Over 1 million tech questions and answers.

Google Redirect malware, mostly failed internet connection, broken Spyware removers

Q: Google Redirect malware, mostly failed internet connection, broken Spyware removers

While I sincerely hate to register on a new forum and make my first post simply to ask for help but I am afraid I have precious few other options having exhausted my capacities with Google. Thus, here I am asking for your help.

Alright, I am running a windows XP machine, about two years old, which from the occasional hiccups and slowdowns has gone on more or less without incident, receiving regular scans from a few programs, namely Avira, Windows Defender, and SpyBot, none of which ever encountered any significant problems. About five days ago, the computer was rebooted and things went very badly, very quickly.

First I noticed that Google links in Firefox redirect through sites like abcjmp and toseeka. Before you click the link, it highlights as normal, after the scrollover has it marked as some windows click followed by a long random string. For whatever reason the Google cache still worked so I was able to navigate, but I still wanted it gone. The second thing I noticed was that Spybot stopped working. When run, it would show up under system processes but no window would ever come up. Teatimer, updater, etc. all still run, but not the main program.

I managed to get a few other programs together from online; AVG, Dr. Web, Adaware which combined managed to kill the redirect in Firefox, however, SpyBot never came back, neither did ComboFix (which I tried downloading with the rest, wouldn't even run as a process), and IE still had the redirect problem. Further, every time either browser was launched, it would tell me it detected malicious software and start scanning again. The software it keeps finding is Win32TrojanTDSS.

I tried rebooting again, this time things went from bad to worse. Now my browsers cannot pull up anything, MSN Messenger works about a quarter of the time I restart, IRC works about 80% of the time. I am getting the limited connectivity error message and seem to be having trouble with renewing my IP on my Netgear wireless router (both through wireless and ethernet port) which tells me the DNS settings are hosed. All of these problems persist in both regular and Safe modes.

So, in short:

Spybot will not launch.
Combofix will not launch.
I can get onto the net though IRC but little else.
I have spyware that will not quarantine/delete.
Safe mode doesn't change anything.

And, finally, the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:33 PM, on 6/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - S&D\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\AFTERDRK\ADTRAY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Documents and Settings\Denny\Desktop\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load= c:\afterdrk\adw30.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - S&D\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ImpulseFastStart] "C:\Program Files\Stardock\Impulse\Impulse.exe" /fastload
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - S&D\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: After Dark Tray Starter.lnk = C:\AFTERDRK\ADTRAY.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - S&D\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - S&D\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 18201 bytes

And so there we are, I would be extremely grateful for any assistance you could provide that doesn't end in me reformating the drive and reinstalling everything.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Google Redirect malware, mostly failed internet connection, broken Spyware removers

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 77.2

My computer recently became infected with some type of malware, which includes the background change stating "Warning: Spyware threat has beeen detected on your PC." I get fake Windows Security Pop-ups, and I get a Yellow Triangle with an exclamation point on the taskbar that brings up an internet explorer window with the "TOP RATED SPYWARE REMOVERS". I have ESET NOD32 Antivirus program, but it was unable to stop. Tried to load Norton AV 360, but now it put computer in a continuous restart loop. Safe mode still works, which is what I'm currently using. Installed and ran Hijack This and here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:56:02 PM, on 11/20/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Eddy\Desktop\Computer Fix\OTScanIt\OTScanIt.exeC:\WINDOWS\notepad.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\PROGRA~1\M... Read more

A:Malware - "Top Rated Spyware Removers"

hi,still need help? first we will use hjt, then boot into safe mode to look for a file to delete.to help show all files, you can do this first:FOr XP: on the desktop double click my computer,at the top click on> tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all copy/paste the safe mode part into notepad so you can find and read it in safe modefirst Hjt:start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,O2 - BHO: getfn32.msiets - {21A237A4-3A94-4198-911D-647ED2263DD2} - C:\WINDOWS\system32\getfn32.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)next; safe mode:time for safe mode. you know how to get into safe mode. please pick the first option from the list: safe modeonce in safe mode look in the C: \windows\system 32 dir and see if you can find and delete:uesiuqcr.exealso in safe mode:Click ... Read more

Read other 1 answers
RELEVANCY SCORE 76.4

To anyone who can help me:
My computer recently became infected with the SpyMaxx Malware, which includes the background change stating "Warning: Spyware threat has beeen detected on your PC." (Yes, they spelled "been" with 3 e's), I get fake Windows Security Pop-ups, and I get a Yellow Triangle with an exclamation point on the taskbar that brings up an internet explorer window with the "TOP RATED SPYWARE REMOVERS" including SpyMaxx and AntispyStorm2008 with "about:security" in the address bar.

I have ran the DSS, and the log files are attached.

Any help you can offer is appreciated.

A:"top Rated Spyware Removers" (spymaxx) Malware

Hello beaugarter and welcome to BC. It looks like a regular cornucopia in there lol. Let's see what else we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following it... Read more

Read other 5 answers
RELEVANCY SCORE 75.6

Hello! , as you can see I've been trying everything with my computer except beating it to death!Yesterday around this time, I caught a trojan by stupidly downloading a file from a suspicious mp3 site (Allfreemp3.net???). I shoulda known something was up when I clicked on it cause it started to download as A PROGRAM instead of an individual file! By the time I tried to uninstall, it only took a few seconds for my computer to act up, and I turned off my WiFi for awhile out of fear of "Backdoor" stuff happening!Between now and yesterday, I have had quite a few "blue screen crash dumps", I lost my "fancy" Vista Home Basic (32 bit) themes from tampering with my Services (though they are corrected now!), and now everytime I do a search through internet explorer, my Yahoo! search engine results will either lead me to some more suspicious sites, or lead me to a legit site that had absolutely nothing to do with my search! The biggest thing I've noticed, though, is that when I ran McAfee (I uninstalled it later), Norton, and Windows Live OneCare Safety Scanner, they all froze up on this one file path: D:\Windows\System32\config\security.log1, and now my computer won't let me do a performance indexing test!Please help!

