Over 1 million tech questions and answers.

Virus Preventing Anti-Virus Software and System Restore

Q: Virus Preventing Anti-Virus Software and System Restore

The previous poster of this issue had his post closed after receiving his system restore disks without actually beating the virus and I'm experiencing the exact same symptoms as he had, so here's his post, please help me, I would rather not wait for disks.

My desktop computer contracted a virus, and it's unlike one I've ever dealt with. It seems to be affecting the computer in two ways:

1) When I use Internet Explorer and search Google for something and click on a link, it re-directs to a different website -- usually one about some sort of anti-virus software. It doesn't seem to be affecting Firefox at all, though. Searches and links are just fine there.

2) It prevents any currently installed anti-virus software from running a scan, or any new anti-virus software or anti-spyware software from installing. I had Norton installed, and when I tried to run a scan, it would look like it was running a scan, but nothing happened. I tried installing other anti-virus software (after un-installing Norton) and running anti-virus scans on the internet (like Trendmicro) and nothing worked. It either sat idle like Norton did, or it causes the computer to go to a blue screen and then shut down.

I've perused various forums for a solution, and most of the solutions involve running some sort of anti-virus or anti-spyware program, or programs like HijackThis, and none of these will run on my infected computer.

I also tried to restore the system back to factory settings, but it seems as though the system recovery partition doesn't exist, or has been disabled by the virus. I'm not exactly sure, because I just got the computer recently and I guess I never paid much attention as to whether or not there was a recovery partition. I'm getting recovery discs mailed to me by the manufacturer, so if all else fails, I can try that...but I figured I'd post here as a last resort in hopes of getting rid of this virus.

Any help is appreciated.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Kris at 17:21:27.28 on Fri 07/17/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_14
Microsoft? Windows Vista???? Home Basic 6.0.6001.1.1252.1.1033.18.1918.1179 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe
C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kris\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.5.0.134\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java? Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [eRecoveryService]
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: dadb - {82D6F09F-4AC2-11D3-8BD9-0080ADB8683C} - c:\program files\orangecd\dadb.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\kris\appdata\roaming\mozilla\firefox\profiles\okb4tu07.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys [2009-7-15 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1005000.086\cchpx86.sys [2009-7-15 482352]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090715.003\IDSvix86.sys [2009-7-17 293424]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-15 101936]

=============== Created Last 30 ================

2009-07-17 15:15 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-07-17 11:52 <DIR> --d----- c:\users\kris\.housecall6.6
2009-07-17 00:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-16 00:35 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-07-16 00:35 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-07-16 00:34 <DIR> --d----- c:\users\kris\appdata\roaming\SUPERAntiSpyware.com
2009-07-16 00:34 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-16 00:33 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-15 17:02 25,136 a----r-- c:\windows\system32\drivers\SymIMV.sys
2009-07-15 17:02 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-15 17:02 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-15 17:02 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-15 17:02 <DIR> --d----- c:\program files\Symantec
2009-07-15 17:01 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-07-15 17:01 <DIR> --d----- c:\program files\Norton AntiVirus
2009-07-15 17:01 <DIR> --d----- c:\programdata\Norton
2009-07-15 17:01 <DIR> --d----- c:\progra~2\Norton
2009-07-15 16:54 <DIR> --d----- c:\programdata\NortonInstaller
2009-07-15 16:54 <DIR> --d----- c:\program files\NortonInstaller
2009-07-15 16:54 <DIR> --d----- c:\progra~2\NortonInstaller
2009-07-15 16:53 <DIR> --d----- c:\programdata\Symantec Temporary Files
2009-07-15 16:53 <DIR> --d----- c:\progra~2\Symantec Temporary Files
2009-07-15 16:35 <DIR> --d----- C:\Rooter$
2009-07-15 02:59 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-14 23:47 <DIR> --d----- c:\programdata\avg8
2009-07-14 23:47 <DIR> --d----- c:\progra~2\avg8
2009-07-14 22:34 <DIR> --d----- c:\users\kris\appdata\roaming\Malwarebytes
2009-07-14 22:33 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-14 22:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 22:33 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-14 17:46 <DIR> --d----- c:\users\kris\DoctorWeb
2009-07-14 17:36 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 17:36 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 17:36 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 17:36 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-14 17:34 <DIR> --d----- c:\programdata\WindowsSearch
2009-07-13 22:39 <DIR> --d----- c:\program files\Trend Micro
2009-07-13 22:27 210,016,880 a------- c:\windows\MEMORY.DMP
2009-07-13 20:14 <DIR> --d----- c:\program files\Yahoo!
2009-07-13 19:46 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-07-13 19:46 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-07-13 19:46 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-07-13 19:46 32 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-07-13 19:21 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-07-13 19:21 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-07-13 18:22 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-07-13 18:22 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-13 18:22 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-07-13 12:54 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-07-13 12:03 <DIR> --d----- c:\program files\Vuze
2009-07-13 02:13 <DIR> --d----- c:\program files\MSXML 4.0
2009-07-12 23:31 <DIR> --d----- c:\users\kris\Websites
2009-07-12 23:31 <DIR> --d----- c:\users\kris\Games
2009-07-11 23:29 <DIR> --d----- c:\program files\GPLGS
2009-07-11 23:28 87,552 a------- c:\windows\system32\cpwmon2k.dll
2009-07-11 23:28 <DIR> --d----- c:\program files\Acro Software
2009-07-11 23:25 <DIR> --d----- c:\users\kris\appdata\roaming\iSproggler
2009-07-11 23:22 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-07-11 23:22 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-11 23:21 <DIR> --d----- c:\program files\iPod
2009-07-11 23:21 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-11 23:21 <DIR> --d----- c:\program files\iTunes
2009-07-11 23:21 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-11 23:20 <DIR> --d----- c:\program files\iSproggler
2009-07-11 23:20 <DIR> --d----- c:\programdata\Apple Computer
2009-07-11 23:18 <DIR> --d----- c:\programdata\Apple
2009-07-11 22:53 <DIR> --d----- c:\programdata\WEBREG
2009-07-11 22:53 <DIR> --d----- c:\progra~2\WEBREG
2009-07-11 22:47 <DIR> --d----- c:\programdata\Hewlett-Packard
2009-07-11 22:40 <DIR> --d----- c:\programdata\HP Product Assistant
2009-07-11 22:38 <DIR> --d----- c:\program files\common files\HP
2009-07-11 22:38 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-07-11 22:37 271,704 a------- c:\windows\system32\hpzids01.dll
2009-07-11 22:37 118,272 a------- c:\windows\system32\hpz3l5mu.dll
2009-07-11 22:37 970,752 a------- c:\windows\system32\hpotiop6.dll
2009-07-11 22:37 729,088 a------- c:\windows\system32\hpowiax8.dll
2009-07-11 22:37 372,736 a------- c:\windows\system32\hppldcoi.dll
2009-07-11 22:37 303,104 a------- c:\windows\system32\hpovst14.dll
2009-07-11 22:37 309,760 a------- c:\windows\system32\difxapi.dll
2009-07-11 22:35 <DIR> --d----- c:\program files\HP
2009-07-11 22:30 157,665 a------- c:\windows\hpoins29.dat
2009-07-11 22:29 <DIR> --d----- c:\programdata\HP
2009-07-11 22:10 <DIR> --d----- c:\programdata\ALM
2009-07-11 22:10 <DIR> --d----- c:\progra~2\ALM
2009-07-11 20:21 <DIR> --d----- c:\program files\Bonjour
2009-07-11 20:13 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-07-10 21:13 <DIR> --d----- C:\AdobeTemp
2009-07-10 20:10 222,624 a------- c:\programdata\CSI-Hooks.dll
2009-07-10 20:10 222,624 a------- c:\progra~2\CSI-Hooks.dll
2009-07-10 20:02 <DIR> --d----- c:\programdata\FLEXnet
2009-07-10 19:10 <DIR> --d----- c:\programdata\Azureus
2009-07-10 19:10 <DIR> --d----- c:\progra~2\Azureus
2009-07-10 19:10 <DIR> --d----- c:\users\kris\appdata\roaming\Azureus
2009-07-10 18:51 <DIR> --d----- c:\users\kris\Music Database
2009-07-10 18:38 <DIR> --d----- c:\users\kris\Graphics Programs
2009-07-10 18:38 <DIR> --d----- c:\users\kris\Graphic Design
2009-07-10 18:32 <DIR> --d----- c:\program files\OrangeCD
2009-07-10 18:32 <DIR> --d----- c:\users\kris\appdata\roaming\WTablet
2009-07-10 18:31 11,440 a------- c:\windows\system32\drivers\WacomVKHid.sys
2009-07-10 18:30 13,352 a------- c:\windows\system32\drivers\wacomvhid.sys
2009-07-10 18:30 11,312 a------- c:\windows\system32\drivers\wacommousefilter.sys
2009-07-10 18:30 15,656 a------- c:\windows\system32\drivers\wacmoumonitor.sys
2009-07-10 18:30 2,789,672 a------- c:\windows\system32\Wacom_Tablet.exe
2009-07-10 18:30 213,288 a------- c:\windows\system32\Wacom_Tablet.dll
2009-07-10 18:20 376 a------- c:\windows\ODBC.INI
2009-07-10 18:20 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-07-10 18:19 <DIR> --d----- c:\windows\ShellNew
2009-07-10 17:47 72,704 a------- c:\windows\system32\admparse.dll
2009-07-10 17:23 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-07-10 17:23 83,456 a------- c:\windows\system32\wudriver.dll
2009-07-10 17:23 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-10 17:23 31,232 a------- c:\windows\system32\wuapp.exe
2009-07-10 17:05 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-10 17:05 97,800 a------- c:\windows\system32\infocardapi.dll
2009-07-10 17:05 622,080 a------- c:\windows\system32\icardagt.exe
2009-07-10 17:05 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-07-10 17:05 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-07-10 17:05 11,264 a------- c:\windows\system32\icardres.dll
2009-07-10 17:05 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-07-10 17:04 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-07-10 17:01 96,760 a------- c:\windows\system32\dfshim.dll
2009-07-10 17:01 282,112 a------- c:\windows\system32\mscoree.dll
2009-07-10 17:00 41,984 a------- c:\windows\system32\netfxperf.dll
2009-07-10 17:00 158,720 a------- c:\windows\system32\mscorier.dll
2009-07-10 17:00 83,968 a------- c:\windows\system32\mscories.dll
2009-07-10 16:59 147,456 a------- c:\windows\system32\Faultrep.dll
2009-07-10 16:59 125,952 a------- c:\windows\system32\wersvc.dll
2009-07-10 16:59 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-07-10 16:59 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-07-10 16:42 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-07-10 16:42 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-07-10 16:22 <DIR> --d----- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2009-07-10 16:22 890 a------- c:\windows\system32\WLAN.INI
2009-07-10 15:57 337 a------- c:\windows\system32\tablet.dat
2009-07-10 15:57 1,651,768 a------- c:\windows\system32\WacomTablet.znc
2009-07-10 15:57 6,561,064 a------- c:\windows\system32\WacomTablet.cpl
2009-07-10 15:57 <DIR> --d----- c:\windows\system32\WTablet
2009-07-10 15:57 8,138 -------- c:\windows\system32\drivers\PenClass.sys
2009-07-10 15:57 172,840 a------- c:\windows\system32\Wintab32.dll
2009-07-10 15:57 <DIR> --d----- c:\program files\Tablet
2009-07-10 15:47 <DIR> --d----- C:\Linksys Driver
2009-07-10 15:39 <DIR> --d----- c:\users\kris\appdata\roaming\Symantec
2009-07-10 15:38 <DIR> --d----- c:\program files\eBay
2009-07-10 15:36 <DIR> --d----- c:\users\Kris

