Over 1 million tech questions and answers.

Browser redirects, Windows Update blocked, slow to load Windows

Q: Browser redirects, Windows Update blocked, slow to load Windows

I am constantly having redirects and new tabs spontaneously open to spammy websites in both IE and Firefox. I cannot get to Windows Update, it either says it can't connect or takes me to a fake search engine page. Windows is very slow to load at start, and after working for a little while, I tend to get Generic Host Process for Win32 Services errors, after which my machine locks up.

Malwarebytes has not found anything. AVG says it finds 6 infections and fixes 3. The infections are in svchost.exe, iexplorer.exe, and explorer.exe, where it says that a Trojan horse Agent_r.XJ Object was removed from each.

I do have access to my Windows XP Install disk.

Thanks so much for your help,
coxpac30
=======================================================

.
DDS (Ver_11-05-19.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by mcox at 15:41:25 on 2011-05-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1605 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\mcox\Desktop\dds.com
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [spchecker] "c:\program files\avg\avg10\notification\SPCheckerTE.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_Plugin.exe -update plugin
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\mcox\startm~1\programs\startup\autoho~1.lnk - c:\documents and settings\mcox\application data\microsoft\installer\{c1673858-a2ed-4c3e-9004-755be906eab0}\2008icons.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{83cccbdc-3a56-4f3b-89df-69386c3b7d62}\IcoUltraMon.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: jocogov.org\ims
Trusted Zone: wycokck.org\www2
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302720362015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: itlnfw32 - itlnfw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mcox\application data\mozilla\firefox\profiles\u2h8cpr4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Leapforce - Search Engine Evaluator Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: EWOQ Rater Helper: {feee3d1c-da92-4c21-8665-2425de7f53b7} - %profile%\extensions\{feee3d1c-da92-4c21-8665-2425de7f53b7}
FF - Ext: XHTML Mobile Profile: {8ea9957e-2953-402f-80e0-bceb5f169d6f} - %profile%\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
FF - Ext: EWOQ Mobile Setup extension: {f035aa18-ee32-4e6e-81d2-57e32867f8a7} - %profile%\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}
FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-18 136176]
S2 Ias;Network Security;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2004-8-4 14336]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-18 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-6 38224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-05-25 20:30:34 53248 ----a-w- c:\windows\system32\Iasv32.dll
2011-05-25 20:30:30 34816 ----a-w- c:\windows\system32\itlnfw32.dll
2011-05-25 20:30:30 215552 ----a-w- c:\windows\system32\itlpfw32.dll
2011-05-20 14:24:29 -------- d-----w- c:\documents and settings\mcox\application data\whitesmoketoolbar
2011-05-09 17:01:57 -------- d-----w- c:\program files\whitesmoketoolbar
2011-05-07 14:32:20 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
2011-05-06 16:15:52 -------- d-----w- c:\program files\AVAST Software
2011-05-06 16:15:52 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-05-06 14:59:28 -------- d-----w- c:\windows\pss
2011-05-06 14:29:00 -------- d-----w- c:\documents and settings\mcox\application data\Malwarebytes
2011-05-06 14:28:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-06 14:28:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-06 14:28:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-06 14:28:52 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-06 14:13:31 -------- d-----w- c:\program files\MSXML 4.0
2011-05-04 15:40:25 -------- d-----w- c:\program files\AnswerWorks 4.0
2011-05-04 15:39:20 -------- d-----w- C:\Land Projects 2004
2011-05-04 15:39:19 -------- d-----w- c:\program files\Land Desktop 2004
2011-04-29 19:10:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-29 19:10:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-29 19:10:46 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-04-29 16:58:31 -------- d-----w- c:\documents and settings\mcox\local settings\application data\File Renamer Basic
2011-04-29 16:58:00 121229 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2011-04-29 16:57:57 -------- d-----w- c:\program files\File Renamer
.
==================== Find3M ====================
.
2011-04-15 02:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-13 18:43:26 0 ----a-w- c:\windows\ativpsrm.bin
2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-05 05:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 21:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
1997-07-22 00:30:54 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-23 08:00:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 1750 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 1750 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 1750 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600 Disk: ST3300622AS rev.3.AAH -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89B4331B
user & kernel MBR OK
.
============= FINISH: 15:48:14.95 ===============

RELEVANCY SCORE 200
Preferred Solution: Browser redirects, Windows Update blocked, slow to load Windows

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Browser redirects, Windows Update blocked, slow to load Windows

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

For AVG antivirus and anti-spyware security software users only.

Quote:




Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix. You will get a message from CF stating such.

If AVG will not uninstall, it is first recommended to uninstall it with this AppRemover by Opswat. The AVG uninstaller can be downloaded from here > AppRemover.exe Go to their homepage and you will see they have support for removal of other AV's as well AVG appremover tool.

Read other 15 answers
RELEVANCY SCORE 133.2

I recently installed Windows XP and all my programs on a new hard drive, as the old one would not boot. Last week I received a "Generic host process for Win32 services" error. My machine locked up, and I had to restart. Then I started having issues where Windows would not load or would take a very long time. I am able to start Windows in Safe Mode, but it takes much longer than it should.

Now sometimes when starting IE or Firefox or when surfing, new tabs are started on spammy webpages. Other times, IE or Firefox will not start. I also cannot go to the Windows Update site.

Neither Malwarebytes nor Avast find any instance of infection.

AVG says that it finds 6 infections and repairs 3. Just in case it would help, here is that part of the AVG log file:
(C:\WINDOWS\system32\svchost.exe (3440):\memory_001a0000 Trojan horse Agent_r.XJ
C:\WINDOWS\system32\svchost.exe (3440) Trojan horse Agent_r.XJ Object was removed.
C:\Program Files\Internet Explorer\iexplore.exe (2652):\memory_00260000 Trojan horse Agent_r.XJ
C:\Program Files\Internet Explorer\iexplore.exe (2652) Trojan horse Agent_r.XJ Object was removed.
C:\WINDOWS\explorer.exe (1484):\memory_001a0000 Trojan horse Agent_r.XJ
C:\WINDOWS\explorer.exe (1484) Trojan horse Agent_r.XJ Object was removed.)