A:Yahoo Redirect Trojan and Malware Removers Stalling!

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".C... Read more

Read other 10 answers
RELEVANCY SCORE 72.8

Hey,i have been having problems lately with google seaches and with loading certain web pages. i initially ran into a program that set an image of a malware warning popup as my wallpaper and offered malware removal program download. of course i closed that pop-up. the 'desktop' tab under my display properties in winxp has disapeared. i recently got that back by running fixwareout but am having google search redirects still.this computer is running winxp pro with sp2 on a p4 2.66ghz and with 1.5 gb ram.here is the hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:01:53 AM, on 9/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\avgagent.exeC:\PROGRA~1\Grisoft\AVGTCP~1\avgtcpsv.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\eBoost... Read more

A:Google Redirect Malware/spyware

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen following the instructions please install the Windows XP Recovery Console if you are using XP.After running ComboFix, please post the ComboFix log as well as a brand new HijackThis as a reply to this topic.

Read other 1 answers
RELEVANCY SCORE 67.6

Good Evening,
it seems my pc has been infected by the google redirect virus. This started about 2 days ago with, what I thought was a malware issue. I kept receiving pop ups from Security Essentials 2010 saying i had infections and needed to buy & download their antivirus, and it would not let me access the Internet at all. I immediately suspected spyware & ran malwarebytes, which I already had downloaded months ago. It seemed to work & successfully remove the pop ups. However my computer is extremely slow and Internet explorer redirects to sites such as tazinga.com and stopzilla.com. I am able to access my task manager however I can't find the lurking culprit and myantivirus must be dead. I tried rerunning malwarebytes but it hasn't found any infections. I have hijackthis but I don't know what I'm looking at & without the Internet to post it online, it's of little help. I need any help I can get, I understand this is difficult though without Internet access on the infected computer!
Thanks for your time ,
Sarah

A:Malware & google redirect, no internet

Hello see if this gets the connection back.++Try this--open control, internet options, connections tab, lan settings, uncheck the box next to "use proxy...." ORGo to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.If so Run RKILL then update and rerun MABm and post a log.If not you'll need to copy SAS to a usb or CD and run from there.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again.^^If you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, lea... Read more

Read other 11 answers
RELEVANCY SCORE 67.2

System: Windows XP media center edition (I think a special version of home). I have had a lot of problems with malware but malwarebytes/CCleaner/Chkdsk have always been able to speed up my system back to health but not this case.

Last night I was attacked by a bug that attacked my google search engine (didn't bother trying another). It would redirect me after a search, always, to some random crappy website that acted like a search engine. Therefore I jumped directly into safe mode to run malwarebytes... but it didn't work. I safely got into safe mode but malwarebytes wouldn't open - I installed/uninstalled but nothing would happen when I doubled clicked the .exe. I searched around the internet on another computer and eventually just changed the name of the .exe - ran it - and it worked getting rid of three things:

Two of these: Trojan.DNSChanger - In the registry (too long, if needed I can give the whole thing it's in my mbytes logs file)
C:/Docs/Aaron's/Localsettings/Temp/pdfupd.exe (Trojan.Agent.Gen) - File directory, shortened

I then proceeded to make my grand mistake (I think) - I used a program that I have absolutely no experience with: a TDSKiller. I have no idea what this does but it was recommended as a "fix" to my problem of not opening mbytes and I decided to run this on top of everything. It worked fine and dandy and just to top things off I decided to run a chkdsk c: /R. So after a few hours of that I turned my computer on and... Read more

A:After a Malware/Spyware attack & fix, No Internet Connection

Check in Device Manager and see that you don't have any warning signs next to Network Adapters...if everything it OK then try this

http://www.home-network-help.com/winsockfix.html
 

Read other 2 answers
RELEVANCY SCORE 66.8

Hello everybody and thanks in advance for your help. I'm Italian but I could not find an Italian Hijackthis log analysis forum. Everything started last christmas when I got the Italian police virus (basically a window that popped out everytime i turned on the pc, blocked windows, falsely accused me of crimes and wanted me to pay 100 euros to an account). I managed to remove it in a very naive way becauseI really need this computer for college. After this removal the virus deleted all the shortcuts in the programs folder (the one you go to from the start button) also everytime I search for something on google I get redirected to other sites. From 2 months or so my internet slowed down to 56k speed (actually the speedometer says I'm fine around 3000kbs) but internet usage is extremely slow. What should I do? I'm posting my hijackthis log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:11:49 AM, on 6/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Users\Simone\AppData\Local\Akamai\netsession_win.exe
C:\Users\Simone\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program F... Read more

A:Slow internet and google redirect malware

Hi,My name is Casey and I will be helping you with your malware problems.Whilst we work on your malware problems, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC. Download and run ComboFixWe will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.Please include the C:\ComboFix.txt in your next reply for further review.Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.exe and re-run.Regards,Casey

Read other 2 answers
RELEVANCY SCORE 66.4

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:25 AM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\In... Read more

Read other answers
RELEVANCY SCORE 66

EDIT:I also forgot to mention that I ran ComboFix a week or so ago, and this seemed to fix it. But the problem has since returned. This machine is only used by me, for web development stuff and business admin work.I Am having some problems with my computer and it's internet connection. The first symptom was that when clicking on Google results, I would be redirected to bookmarky or some other sites. I've also noticed that I now can't download AVG from download.com. It just downloads a very small file and says something along the lines of 'not a valid win32 program'. I also can't start Adaware or do an update with it.It's also affecting other programs too. Such as Linnworks Order Managment (a vital business program). It gives me a 'Bad Request (200)' error.I've already ran HijackThis and can't identify anything I do not recognise:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 01:39:20, on 14/12/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\PROGRA~1\AVG\AVG10\avgchsvx.exeC:\PROGRA~1\AVG\AVG10\avgrsx.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel�... Read more

A:Google Results Redirect - Some program internet connection problems.