==================== Find3M ====================

2009-07-15 17:02 51,200 a------- c:\windows\inf\infpub.dat
2009-07-15 17:02 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-15 17:02 86,016 a------- c:\windows\inf\infstor.dat
2009-05-09 00:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 00:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-23 07:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 06:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-01-19 21:56 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 21:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:23:49.08 ===============

RELEVANCY SCORE 200
Preferred Solution: Virus Preventing Anti-Virus Software and System Restore

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Virus Preventing Anti-Virus Software and System Restore

bump >_>Hello KBM,While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Regards,The weatherman (Moderator)

Read other 3 answers
RELEVANCY SCORE 103.6

I posted about this in the "Am I Infected?" area, but after several attempts at removing this beast of a virus, I was told to post here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/241480/virus-preventing-anti-virus-software-scans/ ~ OBThe contents of my original post:My desktop computer contracted a virus, and it's unlike one I've ever dealt with. It seems to be affecting the computer in two ways:1) When I use Internet Explorer and search Google for something and click on a link, it re-directs to a different website -- usually one about some sort of anti-virus software. It doesn't seem to be affecting Firefox at all, though. Searches and links are just fine there.2) It prevents any currently installed anti-virus software from running a scan, or any new anti-virus software or anti-spyware software from installing. I had Norton installed, and when I tried to run a scan, it would look like it was running a scan, but nothing happened. I tried installing other anti-virus software (after un-installing Norton) and running anti-virus scans on the internet (like Trendmicro) and nothing worked. It either sat idle like Norton did, or it causes the computer to go to a blue screen and then shut down.I've perused various forums for a solution, and most of the solutions involve running some sort of anti-virus or anti-spyware program, or programs like HijackThis, and none of these will run on my infected computer.I also tried to restore the system back to factory set... Read more

A:Virus Preventing Anti-Virus Software Scans

I received my System Restore discs, so I just did a complete restore to factory settings to get rid of the virus. It worked, so this thread can be considered closed.

Kris

Read other 2 answers
RELEVANCY SCORE 103.6

My desktop computer contracted a virus, and it's unlike one I've ever dealt with. It seems to be affecting the computer in two ways:

1) When I use Internet Explorer and search Google for something and click on a link, it re-directs to a different website -- usually one about some sort of anti-virus software. It doesn't seem to be affecting Firefox at all, though. Searches and links are just fine there.

2) It prevents any currently installed anti-virus software from running a scan, or any new anti-virus software or anti-spyware software from installing. I had Norton installed, and when I tried to run a scan, it would look like it was running a scan, but nothing happened. I tried installing other anti-virus software (after un-installing Norton) and running anti-virus scans on the internet (like Trendmicro) and nothing worked. It either sat idle like Norton did, or it causes the computer to go to a blue screen and then shut down.

I've perused various forums for a solution, and most of the solutions involve running some sort of anti-virus or anti-spyware program, or programs like HijackThis, and none of these will run on my infected computer.

I also tried to restore the system back to factory settings, but it seems as though the system recovery partition doesn't exist, or has been disabled by the virus. I'm not exactly sure, because I just got the computer recently and I guess I never paid much attention as to whether or not there was a recovery partit... Read more

A:Virus Preventing Anti-Virus Software Scans

This sounds exactly like something that took down my work computer last week, all the same symptoms...ended up doing a clean install. Ugh!

Couldn't get anything mBAM or AVG to do anything....

...I am/was running XP...

I am *very* interested in any info anyone may have about this!