Thanks for any help you can provide!
coxpac30

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:02:07 PM, on 5/9/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.1870... Read more

A:Windows Update blocked, browser redirects, slow to load Windows

Is there anyone out there that can help me, or can I provide any additional information?
 

Read other 1 answers
RELEVANCY SCORE 85.2

I have 2 problems which I believe to be unrelated but no virus scan or malware scans have detected any problems. The first started a while ago and my windows update will not connect to download updates. I believe something is blocking it. Also if I go to the microsoft website to download an update manually when I click to download I get a page cannot load error. So I think something is stopping me from updating my version of windows (Vista SP1).

The next issue just started recently and at first I suspected it was just one webpage and it was their issue. Whenever I'd go to the site it'd redirect to an ad, different each time. It would block all access to the site because it'd just redirect to an ad site. Then as randomly as it started, it will occasionally let me onto the site and then again start redirecting. I thought it was the site because it does this in every browser and also on my Mac in safari & firefox. If I try opening with NoScript running it just opens a blank page. Anyway I now believe it's not that site that's the problem because now another unrelated site is doing the same thing.

I tried doing everything listed in the "before you post" thread but RootRepeal will not run. It just freezes at the "Initializing" screen. I did a search and found one place where someone having that problem was told to rename it something else but when I did that I got "Could not load driver (0xc0000035)!".

Here is the stuff from runn... Read more

A:Browser redirect on some websites/Windows update blocked/MS website blocked/RootRepeal won't run

Hi demonscars,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.I see your system is infected.If you have not resolved the issue please post a fresh DDS.txt log. In case you have installed any new software please also post the Attach.txt.Since you have already run ComboFix also post the log it created.

Read other 53 answers
RELEVANCY SCORE 84.4

Problem: Windows update site is blocked, many microsoft support sites blocked or redirects, even this site was redirected when I tried to post the issue. (now I am using my own PC) Generic Windows process fails, causing disabling of network sharing with local computers. This is my daughters PC, she complains these issues have been present for many months. I have tried a number of things to clean this in last two days but no luck. I am hoping you can help.

Tried already:
- AVG 2011 finds no infections
- AVG PC Tuneup fixed 1700 registry errors
- HiJack this found and deleted a virus yesterday (I forget the name) but now shows nothing unusual, current log is available
- AVG history had many viruses deleted over past few months, I think this one is making the PC vulnerable
- AVG was uninstalled to allow for Combofix to be installed and executed, it deleted som files but did not fix the problem

DDS txt copied here

DDS (Ver_10-11-27.01) - NTFSx86
Run by Kyla at 18:22:02.28 on 30/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1526.873 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.ex... Read more

A:Windows update blocked, redirects, generic windows process fails, stuborn malware

Read other 11 answers
RELEVANCY SCORE 80

Hello,

I have been living with some issues for the last 6 months and need help to get the problem figured out. I believe I was infected by a virus of some sort on June 4 2010 that has stuck around despite NIS and Malwarebytes scans. Any help would be appreciated.

Symptoms:

Since the infection, I have not been able to automatically or manually update Windows via the Windows Automatic Update tool or by manually going to the Microsoft Update web page. Each time IE7 opens, I get error number : 0x80072EFF "The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem". I can get onto the internet to any other site. It is just the windows update site that seems blocked.

I have a svchost process that grows with time until it is using 500+MB of my memory and usually ends up pegging the CPU to 99-100%. I have viewed the process using Process Explorer and note that the thread start address that peg the CPU are ntll.dll!RtAllocateHeap+0x18c. If I kill those threads, I am able to work on the computer for a little more time, until the threads peg the system CPU again. But, the memory usage is concerning me as I need to utilize that memory for my work, and I get programs failing because of memory allocation errors, which I attribute to this svchost issue.

I will periodically get redirected to other sites while surfing. This happens sporadically. It may be a day or two betwe... Read more

A:Windows update blocked, svchost memory/cpu leak and web page redirects

Hi,
That's not good that you let this issue persist for six months. There's some things you should try here. For one, download DR. Web CureIt. Do a google search for that and it should pop up. It's probably better if you run it in safe mode. post back the log when it finishes. note that this scan will take a long time. Make sure that when presented with options, you select cure and then move incurable. After that, look for Kaspersky's free virus removal tool 2010 and run that. That should find some stuff if anything will. kaspersky has very strong find and removal capabilities. Finally, run an online scan with Eset online scanner. You can find it at eset.com/onlinescan. Post back the three logs in your next reply. Hope this helps.

Good luck,
Chromebuster

Read other 11 answers
RELEVANCY SCORE 78

Hello,

I'm trying to fix an infected PC for one of my work colleagues. The PC is running Windows XP Home SP3 and has a working version of McAfee Security Center. There are 3 active user accounts on the machine.

They brought me the computer at the end of June complaining that McAfee was reporting a problem and the browser (IE) was re-directing to random websites. Through a combination of rkill, Malwarebytes, CCleaner etc. I was able to return the machine to what I thought was working order, it seemed that the website re-direction was caused by an infected Google toolbar.

Unfortunately the machine is back again and I have taken another look at it. Malwarebytes reports the machine is clean, I think have removed all suspicious startup entries and McAfee reports it is ok.

Typing a web address directly into IE works except for the Windows Update website which posts an "Internet Explorer cannot display the webpage" message with the standard "Diagnose connection problems" button.

If you search from the Google website the search links work however if you use the built-in IE search (which is using Google) clicking the links takes you to random websites.

So it looks like I never got rid of the problem in the first place. Some help would be appreciated.