Also, I'm not sure if this is related. But my wireless connection now seems to lose connection and reconnect every 3-4 minutes. I have a Sky Router with a secure password.

Read other 4 answers
RELEVANCY SCORE 66

It all started with google redirect. I wish I would have found this forum sooner rather than later. With that said, I had already DLed MbAM and removed half a dozen various infections just to be left without a WiFi internet connection. I had also run a few of the tools such as the GMER and Combofix before landing on this site. So i appologize in advance if this could cause more headache. I did however manage to save all the original logs if need-be.

The computer itself is actually running much faster however, without the internet connection I can't tell if the redirect was cured.

I do not have a restore Windows CD (Netbook). I do have an empty pendrive, a clean computer, and internet access to boot. Also, I'm including the most pertinant MBAM log ... so here we go...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Test at 18:37:54 on 2012-02-18
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.311 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svc... Read more

A:Google redirect turned to no wifi internet connection, W7 Starter

An update...

After further poking, I found that this system had a partition which contained the original windows image. Since there was no valuable data on this computer I decided to go ahead with the recovery. I have regained my internet connection...and some sanity. However, I am thinking this may not be the end of the infection... or is it?

Read other 12 answers
RELEVANCY SCORE 64.8

Hi All,

Noted that I had the Win 7 security bug and fixed it using MBAM. Also, noted Google re-directing once the Win 7 security disappeared. After that, ran Kaspersky Anti-virus and came up with an issue the Google re-directing was also resolved. Uninstalled McAfee (my original anti-virus protection before all this happened) and downloaded most recent version with a clean install. Throughout all this, hadn't restarted my computer. Finally did and now it says Connected to my wifi, but "No Internet access." Currently typing and posting on another laptop connected to the same wifi.

Infected laptop running Windows 7 Professional with Service Pack 1.

Found similar topic with similar problem here on the forums (topic433982) and I followed through with the first through posts. The FSS log is EXACTLY the same. The SystemLook log is different. I continued with several more steps which are documented in another topic here: (bleepingcomputer.com/forums/topic435065.html/page__gopid__2528144#entry2528144). Then, I was instructed to follow the preparation guide, hence this post! DDS and GMER logs below and attached:

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
Run by Willa at 0:10:49 on 2011-12-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1790.462 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated... Read more

A:Win 7 security and Google redirect malware removed - no internet upon restarting computer

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435095 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 61.6

hi guys
i have 4 spyware removers i lieke to keep two but i dont which to choose form
Spybot,ad-ware Pro,Microsoft Anti-spyware Beta 1 ,and webroot which do u think i should keep

A:Spyware removers

It is more or less a personal choice. I have tried them all. Excepting for the MS Beta. Which I can not comment on. I have not tried it. And do not plan on doing so. It is a Beta version. And comes with no technical support. Although they have set up News Groups to help users with any questions that they may have. Those that have tried it, may like it. The rest are fine programs though. You may also want to check into a? and Spyware Blaster. These two along with the others that I use are linked in my sig.Known issues concerning the Microsoft AntiSpyware Beta 1. http://www.microsoft.com/athome/security/s...leasenotes.mspxMicrosoft Windows AntiSpyware (Beta) Newsgroupshttp://communities.microsoft.com/newsgroup...pyware&sLCID;us

Read other 12 answers
RELEVANCY SCORE 61.6

I still have a quick question to the experts!
Which are the best Spyware Removers? Currently, I am using Ad-Aware, Spybot & Spyware Blaster. Recently, I have installed: Advanced Windows Care & No Clonewhich is a pretty cool program that lets you know if you have two or more of the same entry on your comp. Let's just say that, I had quite a few.
In the past, I have also had Ccleaner which I have not been able to successfully install for some reason. I download it, it looks to partially install but then nothing happens...
My question is which ones are good & can I have too many Spyware Remover's? I usually research them before I download them but everyone's rating greatly differ. Which are the good ones guys!!! Any opinions?
Also, in need of a good Anti-Virus & Firewall if anyone has any opinions on some good ones!
 

A:Which are the best Spyware Removers?

Read other 9 answers
RELEVANCY SCORE 60.8

Hi this is my first post on here, I've been battling the worst rootkit I've seen in a long time and need some help. It's a work system with *alot* of programs installed. Originally this came up as a Vundo infection and of course all its friends. Some of the programs I've run to try to fix this.- Bitdefender (uninstalled now due to horrible corruption from rootkit, useless anyway, did not detect anything wrong even though files submitted to their db came back postitive)- MBAM (cleaned some things up, now I get clean scans)- Vundofix (cleaned off most vundo crap, Combofix got more)- GMER (originally detected rootkit activity, managed to disable the file causing it)- HijackThis (looked at logs, I'm no pro but didn't see anything off in here after cleanups with the above and below, will include a log if asked)- ComboFix (read explanation below)I have attached a Combofix log (I know, not supposed to run unless asked, but I had tried just about everything and Combofix was the only one that seemed to remove anything, though problems persist after reboot). If needed I can provide logs as needed.The file that's the biggest pain has been C:\Windows\System32\magnstat.dll, it is definitely an executable virus that likes to grab hold of many programs that are run, especially Combofix, which it will only let run once renamed and will cause it to run *very* slow.Thanks in advance** EDIT: I also disabled all programs from starting at startup, to... Read more

A:Rootkit issue, sites blocked, various removers/scanners failed

Bump for delete. Problem solved. Thank you.

Read other 2 answers
RELEVANCY SCORE 60.8

Greetings,

I am repairing the computer of a neighbor and have encountered a pretty nasty infection.

Although I am able to install and run CCleaner, AdAware2008, a-squared, and SpyBlaster, I am blocked from installing everything else I've been able to think of to combat malware.

The following install programs do not execute:
-Malware bytes
-Spybot search & destroy
-Combofix
-DSFix

Firefox will install, but will not run. Opera won't even download via the corrupted IE. None of this changes in safe mode.