Read other 16 answers
RELEVANCY SCORE 101.6

Hello,

I have a serious PC problem and fear that its a rootkit or trojan infection. We have a six-year old Fujitsu-Siemens Desktop PC. Operating system is Windows XP Home Edition with SP3 installed. The problems are as follows:

Mcafee Anti-Virus Real-Time Scanning switches itself off. If I switch it on it switches itself off again. Sometimes it might stay on for 20-30mins but on other occasions it only stays on for a few seconds. Even in safe mode Real-Time scanning continually switches itself off. Also I cannot run a full system scan with Mcafee in normal operating mode - the scan will start but aborts after a minute or two. Mcafee will complete a full scan in safe mode but finds nothing.

System Restore is disabled. When I try to open it I get an error message which says something like, "System Restore cannot protect your computer. Please restart it then try again." It will not work in either normal mode or safe mode.

In normal mode downloads are being blocked. When I get the option to either run or save the download the computer just freezes. I had to download the DDS and GMER software in safe mode. Some programmes will not run at all in normal mode. For example I have System Mechanic Professional installed but I cannot even open it in normal mode. It seems to run ok in safe mode.

At times the computer runs very slowly with frequent freezes and locks. I have both Firefox and Google Chrome installed and Firefox seems to run the better of the two. I continually... Read more

A:Anti-Virus Software and System Restore Disabled.

Hello and welcome to the forum. I apologize for the delay in responding to your request for help but it is very busy here and we can get overwhelmed at times.If you have since resolved the original problem you were having, we would appreciate you letting us know.If you still do need our help, please note the following:While working we us, please refrain from running tools or applying updates other than those we suggest while we are cleaning your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please also include a clear description of the problems you're having.After 5 days if your topic is not replied I will assume it has been abandoned and will close it.Please be patient while I analyze your logs. All of my fixes are checked by higher level forum members before posting.Thank you.Dave

Read other 61 answers
RELEVANCY SCORE 100.4

Hello,
My computer has developed a nasty virus. I am using windows xp and I tried system restore but it wouldn't go past the "confirm restore point selection page". I tried to run malwarebytes and it wouldn't open that it. It won't let me install hijack this either. When I go onto the internet to do some searching as to how to kill this bastard, some of the google searches bring a pop-up that says that the site is not allowed and then it goes to ie cannot display this page.

I would love for any help as I'm close to seeing how far a toshiba laptop can fly.

Thanks,

mtime

A:virus won't allow anti-malware software or system restore to work

Rename this file:C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeto this:winlogon.exeThen double-click the renamed file and see if it will run.

Read other 28 answers
RELEVANCY SCORE 99.6

I pretty much said it all in the title, i've run ad aware, it says its found things and sorted them out, it hasn't, and my pc keeps crashing...

A:Google is redirecting me, i cannot do a system restore and i can't update anti-virus software! AGH!

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.To avoid confusion, I am closing this topic.

Read other 1 answers
RELEVANCY SCORE 98

I have Windows XP SP3 and BitDefender antivirus.  I get a message that Windows cannot open this program because it has been prevented by a software restriction policy.  I've tried running malwarebytes program with no results.  What do I need to do?
 
Thank you.

A:Software Restriction Policy Preventing Anti-Virus

These are example entries from a FRST log explaining what is most likely going on with the "software restriction policy" message...

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\a-squared Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\a-squared Anti-Malware <====== ATTENTION

Farbar Recovery Scan Tool (FRST) is an advanced specialized tool designed to run in the Recovery Environment in Windows Vista and Windows 7/8 in order to diagnose and fix boot problems. It is also useful for removing malware when other tools fail including this software restriction issue. However, the use of FRST (and posting of i... Read more

Read other 3 answers
RELEVANCY SCORE 96

Hi fantastic people!

I'm in a rutt and I need your help. My system is infected with malware because it's doing several things:

1) It started being awfully slow 2 days ago and it freezes on me any time I try to run any browser. And I regularly run super anti Spyware and malware bites so it cleans most things.

2) It paralyzes any anti virus software I try to run a third into its analysis then everything freezes and I have to restart my laptop.

3) I can't open any exe files I download whatsoever. I tried downloading adwcleaner but I couldn't even run the exe files or any other exe files at all.

4) Netflix started crashing on me for no reason and that was my first clue into finding out it's malware.

I already backed up all my files, pics, music, and documents. I am attaching a picture of TSG below because I'm sending this from my phone as I'm having all sorts of issues with my browsers crashing. I'm looking at buying a new laptop because I'm definitely due for an upgrade but I would like this one to run a bit longer if possible because I'm too busy to adjust to a new laptop now. Geek squad want $150 to clean it up. Any other alternatives?! Please help it's desperate!

Thank you so much in advance
 

Read other answers
RELEVANCY SCORE 96

Hi fantastic people!

I'm in a rutt and I need your help. My system is infected with malware because it's doing several things:

1) It started being awfully slow 2 days ago and it freezes on me any time I try to run any browser. And I regularly run super anti Spyware and malware bites so it cleans most things.

2) It paralyzes any anti virus software I try to run a third into its analysis then everything freezes and I have to restart my laptop.

3) I can't open any exe files I download whatsoever. I tried downloading adwcleaner but I couldn't even run the exe files or any other exe files at all.

4) Netflix started crashing on me for no reason and that was my first clue into finding out it's malware.

I already backed up all my files, pics, music, and documents. I am attaching a picture of TSG below because I'm sending this from my phone as I'm having all sorts of issues with my browsers crashing. I'm looking at buying a new laptop because I'm definitely due for an upgrade but I would like this one to run a bit longer if possible because I'm too busy to adjust to a new laptop now. Geek squad want $150 to clean it up. Any other alternatives?! Please help it's desperate!

Thank you so much in advance
 

Read other answers
RELEVANCY SCORE 92

I got this nasty virus but I have no idea how to get it out, I can't run into safe mode because it restarts my computer and it keeps doing that. Ill post up a HiJackThis log PLEASE HELP! I am still a beginner so please bare with it. The problems that I know/see on my computer is that, I have restricted admin rights so I cant use System Restore or the task manager, Also my anti-virus keeps disabling and its Macafee if you want to know.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.... Read more

Read other answers
RELEVANCY SCORE 88.4

Hi,

My desktop PC running on Windows XP Professional with SP3 is infected with some kind of virus/spyware that prevents access to anti virus sites.

The virus has also corrupted McAfee virus scan binary and prevents access to sites which clean spyware/malware. I have Malwarebytes' Anti-Malware and SuperAnti Spyware installed. But they cannot update their definitions since the virus attack started about 1 week ago.

I have tried several attempts to clean the virus/malware using the above anti spyware (McAfee scan is corrupted and won't start). The anti spyware finds a few worms and trojans and says that it cleaned them, but they keep coming back. I ran the scan in Safe mode with/without internet connection but that didn't help.

I have Zone Alarm installed but think that it is also infected.

Following are the main symptoms I see

1. No visible error messages/pop ups during bootup.

2. After booting I see quite a few new programs, mainly from the "C:/windows/system32/temp" dir trying to access the internet. Zone Alarm blocks them.

3. After doing a Google search in IE, if I click any website link, it is redirected to another random site. Sometimes opening the link in another IE window helps. (right click -> "open in new window")
Cannot access Microsoft or any anti virus/spyware related website.

4. Many times a pop up message saying "my computer may be infected with spyware" shows up and asks for running a scan. Initial... Read more

A:Virus/Spyware preventing access to Anti-Virus/Microsoft files

Hi there,

* Go here to run an online scanner from ESET.Tick the box next to YES, I accept the Terms of Use.
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish
Copy and paste report as a reply to this topic.

