, would that solve the problem? But I would lose my favorites since I rarely use IE. I have a lot too! Help please. Link below to the virus removal procedures.

Thanks.

http://forums.techguy.org/windows-nt-2000-xp/470953-solved-solved-virus-pop-up.html
 

A:Solved: New issues after Virus removal

This is one of the problems with using spyware remover programs is they "wrench" out the problems, no finesse and no delicacy at all. Well that leaves gaping holes and you cannot use System Restore (that should be shut off and then restarted before proceeding which I note no one told you in that thread either), because you will bring back all the "vermin" that way.
Yes you can uninstall Firefox but that will not change any of your settings when you reinstall.
i would run XP repair and then rerun any added service packs afterwards as they and only they would be removed. There has to be more wrong than just this anyway. Honestly when recovering from major spyware or virus attacks, reformat is the best option because I think we waste more time on the "fix" which is never perfect anyway, than would be taken on new install.
http://www.michaelstevenstech.com/XPrepairinstall.htm
 

Read other 3 answers
RELEVANCY SCORE 52

Hello All,

A friend of mine brought me their computer with an issue of windows blue screening at login. They stated that they installed Zentom by accident and it was "taking over". They had Norton installed on the PC but admittedly did not run it regularly.

I attempted a start up in Safe mode with networking and it was successful. I installed and updated Mbam. Upon the scan starting, Mbam was shut down and corrupted. I then tried running SAS remote from a USB drive and it too was shut down shortly after the scan started. After this, I tried using Rkill and exehelper to shut down the process and run Mbam. The process would be shutdown would automatically restart. I tried several times nothing worked. Finally I decided to attempt something different and reran SAS from the USB. I paused the scan before it could be shut down and removed what viruses it found. Then I restarted and used rkill to end the process and it stayed shut down. I then used mbam_clean to remove the corrupted MB. Restarted the computer in safe mode still. Ran rkill and then installed and updated MB. I ran SAS and MB and removed all of the viruses (Several different viruses and thousands corrupted files). Then I restarted the computer (not in safe mode). It ran fine and windows started up normally. I tried to run MB and it shut down. I tried to run SAS and it shut down. I then restarted in safe mode again and attempted to start all this again. However, now explorer.exe won't start. Windows can ... Read more

A:Zentom virus removal but issues following

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415747 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 4 answers
RELEVANCY SCORE 52

My desktop computer started running really slow a few weeks ago. IE won't open, and other programs run REALLY slow. I looked at Windows Task Manager and the CPU usage is above 90%. I was able to figure out if the Plug and Play service is not running, then things speed up (of course there are a lot of things that won't work without Plug and Play). I've run Malwarebytes and it comes back clean. Any help is much appreciated.

A:Issues after Virus Removal - almost %100 CPU usage

Hello, please run these next.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Run RKill....Go not reboot if asked until after MBAM again.Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkil... Read more

Read other 5 answers
RELEVANCY SCORE 52

Hello

I am a recent victim of the infamous Advanced Virus Removal malware. I have followed some of the procedures mentioned in this forum along with others mentioned elsewhere in order to prevent needing someone else help. This one I just can't figure out.

I am running XP Home Edition and was using Firefox at the time the issue came up. I have attempted using Malwarebyte, Spybot and Advast but none of them were able to fix the issue.

At this time I am having trouble with the following:

Accessing the Start Menu
Opening an internet connection
Moving or copying any of the files
System performance
Running in Safe Mode
other

The errors messages I have seen upon start up:

Multimedia Card Device: Resource is not enough
Malwarebytes' Anti-Malware: Run-time error '372': Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with you application.
Windows Defender: application failed to recognize: 0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually.

I am able to run HijackThis and can produce a log if needed.

Thanks in advance for any help you can provide.

Thank you

Tim

A:Issues with Advanced Virus Removal

If Malwarebytes Anti-Malware results in an error messages, check the Help file's list of error codes within its program folder first. If you do not find any information, please refer to Common Issues, Questions, and their Solutions, Frequently Asked Questions. If the error you are receiving is not in the list, please report it in the General Malwarebytes' Anti-Malware Forum so the research team can investigate.In the meantime, do this:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before s... Read more

Read other 3 answers
RELEVANCY SCORE 52

I recently removed some pretty bad viruses after using three programs to do so.

1st. is used Malwarebytes anti-malware
2nd. avira antivirus
3rd. Super AntiSpy

I tried to update my windows XP and when I do so it shows that the following files couldn't be downloaded:

Security Update for SQL Server 2005 Service Pack 3 (KB970892)
Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447)


It seems that it deleted some programs on the computer that it shouldn't have. I have an HP All-In_One 7210 printer at home. I can print from my computer but can't scan. I don't have a disk but I downloaded a software program from HP. It gets me to the point where it tells me to plug in my cable to the USB port. The connection is already made but it show on the install program that it isn't. Once again I can print but can't scan.