In IE itself, all links out of search engines clicked are redirected. If you manually input an address, it fails to connect.

When I ran AdAware and a-squared, it turned up trojans, CWS, Zango, some redirect stuff, etc (I can't remember it all) and did some removal of those. However, no matter how many registry entries I trim out via HiJackThis, I still haven't found what's up. CWShredder comes up clean.

This is a new one for me. Maybe a rootkit?

I plan on returning to their home (one house away) and finishing this off tomorrow. I'd like to get an opinion of what I might be facing.

Thanks,
--E--

A:Some Tenacious Malware Blocking Install Of Malware-removers

Ok... can ANYONE point me to ANY resource about what sorts of programs might actually be blocking install of my repair programs on the machine in question?

Read other 6 answers
RELEVANCY SCORE 60.8

Hi,am using a friends PC to post this, I am entering a hijack log of this morning and a Dekards from a few days back. I cant run any removal progams and get a message that my system (windows) is shutting down the Spyblaster or Malware removal because it will cause internal combustion ( damage) of my system files.I have to admire the prick that did this though, hes good!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:36:18 AM, on 5/7/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18226)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\hkcmd.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Users\dmacaw\AppData\L... Read more

A:Infected cant use AV's or Spyware removers

U can mark this closed, I was able to get a friends laptop, problem solved!

Read other 2 answers
RELEVANCY SCORE 60.4

Hi there, im new to the forums and i've got a problem that's been a real pain for me lately.
I've got a wireless connection in my house going through a Linksys WRT54GC router and also a wired connection with Cisco gateway (only 1 laptop uses it). About 1 month ago some strange things began to happen with the wireless connection, my PC seems not to be able to connect unless I reinstall the protocols and it's really annoying to do that every time I run my PC. Also, the wired connection stopped working (probably because of cable being broken) but it requires a router restart 90% of the time when I want to connect the laptop (that used to connect through cable) to the wireless network. The 2nd laptop has an issue mentioned in the title, the LAN works but it can't connect to the Internet through the router. Ipconfig /all shows that DHCP isn't working, there's no default gateway and DNS seems to be wrong. Could that all be related to router not being updated for a long time? I tried reinstalling drivers, unistalling and installing back network card and doing most of the things mentioned in similar threads but nothing seems to work. I know it all looks very silly but I can't do anything about it, at least now - I don't have access to any router settings and can't update it.
Every bit of help is appreciated. I can paste all the information needed from all computers.
Operating systems are: Windows 7 on PC and the 1st laptop, 2nd laptop... Read more

A:Working LAN but no internet connection on a laptop; broken wireless connection

can we see the ipconfig /all and an xirrus screen shot

------------------------------------------------------------------------
ipconfig /all
If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here

We would like to see the results from ipconfig /all post back the results in a reply here

Hold the Windows key and press R, then type CMD then press Enter to open a command prompt box (A new dialogue box - black with white font, will appear on screen ):

In the command prompt window that opens, type the following command:

Note that there is a space before the /ALL, but there is NOT a space after the / in the following command.

ipconfig /all > network.txt & network.txt

It will export the results to notepad and then automatically open notepad.

Now all you need to do is copy and paste those results to a reply here
to do that:
From the notepad menu - choose Edit - Select all
all the text will be highlighted
Next
From the notepad menu - choose Edit - Copy
Now go back to the forum - reply and then right click in the reply box and paste
------------------------------------------------------------------------

------------------------------------------------------------------------
Run Xirrus Wi-Fi Inspector
Download and install
If you cannot access the internet with this PC, then you will need to copy the program across to the ... Read more

Read other 1 answers
RELEVANCY SCORE 60

We first began having trouble opening Slimbrowser this morning, so we had to use Firefox. Also my kids couldn't open their messenger programs. Well, now even Firefox isn't working.

So I was going to run AdAware, Spybot, SuperAntiSpyware, and others but none of them will even open. Now we're going to try running them in safe mode. Any other suggestions?

We have a Gateway with Microsoft XP
 

Read other answers
RELEVANCY SCORE 60

My computer is going really slow, and i get pop-ups on pages that aren't supposed to have them. my spyware removers got rid of a lot of stuff but it still happens. can someone please help?

Logfile of HijackThis v1.98.0
Scan saved at 4:58:10 PM, on 1/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\lwbdsgvv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SED\SED.exe
C:\Program Files\CSBB\CSv10P070.exe
C:\WINDOWS\schk32.exe
C:\WINDOWS\System32\zlc3cryp.exe
C:\WINDOWS\System32\vqwv.exe
C:\Program Files\Webroot\Spy Swe... Read more

A:Help with HJT log-Spyware removers dont help anymore

any1? plz, i really need help. my internet explorer is getting messed up, its really annoying to use

Read other 19 answers
RELEVANCY SCORE 60

I've been using 3-4 spyware removers all at once to remove a few popups I get at intervals. Still, with all that done, i'm still getting popups.Here's the log from HiJackThis:Logfile of HijackThis v1.99.1Scan saved at 12:50:59 AM, on 2/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Updater.exeC:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\win320851-73452872006.exeC:\WINDOWS\system32\conime.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Docu... Read more

A:Spyware Removers Aren't Helping

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. * * * * * * L2MFIX * * * * * * * * * * * * * * * * * * * * * * Download & immediately run - L2MFix.exe Click "Install" to extract the contents to a newly created folder.Close any programs you have open since this step requires a reboot.From the l2mfix folder, double click l2mfix.bat Select option #2 for Run Fix by typing 2 and then pressing enter ONCE.Do NOT depress any keys on your keyboard until the tool request you to "press any key to reboot" On the reboot notepad will open with a log. Copy/paste the contents of that log back into this thread when you have completed the fix. If after the reboot the log does not open, you may locate log.txt from the l2mfix folder. If you receive an error - Autoexec.nt is not suitable for running MS-Dos applications, you will need to visit this website to download additional files.* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *Download & install CleanUp.exe (not recommended for WinXP64)Please download AproposFix.exe - ... Read more

Read other 2 answers
RELEVANCY SCORE 59.6

Hey guys, I would like to learn a little about removing malware.  I  want to practice a little in hopes of taking the BC.com Malware Removal Program, but first want to get my feet wet to see if I'm up to it.  Don't know if this is the proper place to post but it's a start.  I have three laptops and spend most of my time in the Linux/UNIX forums.
 