Read other 10 answers
RELEVANCY SCORE 88

I have a Windows XP Home laptop and I am unable to access any anti-virus websites for updates. Also tried installing Ad-aware but it failed. Malwarebytes found 2 objects but could not delete them on restart. Here are the results from DDS and the GMER results attached. What are the next steps?

Thanks in advance!


DDS (Ver_09-11-24.02) - NTFSx86
Run by Zeny at 14:35:07.86 on Wed 11/25/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.447.203 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL Companion\companion.exe
C:\Documents and Setting... Read more

A:Virus/Malware preventing access to Anti-Virus Sites

Haven't received any responses yet . . . bumping.

Thank you.

Read other 16 answers
RELEVANCY SCORE 88

Hi, I'm pretty sure someone clicked on a virus link on facebook because when I viewed my profile on another computer I've somehow started conversations with everyone on my contact list along with a link of the virus. Please help me. Thank you.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Virus Preventing connection to Facebook and anti virus scans

Hi, I'm pretty sure someone clicked on a virus link on facebook because when I viewed my profile on another computer I've somehow started conversations with everyone on my contact list along with a link of the virus. Also, on the infected PC facebook never loads up. So far I've done nothing as I was getting ready to format my PC. Somehow I stumbled upon this forum while browsing the internet so I was hoping my comp could be saved. Please help me. Thank you.

Read other 7 answers
RELEVANCY SCORE 87.2

I have Malwarebytes and Microsoft Security Essentials installed. The former is running all the time while I only run MSE occasionally to do a scan. I don't run them together so they don't conflict.

A few days ago I was getting a bubble pop up in the corner of my screen saying Malwarebytes was blocking outgoing connections to several IP addresses.

I updated MWB and did a scan which found something and asked me to restart to remove it. After I did this I was still getting the pop up messages about blocking connections but subsequent scans found nothing so I ran MSE which did find something (Cutwail.BE) that was quarantined automatically.

After this I restarted again and when I logged into Windows the MWB live protection module (I forget the exact name and can't open it to check) and MSE Real Time protection were both disabled and I got an error when I tried to enable them.

I know viruses can cause problems with updating these programs so I ran more scans with both MWB and MSE separately. MWB never found anything else but MSE found another instance of Cutwail.be and Necurs.A.

The next time I restarted I was unable to update either anti-virus program and just now Malwarebytes told me it was installing a new version of the program, which I didn't get a choice about, and now it wont open at all.

Neither MWB or MSE are finding anything when they scan now but I think something is still wrong because I can't enable real time protection or update them.

I have access to a Wi... Read more

A:Virus preventing anti-virus working properly

BUMP, please.

Read other 14 answers
RELEVANCY SCORE 87.2

The problem started a few days ago when I got a fake anti-virus, I promptly killed it with Malware Bytes Anti-Malware or so I thought. Later that day the computer restarted without prompting or warning and then kept restarting just after windows loaded. So I went into safe mode and ran AVG Malware bytes and Spybot. They all found stuff and killed them. I left the computer a bit and there was another Fake anti-virus. I killed it and then winlogin and severel other windows system files were being killed by Data Execution Prevention. After several attempt to remedy the problem we took drastic steps. WE formatted and reinstalled windows. We couldn't activate this windows because it wouldn't give us a installation ID so we found a disk with the version of windows the computer previous;y had from an older computer that got fried. Because of this there are 3 OS on the computer. The recovery drive which was not included in the format reads as: Unrecognized Operating System on drive C and XP Professional which should have been erased from the 2nd formatting from the current OS XP Media Center.

Now that we are able to logon we saw that the bugger was still there. I can get on the internet but the virus is preventing me from getting help anti-virus and anti-spyware sites are all not coming up. I do have 1 anti-virus that I have on CD but it's 2 years old and the virus won't let it update. Now I am here.

DDS:

DDS (Ver_09-06-26.01) - NTFSx86
Run by EnzoreDax at 11:44:31.53 on ... Read more

A:Virus Preventing Access to Anti-Virus websites

Hi DragonFox,

Wow.. This machine is heavily infected!!

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Please re-run DDS and post the resulting logs

Thanks

Read other 1 answers
RELEVANCY SCORE 87.2

Hello all. I definitely got myself something pretty bad I think. I'll try to explain everything along with an attached Hijack log. I run Vista 32bit.

A few days ago I noticed random programs erroring out. At first firefox would crash. Then Zune marketplace would crash. I ran AVG and Malware and both came up clean. I didn't think anything of it. Then I started to have some Bsod's.

One of the restarts I noticed there was a windows security warning. Now my AVG was disabled and no matter how I tried to enable it, nothing would happen. Also, I had trouble starting the scan. When I was able to get the scan running, it would error out or bsod. Also, it seems almost all of these bsod's are different. I've gotten "IRQL not less or equal" to "memory management." It seems to be random.

So I restarted in safemode and tried to run AVG. It froze. I read to uninstall it using the avgremover and I did. When I tried to reinstall it, it errored out twice before it was sucessful. However, when scanning, it'd just freeze. Also, when I try to just start up AVG, I can't find a place to start it. It's all "AVGUI" and such files but no base application.. if that makes sense.

I tried to download another anti-virus, like Avast, and that too wouldn't install.

Please let me know if you need any other information. Thanks in advance!

EDIT: Whoops, tried to attach log. Here's my Hijack.

Running processes:
C:\Windows\sys... Read more

Read other answers
RELEVANCY SCORE 87.2

Hey there...

I must have some sort of virus preventing me from installing anti virus program, and even accessing their websites online.

It seems to be the same problem as bill here, had back in 2008.
Virus Prevents Access to Antivirus Sites

What should I do?

Best Regards - Lasse

A:virus of sorts, preventing anti virus installation...

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 87.2

I have been getting redirected to fake anti-virus sites when using explorer and firefox keeps having an error and closing down on me. I used my malware and anti-virus programs to check for infections. I updated them manually and tried it again and they say there are no infections, however I still can't update my AVG or Avira from their interface.

Any help would be appreciated, I'm gone as far as I can with it on my own.
Thanks

A:Virus redirecting me and preventing from updating my anti-virus?

Have you used Malwarebytes? If so, please post a log. If not:In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on Click on Uncheck this checkbox:
Close/Exit Spybot Search and DestroyIf teatimer was already off proced with this nextPlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the ... Read more

Read other 1 answers
RELEVANCY SCORE 87.2

I have a particularly nasty bugger that has apparently found it's way into my recovery files. The only anti-virus I have been able to put on the computer is 2 years old and the virus won't let it update and as the title says I cannot access the anti-virus parts of any anti-virus website. Preemptive thanks you for any help you can provide.

HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:21 AM, on 7/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\WLTRYSVC.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\bcmwltry.exe
H:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
H:\WINDOWS\ehome\ehtray.exe
H:\WINDOWS\system32\WLTRAY.exe
C:\windows\ld12.exe
C:\windows\pp10.exe
H:\Program Files\Softwin\BitDefender10\bdmcon.exe
H:\Program Files\Softwin\BitDefender10\bdagent.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\HostsMan\hm.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\HiJackThis\HiJackThis.exe

O2 - BHO: H:\WINDOWS\system32\grffr83hn.dll - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} -... Read more

A:Virus Preventing Access to Anti-Virus websites

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 84

Hello. A similar problem was addressed on another post but it doesn't really answer my problem.

Yesterday, I started having trouble with my computer. It would either just have the wallpaper or it would display the icons and start menu bar intermittently (for about 3 seconds).

I tried a system restore, but it wouldn't do anything after I pressed the "next" button (on the page after I choose my restore date). It just remained on the same page.