Thanks

Nick

Read other answers
RELEVANCY SCORE 78

Let me start by saying that I am trying to get this fixed (Windows XP SP3) for a friend of mine. She brought me the computer saying she couldn't get on the internet... After my Ccleaner, Avast, Malwarebytes, etc. It had removed 250+ trojans, spywares, virus, etc....

Everything appears to be doing better, but IE takes a long time to open up and when it does anything you search and click on in Google redirects you to unrelated pages and if you try going to Windows Update it appears to be blocked.

I could not include the GMER scan file as it locks up on a file SYSTEM\WPA\Starter...

DDS (Ver_10-12-12.02) - NTFSx86
Run by Elaina Steely at 12:01:00.81 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Elaina Steely\Desktop\dds.scr
C:\WINDOWS... Read more

A:Browser Redirect and Windows Update Blocked

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 78

I had been infected with the AVE.exe virus, and finally got it off of my system though it kept reviving itself in my config/systemprofile/appdata/local folder. But then I started getting the browser redirects and just whole new windows opening on their own. The last redirect Avast caught this morning & identified in the Webshield log as [L] JS:Prontexi-AM [Trj]. I switched over to Avast yesterday after deciding that AVG just wasn't cutting it anymore. It seems to be working a little better at least.I'm also not able to connect to Windows Update. When I do it through Windows, it will *sometimes* detect new updates, but mostly pops up an error 80072EFE, which comes up with 0 results on a search. That error comes up when trying to download/install when it does detect new updates. Clicking a link to Windows Update on Google refreshes the search page with "webhp?ei=-k66S_OHBqGOMuShzLQE" added after the .com/The actual website "http://windowsupdate.microsoft.com/" shows an "IE cannot display the webpage". Just opened the update through windows again & it is showing that there have never been checks or updates, which is incorrect as I was able to get a few updates here and there over the last few days. Defender would not update no matter what, but when I downloaded the file directly from the MS Defender page, it installed fine. The same with the Malicious Software removal tool.I have to upload my scans through my daughter's l... Read more

A:Browser redirect / Windows Update blocked

Hello Taren421 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Run RKill right before you run ComboFix.RKill by GrinlerLink #1Link #2Link #3Link #4Download Link #1.Save it to your Desktop.Double click the RKill desktop icon.If you are using Vista please right click and run as Admin!A black screen will briefly flash indicating a successful ru... Read more

Read other 63 answers
RELEVANCY SCORE 76.4

Hello,

First I want to thank you for your assistance. It's greatly appreciated

My brother just gave me his computer because it's having some problems running and he believes it has a virus. The symptoms are numerous and random pop-up's, browser re-directs, and what he believes are not legit flash updates. He unfortunately did not have anti-virus software on the computer or back-up his data...

I went through the computer's running programs and installed programs and did not see anything too unusual. I also ran trendmicro's house call and spybot without finding anything.

I noticed that he had not updated windows (windows 7 64-bit home premium) in a while. I tried to perform the update and got the error message "Windows update cannot currently check for updates, because the service is not running. You may need to restart your computer." Obviously a restart did not fix the problem. I then noticed that windows defender was not enable and tried to enable that but got the error message "The specified service does not exist as an installed service (error code: 0x80070424)"

I went to services.msc and did not even see windows defender listed. I haven't seen this problem before so didn't know where to go from there. Again, your help is appreciated.

Oh also, I have a window's 7 cd from another computer (obviously a different key on the bottom of this one) but am not sure if it will work, but I believe it should (both same 64 bit version of windows). ... Read more

A:Browser redirects and cannot update windows - help pls

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please download aswMBR.exe to your desktop. Double-click aswMBR.exe to run it.
When prompted to download the latest Avast! virus definitions, please choose Yes
Click the Scan button to start scan.
... Read more

Read other 18 answers
RELEVANCY SCORE 76.4

windows xp pro, internet explorer, got something that has caused my browser to block me from ANY antivirus site like panda or trend micro, etc, also windows update site and page. This site is evenblocked, any place I try to go for help is blocked. I'm on a laptop so I could get on here for help. I had a copy of hijackthis on my pc so I ran it, heres what it said if I need it yet.
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:37 PM, on 09/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Windows Defender\MSASCui... Read more

A:browser hijacked antivirus sites and windows update blocked

this is so screwy I can go to googles site but can only go to a few other sites, I can get to a couple local town forums but cant get to any help forms for virus help like this one. if I could figure out how to get to trend micro or panda I would try a online scan. its like it knows every site that offers virus help. scary really. please help guys.
 

Read other 2 answers
RELEVANCY SCORE 76

PC was infected with a rogue antivirus software called 'System Tool 2011'. Followed instruction from MalwareBytes website to remove the program. Seems to be gone, bu the system is running slow, cannot reach Windows Updates (blocked), and the browser is redirecting web searches.
DDS (Ver_10-12-12.02) - NTFSx86
Run by DDorman at 13:05:43.90 on Mon 01/03/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1291 [GMT -5:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server�... Read more

A:Windows Updates blocked, computer slow, browser redirecting

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 76

Hello. This site has helped me many times to remove malware, but this is my first time posting for help. Running windows XP SP3. Explorer pops up an extra window on startup and randomly with random sites (adsonar comes up alot), they often have a large yellow congratulations banner on top. Google links all redirect elsewhere. Yahoo causes intermitent redirects. I ended up with the Antivirus Soft from one of the redirects.Also noticed I cannot access windows update whatsoever , the pages will not load, I get a page reset errorInstalled IE8, on startup it warns me that a program is trying to change my default search engine. Redirects persist.I installed Mozilla Firefox, and the xtra window pop ups and google redirects are happening with it as well.Ran Defogger, DDS and GMER..................DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 23:48:24.84 on Wed 05/26/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.652 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\CA\ETRUST~1\realmon.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\igfxtray.exeC:\Pro... Read more

A:Google redirects / windows update page wont load

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 14 answers
RELEVANCY SCORE 75.6

Hello,

I'm a system admin and I have an employees work computer that has a search page redirect. Also, they are unable to go to windows update and it looks like this may have been for some time. I've dealt with a lot of rootkits before similar to this but I have always been able to clean them up(thanks to your site and admins posts). However, in this case, I can't seem to get rid of it. I have run rootrepeal, McAfee Root detective(we also use McAfee Enterprise) and rootreveal, spybot, combofix, Ad-Aware, HJT, MBAM, mbr, TDLfix, GMER, new MVPS host file and more. Most attempts were based on the directions of what was posted by admins here. All the data was backed up, so losing everything and reinstalling would not be a problem. However, I prefer to learn by doing and I want to know how to handle this one going forward. Also, another computer seems to have the same symptoms and reformatting THAT one is an absolute last resort. OK, enough small talk, here we go.