Right now I got a friends Windows 7 laptop and it is full of junkware, and avast won't even work.  Don't want to break any forum rules but want to pursue this a little further, please advise. 
 
I downloaded Emsisoft EKK but am not sure that it will do what I want with the Malware I have, firstly "Spyware Clear"
I read that it makes changes to the Registry and that MBAM is a good tool for this.  I'm guessing EKK will do the same thing, but I am so new to all this I wouldn't know.
Also read that it can just be Removed by the Add-Remove Programs, but then also read that sometimes this don't work, and, other sites say to do this in "Safe Mode"
 
Thanks pcpunk!!

A:Malware Removers

pcpunk... it appears that I have replied to you in the Emsisoft Support Forum.

Read other 3 answers
RELEVANCY SCORE 59.6

So a few weeks ago I somehow got some sort of trojan, I used malwarebytes and avast and thought I had gotten rid of it but some odd things kept on happening. Random pop ups, slowdowns, I would type in a website, google for example and it would take me somewhere completely different. Even stranger is I found out over time (took me a while cause I mainly use firefox) that Google Chrome and IE don't work at all now. And I know they worked before. Also I've downloaded ad-aware, superantispyware, and spybot search and destroy and I'm unable to update any of them. I can update malwarebytes for whatever reason. I have just spent a while running full scans of malwarebytes and avast on safe mode and nothing comes up so maybe I don't have a virus but my computer is definitely acting strangely. From reading a few of the posts on here it seems like making a hijackthis log is pretty common so I went ahead and made one. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:42:35 PM, on 8/28/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17080)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program ... Read more

A:Trojan problems,Can't update any spyware removers

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 59.6

Hope you guys can help.My browser's been hijacked by a persistent pest. I've run Adaware, Spybot and Pestpatrol in normal boot-up and 'Safe' mode but can't seem to get rid of whatever's running.I have the typical symptoms. When entering a search topic in Yahoo and clicking on the results, I'm taken to random pages that don't match the original search results. I have hijackthis but I'm not too familiar on what route to take to clean up the computer. Here's a pasting of the 'hijackthis' log:Logfile of HijackThis v1.99.1Scan saved at 8:17:16 PM, on 5/15/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXED:\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Microsoft IntelliType Pro\type32.exeD:\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\... Read more

A:Browser Hijacked... Spyware Removers Not Working

Hello there fliparagon,Welcome to Bleeping Computer Please download, install, and update the free version of Ewido Anti-Malware:When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".When you run Ewido for the first time, you might get a warning "Database could not be found!". Click OK. We will fix this in a moment.From the main Ewido screen, click on update in the left menu, then click the Start update button.After the update finishes, the status bar at the bottom will display "Update successful"Click on ScannerClick on Complete System Scan and the scan will begin.If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.When the scan is finished, click the Save report button at the bottom of the screen.Save the report to your desktopClose EwidoPost the report from Ewido along with a new HijackThis log in your reply. How is your computer running?Thanks,tea

Read other 2 answers
RELEVANCY SCORE 59.2

It seems that you guys have really got it all worked out properly. Meaning you know what the hell your doin. So I am looking for help with the redirect I am getting on almost every search I do. Does not matter if I use Google or Yahoo or anyone.., about 1 out of every 3 search results I click send me to some bogus results site.

I am hoping you guys can help. I tried to follow all the instructions you have laid out and I hope I did not miss anything cause there seems to be a lot. Unless it is just me and I am having a hard time following with kids screamin at me.. lol.. if I did miss something just let me know and Ill get it for ya pronto. Here ya go..

DDS:
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Tony at 16:49:17.98 on Thu 03/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1916.1118 [GMT -6:00]

AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetwork... Read more

A:Google Redirect, all else has failed..

I don't know what it is with this virus, but it seems everywhere I look there is nothing that works. It seems from what I have seen here that what you guys do will fix it, but I am still wondering...

This morning it seems to have gotten worse. Every search I did pulls up a different bogus, spam-laden search company web site. It is ridiculous! Then when I tried punching in the URL manually I would get a msg that the URL could not be reached. I am so fed up! Please help!

I have run every virus scanner known to man, or at least the popular commercial ones, and none of them ever find anything. Is this redirect thing that sneaky? And if it is sooo common for people to get these then why have the big commercial companies that sell virus scanners, I mean that is their sole business model - to find and eradicate a virus on your computer - but why is it that they cannot find and wipeout the common redirect virus?

Is there anything you guys can do to help? I would love to scan thru all the other threads here and find an answer but I have seen warnings that what has worked for someone else may not work for me so I should not do that, and it makes sense. But I am running out of patience. I almost want to just format the HDD and start from scratch it is so frustrating!