After a couple hours of looking around, I was finally able to get the icons to stay (I beleive it was the explorer application in the task manager). But then, the icons started dissappearing again and other stuff tried to attack my computer (or so Comodo says).

My computer won't let me go on any anti-virus websites and it tried to stop me from adding "hijack-this" from a flash drive. It has, so far, prevented me from installing "malwarebytes anti-malware". I am forced to type this on a second computer.

Any help you can provide would be great appreciated. Thanks. I have included my hijack-this log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:27 PM, on 2/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svch... Read more

Read other answers
RELEVANCY SCORE 84

Greetings All,

I had an older version of McAfee Virus software (which I received from the army), their contract expired unbeknownst to me September 16th. When Comcast notified me that I could download free the McAfee virus software I jumped at it. However, my computer cannot access mcafee.com, symantec.com or it appears any other security site. It appears from reading other sites and yours that there could be a fix. Here is my hijack this log, I have Windows ME...I have Registry First Aid and Spyware Blaster. Any thoughts are appreciated.


Logfile of HijackThis v1.99.1
Scan saved at 10:34:35 PM, on 11/2/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\CABS\7510447\USB\WIN ME\PRELOAD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\IIEVTE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PR... Read more

A:Virus Preventing me from loading McAfee or any other virus software

Hi Todd, and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back to address your problem A.S.A.P.

Please Subscribe to this thread, (Thread Tools->Subscribe to this Thread) so that you are notified when a reply has been made.

Please be patient with me during this time.

Thanks,

RavenMind

Read other 2 answers
RELEVANCY SCORE 83.2

My computer is approximately 4 years old. I have never had a problem until now. I was trying to clean up my laptop from old and malicious files. I downloaded AVG Free 8.0 and Spyware Doctor. I was planning to download several other spyware, malware, and diagnostic software but realized that I could not update any of these programs. This was the case whether or not I used a wireless or direct ethernet connection. I am hypothesizing there might be some kind of trojan which is making it impossible for me to update, although I have never heard of this before. I decided that I would do a system restore to a point when I knew the cpu was working fine. This did not work. My computer will not let me do a system restore. It has dates set aside but when I hit NEXT to proceed with the restore nothing happens. Now, I feel that my only option is to reinstall my OS but I do not believe I have the disks anymore. In a nut shell my cpu is infected and making my life quite difficult. Here is the hijack report and general specs:

Dell Inspiron I9300 Intel Pentium Processor 2.13 GHz, 1 GB Ram, Windows XP Professional Version 2002 Service Pack 3.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:39 PM, on 1/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system3... Read more

A:System Restore/Anti-Virus Update Malfunction

Hello?
 

Read other 1 answers
RELEVANCY SCORE 83.2

Hello,I am posting regarding my parents computer (Dell Dim3000, 2.4 GHz, Win XP). I am not sure if I am posting this in the correct place as I am not sure it is caused by a virus/malware or just an application related problem so please forgive me in advance as I am new to this forum and as much as I use computers I am not any good at fixing them. Ok here is some background...comuter was working ok (slow that has been typical for quite a while) until my brother went to install an update(or upgrade?) for the McAfee Antivirus program. It was installing update while we were eating dinner but I am not sure if it ever finished b/c my other brother came home and used the computer before I can check on status, not sure if prompts to continue where on screen at that time or if it already finished running. Here are the symptoms since then:1. System Restore (window opens but is blank/white) I have also tried this in safe mode as well.2. When restart computer the Dell folder is open on desktop (why?, never did that in past)3. GMAIL will only open in html mode and not standard (and other internet pages (using IE8) are also just plain white background instead of color or image)4. Facebook will only open profile page but not main page (the" wall") 5. Yahoo mail will not open (blank page) but other yahoo apps will6. Can not open McAfee Virus program error says can not find mcshell.exe file This program was pre-installed when purchased so I do not believe we have the d... Read more

A:Cant run anti-virus or system restore Hijack posted

Another problem to add...none of my apps are working b/c it says I have to enable Java...I went to the internet options then the advanced tab and the box is already checked. I restarted the internet explorer still nothing and restarted the computer. Nothing again. This is also effecting some other programs that have anything animated. I am sure this is all related to what ever happened to cause what I originally wrote above. Can anyone please help? I see alot of views but no replys Thanks!===========Hello View count includes everyone that looks at the topic: guests, folks looking for a solution etc.While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected fi... Read more

Read other 3 answers
RELEVANCY SCORE 83.2

Hopefully I am doing this correctly and in the right forum. My significant other told me to use this site, so here goes: Yesterday when I went to reboot my computer, it would not shut down. After 15 minutes of trying to close programs I powered it off. When I turned it back on it ran a Chkdsk (?) and kept finding unreadable files (46 in all). By the time everything booted up it was moving so slow it would take upwards of 5 minutes for a program to open. I ran a system repair from a back up disk--no change. I ran a system restore back to August 5th-no change. My anti-virus software has been turned off and will not turn on so I can scan for a virus, but that seems the most obvious choice at this point from my limited perspective.
 
I run Win 7 64-bit OS. I can get to the internet (slowly) but I don't know if it will allow me to run any programs or download anything.
 
I need some serious help as soon as anyone can spare the time.
 
Thanks in advance.
 
Rustyn

A:Infected? System bogged down, anti-virus won't run, even after restore

Hello rustyn, I moved this from Win7 to Am I Infected.Can you run any of these. If needed use Safe Mode with Networking.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desk... Read more

Read other 12 answers
RELEVANCY SCORE 82.4

I only noticed this when I tried to update my Windows Live Messenger, and the Microsoft website wouldn't open on Safari or IE. I tried downloading new anti-virus software like Norton, but none of their sites would open either. I Googled a bit, and lo and behold, I'm not the only one to have this kind of problem. I saw a post on this website (although the thread had closed) that was strikingly similar, so I thought I'd ask for help too. So pleeeeeease, please help me! X3
I understand I need to post a HijackThis log, so here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:22:59, on 07/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDO... Read more

A:Anti-virus software won't scan, well-known anti-virus sites won't open.

It looks like the virus has got wise to THIS website too, because it no longer opens unless I use a proxy server. PLEASE help me, someone... I need to be able to use my internet banking without worrying that this stupid virus has got me keylogged or something! Please, please PLEASE help me.

~ Seras
 

Read other 2 answers
RELEVANCY SCORE 82.4

As of yesterday, my Inspiron 3520 with Windows 10 on it refuses to run certain apps and my Internet browsers because of some update or something. It was working fine earlier in the day, but for some reason it stopped working as of last night with anything I had used earlier in the day. I hadn't used it for a while before then due to some technical problems, so it was kind of being a pain and I did have to do hard shutdowns at times, but I doubt that caused this.
I've tried running System Restore to hopefully go back before this started earlier in the day, but it keeps saying an anti-virus program is preventing it. I have several programs installed, even if I shouldn't, I know. I've tried disabling them via Services in the Task Manager, but can't see/get them all and don't wish to uninstall any I don't think I can get back later. As well as the firewall, since that sometimes interferes, at least in my experience, I believe.
Does anyone know how I can turn off whatever Firewall/Virus programs are currently running to try to fix this issue with my browsers and apps by doing a successful System Restore? Again, in Windows 10. Since I called Dell and they couldn't help the way I wanted to, since it's been a while since I called last and got the Out of Warranty Help division.
And I keep getting error code 0x80070005 and it's saying an anti-virus program is probably blocking it from completing. Hopefully, this is where I can get some help on th... Read more

A:Help disabling all Anti-virus/Firewall programs on to run System Restore

It sounds like you have SEVERAL anti-virus programs installed.
You didn't specifically mention any name... but IF one of them is avast, open the user interface by clicking on the Avast ball in your system tray, click on the "gear" (SETTINGS) menu toward the upper right, select TROUBLESHOOTING on the left, UNcheck the box marked "Enable Avast self-defense module", and click on OK.
See if that helps.