The computer runs XP Professional with SP3 and IE 7. It also had Opera but I uninstalled that and other programs not needed. At work, we use an Oracle Forms app that limits our browser and java choices due to compatability. For example, IE8 and Java 6.20 do not work so we need to use lesser versions like IE7. The ComboFix did ran fine and said it needed to reboot after rootkit activity. The log said that PCIIDE.SYS was infected and cleaned. However, after rebooting the redirects remained. I also ran Combofi... Read more

A:Browser search redirects and can't use Windows Update

Hello and welcome. I feel it would be best to get a deeper look and have our Malware Removal Team ID the problem.Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Include your ComboFix log.Let me know if that went well.

Read other 1 answers
RELEVANCY SCORE 75.6

Hello,

I'm doing some work on a friend's computer. I'm getting browser redirects when going to security related sites (Kapersky.com, mcafee.com) and I'm also unable to download updates for windows. This (from what I can see) has been happening since August. I know, I know. She just feels bad asking me for help? Lame excuse, I know, but what can you do? Anyways. I've run several scans with AVG 2011 free, spybot search and destroy and ccleaner. Removed a few things, but problems persist. I've followed the documentation on what to do and here are my logs!

No problems running DDS. Here is the contents of the dds.txt file. Attach.txt is ... um... attached. The GMER log is also attached.
 Attach.txt   10.93KB
  2 downloads
 gmer.log   21.95KB
  1 downloads

Thank you so much! Look forward to hearing your reply!

Jeremy

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dawn at 20:57:51.01 on Wed 03/30/2011
Internet Explorer: 9.0.8112.16421
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.694 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\winini... Read more

A:Browser redirects/unable to run windows update

HiPlease do the following:Download Combofix from either of the links below. You must rename it to iexplore before saving it. Save it to your desktop. Change the save as file type to "all files"**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tabSet to "Always ask me where to Save the files". Link 1 Link 2-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------
NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.

-----------------------------------------------------------Double click on the renamed ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.----... Read more

Read other 10 answers
RELEVANCY SCORE 75.6

Hi, I'm using Windows XP Pro SP3. I keep getting redirects to spam sites when clicking on Google search results. Also I can't access http://windowsupdate.microsoft.com/, even though it works fine on my other computers. It seems any browser query involving "windowsupdate" results in "Problem loading page" in Firefox. Also I can't view the C: drive in Device Manager.

DDS:

DDS (Ver_10-03-17.01) - NTFSx86
Run by test at 18:31:43.84 on Fri 08/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1333 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\... Read more

A:Browser redirects, windows update fails

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it sh... Read more

Read other 10 answers
RELEVANCY SCORE 75.6

My wife's computer seems to have developed a Virus/malware problem even though we are running McAfee. I started out as just browser redirects, but has progressed and she tried STOPZilla! which seemed to make things worse (I was out of town and this is her work from home computer). Now McAfee seems corrupt - will not open all the way, Internet Explorer is corrupt, and every time I do anything to try and fix it, it will not connect to the Internet anymore. I have finally thrown up my hands, loaded Firefox and decided to ask for help as I am not getting anywhere. I am posting the HiJack This log that I ran moments ago. Please respond with further troubleshooting steps. Thank you in advance for any help you can provide!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:28:31 PM, on 5/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program File... Read more

A:Help - Browser Redirects and Windows Update not opening

Read other 13 answers
RELEVANCY SCORE 74.8

So I noticed my computer was having some redirect issues using Firefox and searching through google. I am running windows xp service pack 3.

I then attempted to use Microsoft Security Essentials which disappeared when i tried to mouse over the tray icon. I tried to restart MS security essentials, once it opens up it is in red status:PC at risk. If i click on start now it gives me the error "Couldn't start the security essentials service. error code 0x80070424"

I then used malwarebytes and it found trojan.happili, supposedly quarantined but I found it later on while in safemode using malwarebytes again.

I also ran HitmanPro which found a sirefec.fc, hitmanpro claims to have removed it.

I have used the microsoft support to restart the windows update, from this link (http://support.microsoft.com/kb/971058) the windows fixit to reset it will not run, so there is no windows update listed still in services.msc

If i try to go update.microsoft.com I am redirected to http://support.microsoft.com/kb/2497281 and cannot update.

In addition if i try to click on windows firewall from the control panel it says "Due to an unidentified problem, windows cannot display Windows Firewall settings." and does not run.

My attempts at fixing this are not working and any help would be appreciated.

A:Windows update, MS security essentials, and possible browser redirects

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459955 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 20 answers
RELEVANCY SCORE 74.8

Well, I'm getting redirected to all sorts of garbage urls (google-analytics.com??) in both Firefox and IE and some sites won't load altogether anymore (windows update site, some forums). I'm not sure how this computer was infected. It is an XP pro machine running sp2.