Read other 15 answers
RELEVANCY SCORE 58.8

I am infected with a version of the Google Redirect malware problem:- When I click on one of the results from a search on any major search engine, I am redirected to other websites, usually commercial websites such as monstermarketplace.com. I can reach any website if I copy the address in the address bar; I only get redirected when I click directly on the link in the search results page.- Occasionally, a new tab pops up when I am in iGoogle, Gmail, or a Google search page. The new tab's address is www.google.com/webhp. In two occasions a new tab has opened with a commercial website. I always close the windows and have never searched on the google.com/webhp page.Some history:- I was originally infected with the AV Security Suite virus this weekend while downloading the platform for the online game "Battlefield Heroes" (www.battlefieldheroes.com). I tried going online while this virus was active and clicked on some of the pop-ups and alerts, sometimes saying "Yes" and sometimes "No" when it would ask if I wanted to allow access to the home page website. I believe this may have enabled the current redirect malware.- I removed the AV Security Suite virus (at least partly) by renaming and deleting the folder from which it was acting within my Local Settings folder. The current infection must therefore be a leftover of that initial infection.- I ran SpyBot and Ad-Aware, both of which found and removed cookies. I uninstalled both programs a... Read more

A:Infected with Google Redirect / Search Engine Redirect Malware

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

Read other 13 answers
RELEVANCY SCORE 58.8

The security alerts keep telling me that my computer is working slowly and that it is infected. When you click on them it takes you to a page to download spyware removal tools. My computer also constantly changes my background image to a blue background that says my computer is infected..I have ran ad-aware, spybot and AGV numerous times, updated my windows and searched with other tools to find this problem but no luck. After several days I am ready to give up. Please help!Here is a copy of my hijackthis post..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:01:27 PM, on 10/22/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\uesiuqcr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobil... Read more

A:Virus keeps opening a TOP RATED SPYWARE REMOVERS page

Hello brentlyreed and welcome to BC. Let's see what we can find.Before running a new scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).Do not change any settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make s... Read more

Read other 7 answers
RELEVANCY SCORE 58.8

Hi everyone,

Never did I think that a trojan infestation from a downloaded active x could cause so much problems with my system. So, at this moment in time I have the following pests popping up at will and proving to be a headache: systemdefender, viruslocator, antispyware.com ( which I actually bought hoping to do some good and the whole thing is a very clever scam which I unwittingly fell for) some new popups and the many warnings that appear real but are in fact a big hoax. I have to say antispyware.com is so clever that everytime you try to delete the app, a red screen appears on your desktop telling you that your privacy in in danger. And after that well many other apps take for ever to load or appear on the screen.

The antispyware apps I am using are: spyware doctor, trojan remover, ad-aware 2007, bazooka, hijackthis and armor ie. It is now apparent that my assembled arsenel of spyware removers cannot get rid of some of the pesky malware that is causing all the above problems. Any advice would be highly appreciated as I am about to visit a professional and before doing so would rather see if my spyware issues can be addressed on this forum.
Also, below is a log from hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:00 AM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\win... Read more

A:Trojan infestation that recommended spyware removers cannot eliminate

Read other 16 answers
RELEVANCY SCORE 58.8

Lately, my computer has been acting HORRIBLE. It used to be that I had a panicware pop up stopper free edition. It blocked all pop up ads, and everything was great, no weirdness. At some point I dl'd adaware b/c i thought it would make my computer even better. It never seemed to do anything bad, but things were slow once in a while. All of a sudden the panicware pop up stopper wasn't working so well, so i tried the yahoo toolbar. Seemed fine, but after a while, it sucked too. Then I heard about spybot search and destroy, and ran that. The first time I did it, things seemed great. Since then, it has quickly progressed to where I have non- stop pop up ads. I have since gotten rid of the yahoo toolbar, and now have the google one instead. It blocks a few things once in a while, but mostly all pop ups get through.

Basically, I was wondering if anyone else has experienced anything like this. I am so disillusioned with computers and the internet- I feel like everything is out to get us, what with all the pop ups and spyware. Why are my spyware and adware removers making things worse?
 

A:do spyware and adware removers just make things worse?

When posting, always state your OS and version numbers along with names of programs involved in your problem. The correct answers can depend on this vital information.

You might want to post a Hijack This log as well....someone here might be able to find a problem in there.

sekirt
 

Read other 3 answers
RELEVANCY SCORE 58.4

Got an XP machine that has a bunch of issues. I cant get rid of tracking cookies. Google has a redirect. All start menu links were hidden, but I fixed that.

I was unable to run GMER. It failed with a error of:
---------------------------
GMER
---------------------------
LoadDriver( "C:\DOCUME~1\Stephan\LOCALS~1\Temp\pxliypoc.sys" ) error 0xC000010E: Cannot create a stable subkey under a volatile parent key.
---------------------------
OK
---------------------------

Heres my dds Log though

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Run by Stephan at 12:43:05 on 2011-11-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3292.2199 [GMT -8:00]
.
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Wave Systems Corp\Services Manager&... Read more

A:Google Redirect, Failed TDSSKiller, etc... pls hlp

Also of note is that neither TDSSKiller or fixTDSS will work even in safe mode.

Read other 23 answers
RELEVANCY SCORE 58

I had a problem last week with the red biohazard screen saying my privacy is in danger but that no longer comes on my computer. Not I just have all kinds of popups that invade my screen directing me to systemerrorfixer.com, scanner.malwarealarms.com, udefender.com, deuscleaneronline.com, scanner.adwareremover2007.com, etc


Pandascan:

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jillybean\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jillybean\Cookies\[email protected][1].txt
Spyware:Cookie/Apmebf ... Read more

A:Constant popups tryint to direct to 'fake' spyware removers

Hello Jillybean,

1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Under Browsing History, click Delete.
Click Delete Files, Delete cookies and Delete history
Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.
Click Privacy in the menu..
Click the Clear now button below.. A new window will popup what to clear.
Select all and click the Clear button again.
Click OK to close the Options window
* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
2. Download ComboFix

NOTE: If you already have ComboFix, remove the old version from your Desktop, and replace it with this new version.Save it to your Desktop.
Double-click ComboFix.exe and follow the prompts. Type 1 (continue) and click Enter.
Don't click the ComboFix window while the fix is running, because that may cause your system to hang.
When finished and after reboot (in case it asks to reboot), Combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, Combofix.txt.
Post the contents of this log in your next reply.
Do NOT post the ComboFix-quarantined-files.... Read more

Read other 7 answers
RELEVANCY SCORE 58

Is there any good FREE malware/spyware/adware/virus/trojan removers that are not Ad-Aware SE Personal, Spybot S&D or Ewido security suite?
 