Read other 3 answers
RELEVANCY SCORE 81.6

The computer I'm currently using has some vicious stuff going on.
It's removed my System Restore option and will not let me open any PC cleaners. What can I do to restore my computer?
I've tried to repair my System Restore by altering the "group policies" but it doesn't even exist there.
 
Before I did that I executed RKill, then tried to run Malwarebytes and MB wouldn't even load until I uninstalled it and installed an older version (A year old).
 
I then ran RKill, and successfully ran the older version of Malwarebytes.
Also, (**after running RKill before each attempt of each program**) I then tried to run CCleaner to no avail of even opening the program.
 
Then **RKILL, and an attempt at Adwcleaner; these all installed "appropriately" and Adwcleaner actually opened, but the second I hit "run" the program would entirely close and nothing would happen afterwards.
 
The only thing that I've installed that seems to be working is "SUPERAntiSpyware v. 6.0.1146", the only problem with this program is I've ran it three times and each time it picks up/removes something new. Every time!
 
And to round it all off I can't use System Restore, which was my last resort.
 
And I can't run any malicious item removers, I've been at this for hours, for a noob I feel like I'm making progress, but seeing as nothing is working still I'm at a total loss.
 
 
Side note; I couldn't get Malwarebytes to run with any Chameleons either. The only things that work... Read more

A:System Restore has disappeared, None of Anti-virus/wares programs will open:(

Welcome aboard
 
Can you post Superantispyware log?

Read other 7 answers
RELEVANCY SCORE 81.6

5 months ago the system was slowing and getting somewhat erratic. I did a Win XP SP2 System Restore w/o any problems. This time, again the system was slowing and a bit erratic. After the System restore and restart a window appears: "The Norton Anti-Virus AutoProtect Driver could not be loaded. Your system is not protected from viruses. Please restart your computer" .
Restarts produce the same window. The Norton icon in the bottom bar has a red X and says "Norton Anti-Virus AutoProtect Disabled". Clicking on "Enable AutoProtect" does nothing. I've tried the Norton automatic technical support for the 2004 Norton Anti-Virus. Went thru all the steps it takes me through: e.g., Went into Control Panel, Windows Firewall and exempted Norton, etc. But it tells me to get Live Updates. But The Norton AntiVirus window says everything is OK. Yet, clicking Live Update (as the automatic technical support directs) produces message:
"LU1814. Live Update could not retrieve the catalog file of available Symantec product and component updates. Please verify that you are able to connect to the internet and run Live Update again." Obviously I can connect to the internet but the problem remains. I did have problems w Juno after the System Restore: had to reinstall Juno, and continue to get some connection problems but I'm getting my email and am able to write this.
I've run out of ideas. Suggestions, please.
 

A:After XP SP2 System Restore, Norton Anti-virus Auto-Protect disabled

Read other 15 answers
RELEVANCY SCORE 81.6

Logfile of HijackThis v1.99.1
Scan saved at 2:20:52 PM, on 6/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\oodag.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\atmclk.exe
C:\WINNT\system32\dcomcfg.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1139798507\ee\AOLSoftware.e... Read more

A:System Popups directing to download anti-virus software

System Alert: Spyware Detected!

System has dected 4 active spyware applications that may cause your computer to crash and restart.... etc.

This is the alert that pops up in my tray with a triangle with an exclamation in it.

Just FYI.

When clicked, it directs me to pesttrap.com or many other anti-spyware sites. Obviously they are a hoax.

Read other 3 answers
RELEVANCY SCORE 80.4

Sup hoes, I'll jump right into it.Workstation at a clinic is infected with a piece of malware that disables antivirus as soon as it's accessed. So far I've tried to run AVG's scan and MalwareBytes' scan. Running malware bytes once after installing will start the scan and the search is stopped seconds after initializing, program is terminated. At this point then the program can not be opened. Attempting to open mbam.exe delivers error "Windows can not access the specified device, path or file. You may not have the appropriate permissions to access the item." Identical results if repeating this entire process in safe mode.Installing AVG; AVG Active Anti-Virus (the real-time scan) disables and can not be enabled. An attempt at a scan with AVG results in an immediate conclusion stating no threats were found (nothing scanned). Safe mode is similar, the AVG scan will run for about 15 seconds then just simply close.The only active process I found out of the ordinary was this entry: "3517402925:3534772270.exe" - 464K. Ending the process does not seem to have any effect; it remains there. It is an active process in Safe Mode as well. Found registry entry inLOCAL_MACHINE > System > Services > 2d4fa7d1 >name: imagepathdata: \systemroot\3517402925:3534772270.exeAlso appears inLOCAL_MACHINE > System > CurrentControlSet > Services > 2d4fa7d1LOCAL_MACHINE > System > ControlSet003 > Services > 2d... Read more

A:Malware preventing Anti-Virus from scanning

Hi Putrid, I know it looks like a lot, but it's really just a lot of text asking for only 4 scans. Once you've done these and posted the results in your next post, let me know how the computer is running.Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.========================================================================================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.========================================================================================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the update... Read more

Read other 3 answers
RELEVANCY SCORE 80

I have several issues. Not all issues happen on demand, or neither do they occur in series. I hope someone can help.
1. It all started (I think) when I found win32.netsky.Q couple of weeks back and thought I was successful in removing that. But now my PC has more issues than when I this win32.netsky.Q popup started.
2. IE or Firefox will not load properly; if I somehow get them to load they will freeze the PC.
3. Google search links are re-directed, especially if the search is related to antivirus or spyware etc. I can search for SpyBot or tech support guys and it will give me the search result page. But the any links in the search page tell me I have internet connection problem.
4. I was using Firefox and it did the same thing, except I think the search page would redirect to some other page. I have uninstalled Firefox since and can not try the search page to tell for sure.
5. AVG update fails. It states “Update failed. The connection with the update server failed.” I cannot go to www.avg.com. IE states, “Internet Explorer cannot display the webpage
Most likely causes:
· You are not connected to the Internet
· The website is encountering problems.
· There might be a typing error in the address.”
6. I can go other websites like yahoo and check news and stuff, as long as it is not related to finding the root cause of my problem.
7. SpyBot fails to start. I can see the program in my task manager but that’s it. I had tried to rename the file and was successful once to ... Read more

A:Anti virus, spyware, tech support sites blocked; System Restore failed

Read other 14 answers
RELEVANCY SCORE 79.2

Antivirus vanished! Can't install ANY new one!Can't access microsoft and any anti virus sites (thus i cannot download or scan my computer from there)I tried to install a copy of avast pro but the set- up immediately close after opening, i also noticed a lot of programs behaving like this just like the bandmaster game from e games and Grand Theft Auto Vice City( once i opened it, it immediately closes)Tried to install that in safe mode, but the computer does not start and reboots back into normal mode.This is the content of DDS logDDS (Ver_10-11-26.01) - NTFSx86 Run by neopc10 at 19:47:12.65 on Fri 11/26/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.353 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\KGB\Mpk.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exeC:\WINDOWS\PixArt\PAC7302\Monitor.exeC:\Program Files\... Read more

A:anti virus banished.can't install any anti virus programs, can't acces microsoft and anti virus sites!!!...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 2 answers
RELEVANCY SCORE 77.6

Operating System: Windows XP

I'm hoping that someone can help me! I am also getting three pop-up messages on my system. One is to download anti-virus software, another is a warning about the Blackworm virus, and the third is an Adult Friend Finder pop-up. My hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 5:05:45 PM, on 4/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Clarisys\Claritel-i750\Ipnappgw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\Charter High-Speed Security Suite... Read more

A:Solved: Blackworm virus, anti-virus software and Adult Friend Finder pop ups

Read other 9 answers
RELEVANCY SCORE 77.6

Hi. I am new here. I have had constant problems with my computer crashing for over two weeks. Also I have noticed that I haven't been able to update my anti virus software...both ad aware se personal and avg 7 free have not been able to update for some 16 days now.
I have run your recommended online scanners, pandasoftware, housecall, and macafee. I believe macafee discovered the WIN32.ATAK.B and NEW POLYWIN 32 viruses, but said it could not remove them.
something seems to be eating up my ram, simple rendering tasks cause my computer to crash now.