I ran the CD Emu disabler, dds and gmer. Logs below:

DDS.TXT:

DDS (Ver_10-10-10.03) - NTFSx86
Run by PatrickP at 12:02:08.75 on Tue 10/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2542.1878 [GMT -7:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {F11AB54F-428D-4548-BEAA-C0A658E6440F}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.UTSSQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k ... Read more

A:Win XP pro work computer has browser redirect worm/virus (name??), windows update blocked

This is my first time asking for help here, please let me know if I'm doing anything wrong or need to do anything additional.===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, ... Read more

Read other 37 answers
RELEVANCY SCORE 74

Visiting my sister's house for Easter, I thought I'd do some routine maintenance on her PC (running WinXP Pro SP3, 32-bit). Automatic Windows Updates were not enabled, so I went to the Windows Update site and after 2 or 3 cycles (including at least one reboot), had all the applicable patches installed. After all patches were installed, I turned on Automatic Windows Updates. Finally, I tried to go to the Microsoft Security Essentials site to install that, but got redirected to some off-brand search site.Uh oh!Tried to Google MSE and open various links from www.microsoft.com, but all were redirected.Downloaded MalwareBytes on a 2nd, uninfected computer, carried that to the infected machine and tried to install it. Got the classic "What program do you want to use to open this file with?" problem. Searched Google on the uninfected machine, found a registry edit to solve the "can't launch .exe files" problem, and successfully ran MalwareBytes. It found some problems, I asked it to repair them, and crossed my fingers that everything would be okay.Unfortunately, it's not. I have noticed the following problems so far:Firefox is still being redirected.IE doesn't seem to be getting redirected, but the Windows Update site does not respond correctly. It asks if I want to turn on Automatic Windows Updates, even though if I go to Control Panel > System > Austomatic Updates, "Automatic" is checked.When I go to the Windows U... Read more

A:Malware remnants--browser redirects and Windows Update funnies

After digging some more this morning, I realized the problem was the TDSS rootkit, and MalwareBytes had not completely cured it. Following the advice in the "Browser Hijacked" thread on this forum, I ran the Kaspersky TDSS removal tool, which identified the TDSS infection and cured it. That solved the browser redirect issues.I still had the problem with the MS Update not working properly, and the disconnect between various bits of Windows thinking I had not enabled Automatic Updates when I had. Via some Google searching, I found a suggestion to re-register the wuaueng.dll (Start>Run "regsvr32 wuaueng.dll"). After doing this, visiting the Windows Update site gets me the Microsoft Update service, and it also correctly reports that Automatic Updates are enabled.My sister's computer appears to be back in business. I'm now running deep scans using MalwareBytes and MS Security Essentials to get some confidence that it's okay.Jim

Read other 1 answers
RELEVANCY SCORE 73.6

Referred from here: http://www.bleepingcomputer.com/forums/t/275726/computer-running-slow-browser-is-hijacked-redirects-or-opens-new-windows/ ~ OBMy computer running very slow and my browser is hijacked, redirects or opens new windows in IE 7, Google Chrome and Firefox. I have ran several malware removal programs including Spybot, Malwarebytes' Anti-Malware and SUPERAntiSpyware Free Edition. They usually find stuff, but I think whatever it is reinstalls itself or it isn't being detected. Please let me know what my first step should be in detecting the issue and solving this! Thank you!!! I tried running RootRepeal with no success. It says "intitalizing, please wait" and never does anything. I even tried doing it in safe mode. It kept telling me that I don't have enough virtual memory to run the application. I downloaded Rkill and ran it. Then I tried the RootRepeal again. A system information box comes up and says that I do not have enough virtual memory and it is attempting to shut down unneeded processes to run RootRepeal. I waited about an hour and it still locked up the computer.My computer is running on 512 MB RAM and an AMD Athlon XP 2400+ 2.00 GHz. I have an A-Bit NF7-S motherboard and am running on Windows XP Professional. I'm gonna pick up some more RAM, which I had planned on doing anyways, and see if I can run it after that. Win32kDiag:Running from: C:\Documents and Settings\Micah\Desktop\Win32kDiag.exeLog file at : C:\Documents and Settings\Micah\Desktop\Win32kDia... Read more

A:Computer Slow, browser is hijacked, redirects or opens new windows

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 9 answers
RELEVANCY SCORE 73.6

Recently formatted/installed Windows 7 (2 weeks ago). Brother used computer and must have visited a sketchy site. Yesterday I started to notice the internet get very very slow randomly and some redirects in my browser (Firefox). Today when I came home, the computer had restarted and recovered from an unexpected Windows error but I couldn't copy the error code. When I ran GMER, the log that is produced is empty. The rest of the logs are as follows...

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:29:37 PM, on 12/16/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\ProgramData\TVersity\Media Server\web\admin\TVersity.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\My Stuff\Software\RealTemp\RealTemp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Nick\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Sea... Read more

A:Browser redirects/slow internet/windows unexpected errors

TTT...anyone help me out?
 

Read other 1 answers
RELEVANCY SCORE 73.2

Hello, looks like my home computer has a rootkit, perhaps. Last weekend we had Antivirus Action hijacking the computer. I found some instructios to remove it, ran CCleaner, and installed Adaware. Things seems ok, but took a turn for the worse. Whole system slowed down to a crawl and get brower redirects saying system is infected, click Ok to scan, etc. Also getting pop ups about svchost application error.

Below is the DDS log, and I attached attach.txt. But I can't upload the ark.txt, it said it was too big. It is 513kb in size, so I made it a .zip file. Hope this works.
DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by HP_Administrator at 10:20:45.56 on Sat 12/18/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.671 [GMT -6:00]

AV: Ad-Aware Total Security *Enabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: Ad-Aware Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents ... Read more

A:running very slow, browser redirects, AV cannot update

Hello klklkl , Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the ... Read more

Read other 7 answers
RELEVANCY SCORE 73.2

I have a PC with windows 7 64bit installed and a pair of SSDs striped as the primary drive. Windows threw a wobbly the other day and said it couldn't load and it appeared to be linked to the RAID array somehow. It started working but ever since some programmes have had issues. The majority have been fixed with a reinstall of the software with error.