A:Good Free Malware Removers

Read other 9 answers
RELEVANCY SCORE 58

Nothing runs, they all close after a few seconds, here is a win32diag.http://www.bleepingcomputer.com/forums/t/257949/possible-system-32-issues-and-multiple-malware/Running from: C:\Documents and Settings\Praha\Desktop\Win32kDiag.exeLog file at : C:\Documents and Settings\Praha\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\WINDOWS'...Found mount point : C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\System.EnterpriseServicesMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP58F.tmp\ZAP58F.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB8.tmp\ZAPB8.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\temp\tempMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\tmp\tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\CDIIWall3res\CDIIWall3resMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Config\ConfigMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Connection Wizard\Connection WizardMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Copy of Options\Install\InstallMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Debug\UserMode\UserModeMount point desti... Read more

A:No antivirus or malware removers work.

Hello my name is Sempai and welcome to Bleeping Computer.*We apologize for the delay. Forum have been busy.*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.*You must reply within 5 days otherwise this topic will be closed.Your log will be analyzed and you will be instructed on what to do next as soon as possible.

Read other 22 answers
RELEVANCY SCORE 58

Thank you for your time. I had norton 360 3.0 on my computer that detected a virus called packed generic 200 that it could not remove. It was recommended by a friend to use Avast to remove it. Which it did at least it said it did and the problems stopped for a few weeks. However my norton 360 would not work properly and norton advised remove and reinstall. te removal work but I can not reinstall, I can download but not open. I have tried to use malwarebytes removal, but it will not run thou it appears to have installed. I have pop ups while surfing that do not open to a site one is list as(url.urtlk.com). But my biggest problem is that I can not open many sites that I normaly use and internet explorer is slow/freezes. I also have very questionable search respondes. Any help would be much appreciated. Thank you thejayman.DDS (Ver_09-07-30.01) - NTFSx86 Run by Jason F at 14:19:40.34 on Sat 08/01/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.702 [GMT -5:00]AV: avast! antivirus 4.8.1335 [VPS 090801-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\System32\svchost.exe -k NetworkServiceC: ... Read more

A:pop ups/cant install antivirus or malware removers

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 16 answers
RELEVANCY SCORE 58

Hello Thank you in advance for your help!Here is my situation...Other than the known Google redirect problem (google results aren't what they seem to be) that I've been experiencing in the past few days, I also seem to have a problem with loading google products/services such as Gmail, google maps, google reader, iGoogle, and google translate in Firefox. I don't know if the Google redirect virus is somehow related to this problem. These Google services I've mentioned simply won't load for me. In Gmail, the login screen appears fine but when I enter my username and password, it takes me to the "Loading [email protected]" and just tries to load it for a very long time until finally it says that I have a network problem. Also, I noticed that when I click the "Sign In" button on the Gmail login screen, the status bar on the bottom says: "Transferring data from secariadna.com..." which looks very suspicious to me (I can provide a screenshot of this if requested). The other services (maps, reader, translate) just won't load. For example, when I open a new tab and click on my google maps bookmark (for example) the window remains white and it keeps displaying: "Transferring data from maps.google.com" in the status bar. Sometimes after a long time of loading, the map would eventually manage to load. I also have to note that picasaweb loads without a problem in FF, although it also displays "Transferring dat... Read more

A:Google redirect virus + possible additional malware that prevents from Google services to load

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 19 answers
RELEVANCY SCORE 58

My poor PC is on the brink, whenever I select a link in google it redirects me to another website called 'bit-find' and sometimes ebay, I have seen other people with similar problems to this on this forum so I'm pretty certain that it is malware. I had a crude attempt at trying to fix this using instructions in someone elses thread but didn't have much luck so I have created a new topic. Hopefully I have created this topic in the correct place this time, here are my logs, if some friendly person could help me i would be much obliged.

I have attached my 'DDS' and 'attach' file

Cheers chaps/chapets

A:Malware- Google links redirect me to 'bit-find', google maps don't work

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 58

Hi.
I believe I have the Google Redirect Virus. When I click on a link from a Google search page, I sometimes get re-directed to an unrelated site. Closing that page down and clicking on the link again usually takes me to the actual intended site. I also occasionally experience random pages like Gumtree.com.au popping-up underneath my current page.
Google searches also sometimes stop dead, like it's hanging. When I click to search, the page will remain blank; and I see the address bar down the bottom flicker between "www.google.com..." and "www.google.com.au..." every few seconds. This carries on for a minute. Google then takes me to the "To continue, please type the characters below" page.
I use Mozilla Firefox 3.6.15 and Windows XP SP3 32 bit.
I've had Ad-aware and AVG installed for ages, and run regular scans. I have also tried TDSS Killer, Spybot Search And Destroy, Hitman Pro, and CCleaner.
Help getting rid of this problem would be very much appreciated. Thank you

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by G_Freeman at 21:19:03.56 on Fri 11/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.3582.2622 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===========... Read more

A:Google redirect virus and failed searches

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 20 answers
RELEVANCY SCORE 58

Hi,

I first noticed a problem with my computer yesterday. A windows type message displayed saying there was a 'delayed write' failure. This happened multiple times very quickly. No messages appeared that prompted me to download anything to fix this. When I opened firefox I found that when I google searched it displayed 'ssl search is off'. Sometimes when I clicked on search results I was redirected to random sites (this happened with both Chrome and Firefox). When I opened my virus scanner (Symantec) I found my scheduled scans had been removed. A full scan found no problems.
I also found my task manager had been disabled.

I tried to follow the advice in other threads on this forum.
I downloaded TDSSKiller but it would not run, even when renamed.
I followed advice at http://www.bleepingcomputer.com/forums/topic372491.html: in particular, in safemode I ran RKill and SUPERAntispyware. SUPERAntiSpyware found multiple problems (I will post log below).
On reboot (into safemode again) I found that I had access to the task manager again. I haven't seen any redirects, but I haven't tried searching much. I still get ssl search is off, and I still cannot run TDSSKiller (or fixTDSS).
I ran ESET online scanner and it found two problems and was unable to fix one of them. I couldn't find a log file, but the threats listed were:

C:\System Volume Information\_restore{EA627B52-0F52-40E0-9BE4-154495B1D3AE}\RP1067\A0102527.exe a variant of Win32... Read more

A:Google redirect / delayed write failed

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/468641 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 28 answers
RELEVANCY SCORE 58

I recently got a new client who needed help with his computer. It was silly of me to think it would be simple. I was up all night working on it.