I have updated to windows sp1a. I am running windows xp pro. I would appreciate any help.

here is my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 18:47:14, on 19/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\sv... Read more

A:virus WIN32.ATAK.B, NEW POLYWIN 32 viruses, can't update anti-virus software

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
F3 - REG:win.ini: load=???
??? ???
?
? ?????
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1402.exe

Please remember to close all other windows, including browsers then click Fix checked.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer If it finds any malware, it may ask you to purchase the program, this is not necessary we will take care of the entries manually.
At the end of the scan click on see report. Then click Save report
Please post that log in your next reply.

In your next post please include:Panda Activescan Log
A new Hijackthis! Log

Read other 19 answers
RELEVANCY SCORE 77.6

I have a computer with Windows XP Pro SP3 running IE8 when I do google searches and click on the results I am redirected to a different page than what is shown in the result. I've run Malwarebytes and it did not find any viruses or malware, I restored the computer back to a date prior to when the redirects where happening, that did not work. Webroot says it is finding viruses but I can't quarentine or delete the viruses. Webroot listed the location of several viruses and when i checked that location nothing was there, several registry entries and temporary internet files. Unfortunately after I did the system restore webroot is not working properly so I can't post its logs below is the output of DDS. I also attached the attach.txt from DDS, I can't attach a GMER log because it is too large. If it needs to be emailed to someone please let me know.Thanks,Pete.DDS (Ver_11-03-05.01) - NTFSx86 Run by Pete at 8:19:12.42 on Tue 04/05/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2325 [GMT -7:00].AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}.============== Running Processes ===============.C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k nets... Read more

A:Infected with Google redirect virus and fake anti-virus software pop ups

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 77.2

Can't figure this one out. Have tried AVG, MBAM, NortonEraser, TDSSKiller, TrendMicro, nothing seems to be able to catch this thing. It redirects to various pay-per-click ad revenue sites, livesearchnow is fairly common but not exclusive. Any help finally pinning this sucker and annihilating it would be extremely appreciated.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by Dexter at 20:34:46 on 2013-01-13
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16383.13618 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe ... Read more

A:Browser Redirect Virus - not detected by anti-virus software

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 16 answers
RELEVANCY SCORE 77.2

Hello, and thank you in advance for your help.

I have been through the whole Preparation Guide and have the logs ready to post here.

I have a computer, running windows XP that has a virus or malware that disables or shuts down anti virus software or other programs. I had some trouble getting the GMER scan to complete since it would run for hours then shut down at some point. So after 3 attempts I saved the initial findings that load and have them here to post.

I have no idea what type of virus this is, so I need help determining what to do next.

I have attached the Attach.txt file (from the DDS scan) as well as the ark.txt file from the GMER scan.

Thanks,
DaddyOf3

DDS Log here:
DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 16:09:25.03 on Sun 12/26/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.139 [GMT -8:00]

AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\svchasts.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\... Read more

A:Virus or Malware that Disables Anti Virus Software and other programs

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for post... Read more

Read other 60 answers
RELEVANCY SCORE 77.2

cont'd from http://www.bleepingcomputer.com/forums/topic415205.html

Hi,

I am running Windows XP Home Edition SP3 on a Compaq Mini netbook and recently got infected with a trojan or a virus. I've been trying to clean it for a while with no luck. It used to asked me to buy a fake antivirus software, but it doesn't do it anymore. It may be the MSBlaster trojan.

When I try to open it in safe mode, it closes all the antivirus programs including hijackthis and malwarebytes.

I tried renaming malwarebytes and run it but did not work. It stats scanning and closes after 5 seconds.

Even in safe mode, there is a suspicious program in task manager named 472196741:2061097699.exe which I can not kill using task manager.

None of the network connections (including internet) do not work on the computer but I have another laptop to transfer files through a USB.

I was able to get the full DDA log, but the virus closed the GMER application once it was done scanning which makes me not able to get the GMER log.

Please help!

Thanks

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by User at 20:33:03 on 2011-08-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.486 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4F... Read more

A:trojan/virus closes all anti-virus software and mbam

I'd like to continue resolving this through spybot.com forums. Please close the thread. Thanks.

Read other 2 answers
RELEVANCY SCORE 77.2

My computer (running XP) has been claiming it needs windows updates lately (every day). It's not the same pop up anti virus trojan that was more common a few years ago. It's a legitimate Automatic update. However it never seems to update and it often restarts my computer with no option of me being able to cancel. I can only delay it for fifteen minutes. Seems to only happen in the morning AM period. Lately programs have been running funny and freezing up more than I ever noticed before. My Netflix stopped working and when I went to restart my computer it said it was trying to shut down a program called "XCP" which it could not. My computer hasn't been crashing or locking up it's just suddenly acting off and that new XCP program and the constant need for updates has me suspicious. Also my Norton 360 not working correctly. I haven't had any problems in a long time and I was hoping someone could help. I have been here once before (I lost my old password and e-mail I used) and it was a great experience. thanks.

A:Possible Virus. Anti virus software not functioning. Mysterious XCP file

I don't have a complete solution, just some thoughts that might help for now.
Whatever antivirus program you use, make sure it is always up to date. Some people purchase norton or mcaffee, or they get it with their computer purchase... then, the license runs out and they just use it without it being updated. I don't know if that's your situation at all but, figured it was worth mentioning.
IF you're ever stuck with an outdated AV program, there are free ones you can use instead.
If Norton is still licensed, see if you can run an update.

I'd also suggest Malwarebytes if you don't use that already. Download the free version, install it, update it, then run a scan. In most cases, a quick scan is sufficient. I'd start with that. If Norton has been running funny, chances are you will find something malwarebytes would like to remove for you.

Lastly... if this windows update is legit, and it's constantly doing this... I would guess that the update is failing ever time. What I'd suggest is making sure your AV is up to date, running malwarebytes, and then if that helps, do the windows update manually... You can poke around and see the update history and maybe you'll find the one that's failing.
sometimes updating manually will help you find updates you didn't even know were available and find the ones that might be causing trouble. Keeping windows up to date is important. Sometimes an update will make a big difference when ... Read more

Read other 4 answers
RELEVANCY SCORE 76.8

Hello, I was hoping someone here could help me.

My anti-virus expired quite a while ago and I stupidly didn't renew it. I have been trying for a while to install anti-virus software but they all crash during installation so I assume I have a virus which is stopping them. I've tried installing Norton, McAffee, Kaspersky and avast!. I've had to uninstall all of them because they all crash.

Most recently, downloading avast! crashed my computer and it wouldn't let me uninstall it (I tried for ages) so I had to do a system restore. I understand that ComboFix could help but obviously didn't want to run it because I wouldn't know what I was doing.

Other than that, my laptop mostly runs fine, although it seems to hate iTunes.

I am using Windows Vista Home Premium (32 bit operating system).

I'd be really grateful if someone could help me out!