I still have one really annoying issue. Both IE9 and FireFox9 take an age to start. IE Loads up a browser but is unresponsive for a good 30 secs and Firefox doesn't even display a browser window for nearly a minute. Once a browser is open I can open a second window instantaneously. However, close all browser windows and it takes an age to re-open.

I have uninstalled Firefox, Norton Security, Java, Flash etc... and reinstalled them all but to no avail. I have also run a clean reboot disabling all non MS Services and startup applications. I have also run ccleaner and wiped everythings history, cache etc...

Any suggestions greatly appreciated

Andrew

A:IE9 and FF9 both very slow to load browser windows

Hi Andrew, Welcome to Seven Forums.

IE on my pc's is slightly faster in opening than FF (default) on which I use very little addons.

Read other 7 answers
RELEVANCY SCORE 73.2

I'm trying to fix my sister's laptop which was obviously infected with a ton of stuff. First, I ran SuperAntiSpyware; it found and deleted 81 threats. Then I ran MBAM and it found 9-10 threats. I ran HJTthis a few times and it found and fixed 5-6 threats. Finally, I ran SpybotSD from a thumb drive and it found a couple things. I also installed Windows Essentials. Symptoms:- on bootup, sometimes it tries to check the disk, then cancels itself- Windows Help and Support starts as soon as the desktop shows. When I click the X, it closes and immediately pops back up.- IE doesn't work at all.- I installed Firefox. It worked fine at first, then randomly started redirecting me when I tried to click results on Google- I tried to run spybot installer to install the program on the computer, but it failed when it started unpacking.- I tried to run Windows update but it would start to download, then fail- when I tried to run Gmer as directed in your instructions, it caused the following: + message that said taskmgr.exe was corrupt, please run chkdsk + message that said gmer.exe was corrupt, please run chkdsk + logonscreensaver stopped responding, and screen went whiteDDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 16:18:17.62 on Fri 05/28/2010Internet Explorer: 7.0.6000.17037Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1013.264 [GMT -4:00]AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861F... Read more

A:Windows Help and Support won't turn off/random browser redirects/Spybot SD installation failure/Windows Update failure

Please close this post as the problem is now fixed. I appreciate the service your forum provides. Thanks.

Read other 2 answers
RELEVANCY SCORE 73.2

Hi all,

I have a Dell Vostro laptop, XP with SP3. Started acting strange a few weeks back. I dont recall installing any software or other changes prior to this time. While connected to WiFi and surfing, after a few minutes the WiFi config window would open and state that Windows could not config the WiFi and to start Windows ZeroConfig. Along with this problem, Firefox would get re-directed to all sorts of odd places, even if no button was being clicked. Disable/Re-enable the radio had to be done via System Manager and rarely got things working. A reboot is usually required to get the WiFi working again. Sometimes the reboot does not complete and all I get on my screen is my wallpaper with no icons.

The laptop is running Spybot, SpywareBlaster, Ad-Aware, AVG, and Symantec Endpoint Protection. I updated all these to the latest rev and ran full scans, one at a time. A few trojans were found by Spybot. AVG found nothing during the scan but reported another trojan while Ad-Aware was running. Ad-Aware found cookies and one trojan. Tools each reported that what they found was successfully removed/quarantined.

I tried to update Windows by going to the Windows Update Site using the link in IE6: Tools->Windows Update. The link gives the error: "The page cannot be displayed" with "Cannot find server" in the window title bar. I can get to the Microsoft main page @ www.microsoft.com. I went to Security & Updates link to Windows Update. From there I ca... Read more

Read other answers
RELEVANCY SCORE 72.8

This is my first post, thanks your anyone's help in advance.

My computer running very slow and my browser is hijacked, redirects or opens new windows in IE 7, Google Chrome and Firefox. I have ran several malware removal programs including Spybot, Malwarebytes' Anti-Malware and SUPERAntiSpyware Free Edition. They usually find stuff, but I think whatever it is reinstalls itself or it isn't being detected. Please let me know what my first step should be in detecting the issue and solving this! Thank you!!!

A:Computer Running Slow, browser is hijacked, redirects or opens new windows

Welcome to BCWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.=====================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) ... Read more

Read other 6 answers
RELEVANCY SCORE 72.4

Wouldn't even let me post a message to this forum.


Testing again!

A:Windows update won't load, windows running slow NEED HELP.....PLEASE!

Why can't I post anything other than simple stuff????????

Read other 19 answers
RELEVANCY SCORE 72.4

I am having the following problems:Internet redirects to bogus pages from various links including google searches.slow performance, freezing screens annoying underlined texts that when curser goes over tries to take me to non related advertisements. the word vibrant shows up in these advertisementsi cannot access ony of the windows update pages to get security updates. Antivirus software behving strange in terms of notifications and displaysantivir solutions pro popped up and really give me a hard time, used system restore from safe mode to retsotre to previous date.followed all instructions so far from your preparation guide, all logs attached.GregDDS (Ver_10-03-17.01) - NTFSx86 Run by greg at 10:09:52.96 on Sun 07/18/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.502 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\DOWNLO~1\MyWebEx\319\atnthost.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\dlcxcoms.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS&#... Read more

A:unknown virus attacks, windows update inaccessable, unauthoriized browser redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

Read other 15 answers
RELEVANCY SCORE 72

Recently I discovered that windows update on my computer doesn't work anymore. When I tried to access Windows Update page , all I got is: "This webpage is not available." in google chrome. In Internet Explorer when I try the windows update link, the browser keeps closing and restarting with no success. If trying to google about this problem concerning windows update issues I also get the browser closing and restarting. Also no succes in Mozzila Firefox nor in Apple Safari. I tried all browsers with no success: windows update page is not working ( Internet Explorer cannot display the webpage), neither is it possible to update form Windows, I just can't get updates to work no matter I do.