His initial problem was that windows would hang on "Loading personal preferences" and would only boot in safe mode. It wasn't the page file, or any of the usual things... though I did start to notice that normal Windows functions didn't work properly, from MsPaint to IExplorer. I tried to run Autoruns.exe and Hijackthis and they shutdown as soon as they were opened. IExplorer wouldn't load pages and firefox would pop up and load the pages instead.

I thought I should just repair windows, which I tried to do and accidentally installed a second copy of windows on the same partition... I then deleted the second windows installation (windows.0), but after that windows would boot fine without safe mode. That was only the beginning though. I found the google redirect on there, a bunch of old adware and a mess of a disorganized computer.

The system also booted and gave a tapi.nfo error, I searched for this and got nowhere. So I went to regedit and deleted the line causing it. It doesn't pop up anymore, but that didn't solve anything.

I looked further into the situation and found that many others are having trouble with rootkit malware that shuts down anti-malware software.

I tried loading malwarebytes, etc, and even renaming the files and the extensions. It still all shuts down immediately when its loaded.
... Read more

A:Rootkit, Malware, Tapi.nfo, Google Redirect, Can't open anit-malware

have you tried root repeal? it sounds to me like you've read that post.




Rerun Rootrepeal. After the scan completes, go to the files tab and find this file:

C:\WINDOWS\system32\drivers\UACxpqhxbvttn.sys

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

Then run a quick-scan with Malwarebytes. Keep rebooting and running quick-scans with Malwarebytes until it shows zero infections. If after 3 scans it is still not clean post the final log.

this isn't my post so I can't take credit for it but apparently it works
good luck either way. the entire post is called AntiSpy Protector 2009 you should check it out before trying this, good luck

Read other 38 answers
RELEVANCY SCORE 58

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

A:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Read other 5 answers
RELEVANCY SCORE 57.2

Yesterday I got a failed update message from my AVG antivirus protection. I'm not very computer savvy but what little I did to try to fix it, didn't work. The task bar icon just has a red exclamation point on it.

Also my SuperAntispyware software came up with an microsoft error message when I tried to run it. For some reason I thought uninstalling it would be a good idea, thinking I would just install it again. Well now I can't access any anit virus or spyware sites at all. So now I don't even have that.

Than today when I use google, I get the different choices, but every single site I click on opens up another window to a completely unrelated page.

I did what was suggested here and downloaded hijackthis so I could get a copy of my HJT log so I could copy and paste it here. As far as I know I downloaded it fine, but for some reason when I click on run, nothing happens. I see the little hour glass for a few seconds and than it disappears but no new window opens. Is there another way I can access the HJT log?

I also downloaded malwarbytes today, but that doesn't seem to be doing anything either. Just like the HJT log, nothing happens when I click on open or run.

I'm using windows XP and IE brower on my laptop. I had to use my desk top to wrtie this message as most sites I click on just say page cannot be found.
Thank you in advance for your help.
 

A:Google redirect and anti virus update failed

Read other 16 answers
RELEVANCY SCORE 57.2

Brocken internet connection? I am online. Do you see anything else that needs taken care of??

thanks in advance

Logfile of HijackThis v1.97.7
Scan saved at 2:40:49 PM, on 5/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\QuickTime\qttask.exe
G:\WINDOWS\System32\devldr32.exe
G:\WINDOWS\System32\wuauclt.exe
G:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
G:\Program Files\RealRhapsody\Rhapsody.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Documents and Settings\MMS\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - G:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - G:\PROGRA~1\Odigo\Bin\OdigoBHO.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.... Read more

A:HJT log, broken internet connection?

That is from - Farstone HackerSmacker Firewall

Log looks ok to me.
 

Read other 3 answers
RELEVANCY SCORE 57.2

I have a XP home pc which has stopped connecting to the internet.

It is connected to a router. ( another pc, from which I am typing now, is also connected to that router & is fine)

Any ideas ?

abbyk
 

A:Broken Internet connection

Read other 12 answers
RELEVANCY SCORE 57.2

Whilst using my laptop recently (Runs XP Home edition) I opened an email attachment that I thought was a genuine e-card - it wasn't!

Since then I can not connect to the internet wirelessly or wired - any help much appreciated!

Phil,

I have now run HiJackThis - can anyone explain the following log?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:15, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program... Read more

A:Broken Internet Connection

Any ideas?? Can anyone help?

Many thanks.

Phil.
 

Read other 1 answers
RELEVANCY SCORE 57.2

I have been struggling with this for several days now and still can't fix it. I have run adaware, hijackthis & LSPfix - and it still hasn't fixed it. I have attached my hijackthis log to see if ANYONE can help!!!

Logfile of HijackThis v1.98.2
Scan saved at 7:59:04 PM, on 8/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=0409&c=1c00
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://MSN.COM/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: PopupBlockerBHO.CPopupBlock... Read more

A:Help! Broken Internet Connection

Read other 6 answers
RELEVANCY SCORE 57.2

Hi,

My internet connection gets disconnected unexpectedly. I have used 'lspfix', but no success. Using 'lspfix' says '0' items removed or renumbered.
My hijackthis log is .........

Logfile of HijackThis v1.97.7
Scan saved at 1:37:46 PM, on 3/6/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\iVasion\WinPoET\WrOS.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\locator.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\JIGNESH1\Local Settings\Temp\HijackThis.exe
C:\Pro... Read more

A:broken internet connection

Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

O18 - Protocol hijack: about - 53B95211-7D77-11D2-9F80-00104B107C96
 

Read other 1 answers