Many thanks,

Rhys

A:I have a virus preventing me from installing antivirus software

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

Read other 6 answers
RELEVANCY SCORE 76.4

I feel like such an idiot. I tried to run a patch for a game that I got off of a dubious site and I'm fairly certain it infected my system (because the real patch was around 40 megs compared to the 500 KB one I executed).

My first clue that something was wrong was after rebooting my system, the game (Thief II) started taking an extremely long time to load up. I checked out windows task manager processes and noticed wintems.exe which is apparently a Trojan.
This infection seems to have disabled my Windows Security Center icons which always show up in my taskbar (firewall, etc..) I reactivated them, and they disappear again after rebooting!

I used to have AVG but recently deleted it. I tried to install it again and it won't let me (perpetually telling me to reboot and restart).

I tried Avira Personal Edition and it won't complete install either.

Finally, I tried F-Secure's online scanner after finding a user who had success with it following an infection which sounded VERY similar to mine. It started to scan, but then stopped and gave me the message "Unable to download necessary online scanner components".
Here is the link to that forum if it is of any use: http://forum.avira.com/thread.php?threadid=31068&sid=99489e6f594767255f7333b471f1fbdc
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:51 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Runni... Read more

A:Virus/Worm Won't Let Me Install Any Anti-Virus Software

Bump
 

Read other 2 answers
RELEVANCY SCORE 76.4

I'm sorry if I'm not posting this in the right place, I've never used a forum before because I never know how or where exactly but I'm desperate.

Two days ago my computer crashed and started up again with a bad wallpaper warning that I'm in danger, etc., then the pop-ups came and the fake scan and after restarting many times and trying to run Spybot in safemode to no avail, I got it to shut up for a while while I tried to find how to fix it, also to no avail. Now it periodically closes everything I'm working on and restarts my computer, I guess so it can restart itself because I've messed it up by closing it's b.exe and others.

It had locked me out of my registry and task manager; I did manage to find a tweak for that although I have to do it over and over because it keeps re-blocking me and telling me to contact my administrator and I don't have permission, blah blah blah.

I tried changing Spybot's name and it worked to let me open it and start the scan, but it only got so far before it terminated that too. Then I tried redownloading Spybot and scanning right from the start, downloading Malwarebytes and Counterspy and a few others and I get the same for all.

I would post my hijackthis log but well, I can't. Please help me, I beg you.
 

A:Killer virus killing all anti-virus software

Read other 16 answers
RELEVANCY SCORE 76.4

Out of nowhere I got the "blue screen of death" the other night. Wasn't even on the computer! But it was on, so obviously whatever was activated was maybe time released? Or came in through a back door--computer is always online through wifi. Anyway...

Symptoms:

- Search results in any web browser get redirected to gambling sites, porn, credit check sites, malware sites, etc. I CAN type in an URL and it'll work fine, but any link off Google, yahoo, webcrawler, etc, goes to bad sites. So I can't search the web to even figure this situation out.

- I can't open or run any of my anti virus software, including Spybot, Norton, AVG, Combofix, superantispyware, etc. I CAN run Hijack this, however.

- web browsers will NOT log onto any sites where I can download virus software,. For instance, i had to have a friend download Combofix and throw it on a flash drive. But still on my comp it won't load. BUT my browsers will register these sites as either 404s or a lost connection, which is obviously false.

- Recurring popups of a Win32 error. Constant clicking noise while online, as if it's trying to open a link somwhere.

- System Restore has been hijacked and is unusable. I get an error message saying my system administrator has disabled my authorization, and I need to contact them (it's personal PC, I'm the only admin).

- CANNOT BOOT TO SAFE MODE, it just freezes

- I CAN boot to Safe Mode with Networking

- Have to restart three - four times before com... Read more

A:virus won't let me run anti virus software, hijacks my browser

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

==========

It's likely that the infection may prevent our tools from running. The following tool will help running them.

If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 4 different versions. If one of them won't run then download and try to run the other one. You only need to get one of them to run, not all of them.

Vista and Win7 users need to right click and choose Run as Admin

http://download.bleepingcomputer.com/grinl... Read more

Read other 1 answers
RELEVANCY SCORE 76.4

I had posted this in the wrong place apparently. My original post was:I don't really know where to start. I'm also on another forum with this topic but at the moment I'm not being helped, and I'm desperate. A few months ago I started having various issues with my computer: strange processes running, re-directing, random fake error and warning messages and wallpaper changes... So, I tried running Spybot like I normally would, only for some reason, it wouldn't open. I tried downloading Malwarebytes which closed the moment it was finished downloading and was never to be found again. So, I tried downloading Avast. This was closed and erased before it could even finish downloading and if I try to download it again, it won't even start. This went on for several different programs whether I renamed them, ran them in safe mode, even including ComboFix and HijackThis so unfortunately, I won't be posting my log here. The only important piece of information I've gotten from the other forum is that my scecli.dll file is infected. Just from what I know, win.exe and b.exe could be of concern, but without any anti-virus I don't know what to do. The only things I have successfully been able to run are GMER, win32diag, and RootRepeal. If you'd like me to post one of these logs, let me know. PLEASE HELP! Thank you.I was then told to post my RootRepeal and Win32kDiag reports here, since I cannot run DDS or HJT, so here those are. I'll post them both seperately.ROOTREPEAL © AD, 2007-200... Read more

A:Unknown Virus Killing All Anti-Virus Software

Win32kDiag

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe

[1] 2004-10-14 13:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 17:29:47 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 13:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 13:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 13:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 13:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 14:46:40 654848 C:\... Read more

Read other 3 answers
RELEVANCY SCORE 76.4

Hi, I recently got a virus on my computer (which runs windows xp media centre edition sp3) I first noticed when BT Net Protect Plus (McAfee) wasn't opening on start up, and that old webpages were randomly opening. I also got an error saying i needed to reinstall something to do with SP3 and booting the computer because some file had gone missing (but my computer didnt come with a disc so i ignored it). Anyway, so I tried Malware bytes but the virus is blocking that too. So I tried to reboot in Safe Mode with networking and got the blue screen (I believe to do with the aforementioned random error I believe the virus caused), so I did the whole fixboot and fixmbr thing and tried again and still get the blue screen. So I've just been using normal mode.

The infection BLOCKS all different webpages such as the malwarebytes official site and the bleepingcomputerdownloads site, and so on. It won't block Cnet or FileHippo though, unless the download is sourced at a blocked site. It just says that Firefox cannot find the server, yet it works perfectly fine on my iPad. So I'm having to use a different computer, burn the software to a DVD RW and copy it over that way.

I initially asked for help on yahoo answers and the member, Casca Longinus, told me to use rkill, then TDSSKiller, and then after I restarted, run a full MBAM scan. Which i tried, and after two attempts, found 27 medium errors in TDSSKiller. When I told it to delete the threats, It told me to reboot my c... Read more

A:My computer Has a virus that is blocking my anti virus software

Hello and welcome to BleepingComputer!We Need to Diagnose Your BlueScreenWhen you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe ModeSelect "Disable Automatic Restart on System Failure", as shown here:
When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
Please post me the error(s).

Read other 1 answers
RELEVANCY SCORE 76.4

Hi there,
I have trend micro antivirus and it has been giving me a warning that says:

"Trend Micro Antivirus has detected a virus or spyware and performed a scan action (spyware names have the prefix "SPYW_").

Infected file: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP928\A0144062.exe"

I'm giving my computer away to my parents and would like to clean it out before I do so. Thanks in advanced.

DDS:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 17:51:53.82 on Mon 11/02/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2045.1103 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WTMKM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program ... Read more

A:anti virus software detected a virus or spyware

Hello and welcome to TSF.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log and a new GMER log as described in this topic. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three-five days this thread will be closed.

With Regards,
Extremeboy

Read other 16 answers