When I tried to run Combofix to see the results, the computer freezes and I need to shutdown and restart.
I scanned my computer with Malwarebytes' Anti-Malware and I didn't get any objects infected.
What advice can you give me?
Thanks in advance.

PS: also on this page in this post when I tried to paste the windows update adress(link) I could not post, I get "This webpage is not available." in chrome.
In Safari: Safari can’t open the page “http://www.bleepingcomputer.com/forums/index.php?”. The error is: “unknown error” (kCFErrorDomainWinSock:10052)
And it is only because I pasted the adress of windows update site I could not post it no matter what browser I use.

A:Windows Update page doesn't load in any browser

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:04:08 AM, on 12/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files�... Read more

Read other 3 answers
RELEVANCY SCORE 72

A couple of concerns that I have are: unable to update windows... "The page cannot be displayed because server it resides on does not respond", uninstalled Spybot and tried to reinstall without success and received ..."Error sending request. The server name or address could not be resolved", Adaware will not update also..."connection error Check your settings errorcode: -1. Malwarebyte's anti-malware will also not update.

Google search on internet explorer will redirect to another site when selected.

HJT log follows...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:43 AM, on 4/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcpr... Read more

A:spybot blocked, windows redirect, windows and adaware update blocked

Read other 16 answers
RELEVANCY SCORE 71.6

First of all, I'd like to apologize. I jumped the gun and ran ComboFix once my computer started exploding, several times until the thing ran properly, after my usual antivirus program failed to reboot properly to remove the trojans it had detected. I've since run everything requested, but did so afterwards. This is also a fairly old machine, but I've had no insurmountable problems with viruses etc, up to this point. I have no idea what triggered it, and I absolutely cannot afford to do without right now, so any assistance would be sincerely welcomed. Oh, and this is a legitimate version of Windows XP Home Edition, and I have access to the serial key but not the CD. I purchased the computer with the operating system pre-installed and never had the CD, and despite how spurious that sounds it has passed windows verification at every step.I'm not sure what additional information you require, please just ask if I'm missing anything.Two successful ComboFix logs are also attached. log.txt comes before COMBOFIX.txt, chronologically. GMER log will be edited in, I have not yet managed to pull a successful run off of it and cannot run it in safe mode. GMER log is now attached.EDIT: To explain further, there now seems to be something wrong with an svchost.exe process. When left on in normal mode, it will gradually consume all memory and not allow me to open anything or even properly shut down, and eventually crash with a typical XP error report box thing. GMER was not... Read more

A:Connection reset on windows update, browser redirects/new tabs, and apparent rootkit infection.

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachme... Read more

Read other 26 answers
RELEVANCY SCORE 71.2

Does anyone know how to fix the loading problem? Which is where it will get stuck at 100% and act as if it is still loading.

Read other answers
RELEVANCY SCORE 70

Hello
 
I have windows 7 running on a HP Pavilion dm4 laptop.  Lately windows is very slow to start -close to 5 minutes just to get to the log in screen.  Also, the updates will not install.  I am getting various error messages and when I try to look them up I get general information.  
 
I have done a disk cleanup, defragged and removed some unneeded programs.  I am going to do the Security Tango also.  
 
What should I try next?
 
Ann

A:Windows is extremely slow to load and won't update

Welcome Ann,
If your self help attempts don't clear the problem [I suspect that they may not]. Or if you can't download, install, update and run any of the scanners please quit trying by yourself and go to the Am I Infected forum and get expert assistance.
Continuing to try different things without a plan can make things worse.
 
Dick

Read other 51 answers
RELEVANCY SCORE 69.6

My computer has been running super slow. Also, when I"m browsing the Internet, more than 75% of my pictures won't open up. As a matter of fact, only six of the smilies show up on the side of this message window that I'm posting. I ran CWShredder, and it came up clean. I updated Adaware and it found some things, which I promptly deleted. So I ran hijack this. Below is the log. Please please please help me. I love my computer and I can't get it going like it used to and I don't want to have to reformat it. I have A LOT of files I need to save. Please help!

Logfile of HijackThis v1.98.2
Scan saved at 7:33:35 PM, on 7/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\ScreenPrint32... Read more

A:Windows XP Problem! Super slow system...not all pictures load on my Internet Browser

You have an outdated version of HJT. Please Download the newest version of HiJackThis . Delete the outdated one and use this newer one to Create a New Topic and include a fresh HJT log in the HiJackThisLog Help Forum

Read other 2 answers
RELEVANCY SCORE 69.6

A few weeks ago internet explorer started to act funny, sometime when I opened a new browser window it would freeze in the new window, but allowed me to continue using the previously opened windows. I had to open several new windows until suddenly one of them worked. Then, the whole browser started freezing at random times, specially when clickin on links or opening new windows or tabs. I was not able to close it and reopen, I had to kill the processes using task manager, and even then, many times it would freeze on the first window.I tried several antivirus (Trendmicro, AVG, FProt, Eset, Panda) some would report some infected files, others none. After disinfecting with Panda, the browser seemingly started working fine again, but it only lasted for less than a week. After that the problems became more annoying every day.The last straw was that sometimes when turning on the PC it would freeze right before loading the windows explorer, so I could only see the background of my screen. Usually I rebooted and it will work, but today I had to reboot about 5 times before it worked again.Any help will be greatly appreciated.Thanks. Gabriel.DDS.txt log:DDS (Ver_10-10-10.03) - NTFSx86 Run by Admin at 11:18:25.48 on Mon 10/11/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1831 [GMT -6:00]AV: Panda Global Protection 2011 *On-access scanning enabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}FW: ... Read more

A:Slow/freezing browser, fails to load windows explorer often. Have to reboot several times.