Is there any suggestions of how I can restore my computer so it can work again?

Thanks

A:Computer issues after virus removal

Hello and welcome to the forum.

What service pack do you have installed?

Try and manually install the update:

Download details: Security Update for SQL Server 2005 Service Pack 3 (KB970892)

Read other 9 answers
RELEVANCY SCORE 52

My laptop was recently infected by some viruses(Win64.Conedex.B trojan, Win64.Conedex.I trojan, Exploit.Agent.PZM trojan,Kryptik.BNOA trojan, Kryptik.BNOS trojan, Kryptik.BNOR trojan, Kryptik.BNIO trojan).  My up to date anti-virus, ESET, recognizedbut could not detect or get rid of these viruses nor did my up to date malware program, Malwarebytes.  I emailed ESET who had adedicated program (ESETSirefefCleaner.exe) to get rid of these viruses (If they had this why wasn't it incorporated in their anti-virus which is automatically updated all the time?).  At any rate I downloaded this program, ran it, and it appears to have gottenrid of the viruses but there are some residual issues that I could use some advise on.  I tried to do a restore but too much timeelapsed and the problems did not go away.  I think I did it right but I'll wait to hear from you guys before I proceed. I've attached the attach.txt and dds.txt file Some Background---------------Toshiba P770D laptopWindows 7 home premium with service pack 1AMD processor (A6-3420M APU with Radion HD Graphics...1.50Ghz.RAM: 8.0 GB64 bit operating systemHitachi sata hard drive 800GB *  There seems to be a truckload of files with mostly the js extension in one of the temporary internet folders.  It now takes twoto three times as long to run my anti-virus as there are three times the amount of files to scan as before. I regularly run MSWindows Disc Cleanup but it does not seem to ... Read more

A:Need Help with Residual Issues after Virus Removal?

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530858 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 85 answers
RELEVANCY SCORE 52

I am not sure if I posted in the right are, so feel free to redirect me.

I was given a Dell Vostro 1510 laptop with Windows Vista Basic originally loaded on it but Windows XP SP3 installed via the computers company.

The user advised he could'nt open anything, I booted the computer, any double click on an icon would load a window then disapear, I removed the hard drive and placed it into a HP DV9000 and scanned with AVG, AVG removed several trojons along with various other objects (258 total objects), 48 appeared on the 2nd scan. I scanned with SpyBot Search and Destroy as well as AdAware (All up to date on the HP). I scanned with all these until I was not recieving any other faults.

I placed the hard drive back into the original computer, did a start up scan removing 78 objects, scanned AVG. I downloaded AdAware onto the computer, it installed fine, and does a basic scan but will not update, I recieve some issue about a data connection in a standard windows error window. It will not allow me to install SpyBot as I recieve the same message.

I scan with AdAware (Just the basic non update definitions)
I scan with AVG (Up to date)
I do this until I find NO issues. I attempt to access Windows Update and I am redirected to Google 90% of the time, even typing to URL in the browser redirects me to Google. I can access certian sites, however it seems any site, trusted or security related sites I am redirected.

I scan with AVG removing a few errors, this happens ove... Read more

A:Virus/Spyware Removal (Issues)

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The... Read more

Read other 1 answers
RELEVANCY SCORE 51.6

I use the same calendar for everything: phone, computer, ipad. For some reason, events that show up on my Samsung note 3 are not all showing up on my home desktop. Some do, some don't. I went into the phone and checked to make sure they're all on the same calendar, and they are. Any ideas? Apparent everything is not syncing properly....I've tried refresh, etc.
 

Read other answers
RELEVANCY SCORE 51.6

My Google calendar is not syncing properly between my phone and my home computer.......this has always worked great, and now it doesn't. I missed an important appt. because of this. I believe they are both on the same calendar, so I don't know what the problem is. Any help appreciated.
 

A:Google calendar not syncing!

Read other 9 answers
RELEVANCY SCORE 51.6

i have been using Ondrive and it has been working well but now all of a sudden we cannot get material from the cloud to sync on the computer we are using. the Onedrive icon is still in the file explorer but the information is not coming back down from the cloud.

i have had a message saying there is an issue with onedrive and it should be reinstalled but everything i read online says that onedrive is built into windows 10 so it cant be reinstalled.

if anyone has a work around i would really appreciate it.

Read other answers
RELEVANCY SCORE 51.2

The problem I seem to be having is related to running auto-removal tools. I can't run malwarebytes for instance. The program will start scanning and then abruptly close. When I try to reopen it says I may not have appropriate permissions to access this item. This is also true for HijackThis!. I was also unable to run GMER and dds. DDS would run, but it wouldn't produce any logs. I would close the window, but no logs would open up. I also have a problem of something redirecting my google searches.

I'm running Windows Vista 32-bit.

Any help would be appreciated.

Justin
 

A:Can't run any virus removal software/Google redirect

Read other 15 answers