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,I am thcbytes and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to your computer unless ... Read more

Read other 11 answers
RELEVANCY SCORE 69.2

The computer is very slow. I can't load windows updatesAVG quit working, as well as ad aware.I tried uninstalling AVG to relaod and it failed at that alsoMalware bytes runs and finds nothing.The windows disk is lost.We have way too many processes running and startup tasks. I would like to see that get smaller.The CPU runs idle but takes huge hits periodically.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:43:18 AM, on 12/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exeC:\WINDOWS\system32\svchost.exe... Read more

A:Very slow and wont load ad aware or update windows

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 68.8

I evidently have several viruses on my computer that my virus protection is not detecting. McAfee and Microsoft update websites are being blocked. I am getting popups when opening IE, and redirects. Also, Vimax add follows me from site to site. I have scanned twice and the result is clean (small tracking cookies were removed.) There are threads out there on these issues however they seem so situation specific i was scared to apply them to my system. I see lots of other people loading and using multiple virus detecting programs, etc. If I should try this first as well please advise. I am attaching my Hijack log for a review.

Thanks
Hijack Log Reads:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:38 AM, on 12/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.... Read more

A:Pop-ups, Redirects, Microsoft Update site blocked, McAfee Update Site blocked

Read other 6 answers
RELEVANCY SCORE 68.4

Hi Guys,

I have had a nasty virus on my PC for a few days.

The symptoms include
- no browsers will navigate to windows update
- Firefox is redirecting to ad sites (such as stopzilla).
- Generic Host Process intermittently crashing

I have tried malware bytes and it did clean up some infections. My AVG antivirus also picked up some infections, however it appears I am getting reinfected.

So far I have detected and cleaned SHeur3.BVQH and Generic22.IJY.dropper.

I really need some expert advice now, and would be grateful if anyone could help. Thanks for reading.

A:browser redirects and win upd blocked

Hello and welcome to TSF.

Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

Read other 19 answers
RELEVANCY SCORE 67.2

I am running Windows Vista. After a windows update and also a potentially fake Adobe update, my computer seems to be infected. There was a windows security warning that I had no anti-virus software. I tried launching my Trend Micro anti-virus and nothing happens. When I try to go to their website, I am redirected to random sites.

any help would be greatly apreciated.
I tried doing a system restore to 3 earlier dates and each one fails.

A:Anti Virus Blocked, Browser redirects.

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C... Read more

Read other 23 answers
RELEVANCY SCORE 67.2

Here is a link to my forum topic which resulted in sending me here:
http://www.bleepingcomputer.com/forums/topic409910.html/page__st__15__gopid__2338590#entry2338590

Here are the results from DDS:

DDS (Ver_2011-07-14.01) - NTFS_x86 NETWORK
Internet Explorer: 7.0.6002.18005
Run by Colleen at 18:39:50 on 2011-07-17
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3060.2524 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
\\.\globalroot\Device\svchost.exe\svchost.exe
C:\Windows\helppane.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:&... Read more

A:Virus software blocked, browser redirects.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 32 answers
RELEVANCY SCORE 66.4

Hi

running Visat 32 bit IE

Can not access kaspersky.com or others

windows will not update code error 80072EFD
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:00:48 AM, on 17/10/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SoundMan.exe
F:\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/?fr=mkg029
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Search... Read more

A:Ie websites blocked and windows update blocked

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:R3 - URLSearchHook: (no name) - {b80f591e-fe9a-46cf-a13e-180377240586} - (no file)R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)O23 - Service: OSOAP - Unknown owner - C:\Users\Lou\AppData\Local\Temp\OSOAP.exe (file missing)Restart the computer normally.Windows Update error 80072efdhttp://windows.microsoft.com/en-US/windows-vista/Windows-Update-error-80072efdPlease check this Microsoft article and see if you can get the update.===Mean time lets check further.Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !&... Read more

Read other 2 answers
RELEVANCY SCORE 66.4

i recently starting getting redirected on every site i go to. i was trying to solve it on my own and when i went to check my firewall, i get a message saying something like " due to an unidentified problem, we are unable to access this information".
 
also when i start up windows, it takes forever to load now.

A:browser redirects and firewall blocked viewing access

Hello bouncepass Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at... Read more

Read other 3 answers
RELEVANCY SCORE 66

I'm running windows xp home edition. When i try to search for anything on the search engine and click a link, it takes me to an entirely different website. I have 2G memory, but my computer is running so slow. I ran a malwarebyte flash scan and found and deleted 2 infections. I also found 5 infections under full scan and deleted them. But i'm still having the same problems. I also cannot load windows updates at all. It takes me to a page cannot be displayed. I've tried going to search for it and when i try to click on anything with update in it it takes me back to the page cannot be updated page. Can anyone help me?

Read other answers
RELEVANCY SCORE 65.6

Most of the Google search results are redirecting me to different random sites when I click on the link, both with Firefox and IE. I cannot update Microsoft security updates, and pop-ups are opening up with these malicious sites. I have avast and it has not found anything. Malwarebytes found 1 item and deleted it but the problem continues. Kaspersky's TDSS killer found nothing. I have scanned with dds and gmer and have included results. Please advise on what to do next.DDS (Ver_10-03-17.01) - NTFSx86 Run by Amaris at 14:20:55.12 on Sat 08/14/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.489 [GMT -5:00]AV: avast! antivirus 4.8.1368 [VPS 100814-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\pctspk.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:&... Read more

A:Search result redirects/Windows updates blocked

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other... Read more

Read other 5 answers
RELEVANCY SCORE 65.2

I recently installed the windows updates for my computer and as the title explains, it made my computer super slow for some reason. Once I log on, that is when it becomes unbearably slow. Also, the browser connects, but both IE and Firefox keep getting the error "connection timed out"...and that is for any website. I can get to my homepage (google), but once I try to go to any other page, it always times out.

I have windows XP SP2...
Specs:
Dell Optiplex GX60
256MB RAM
160GB HDD
Intel Celeron 1.70GHz
Intel integrated peripherals and a ATI gfx card (radeon all-in-wonder 7500)

A:[SOLVED] Windows Update renders comp SUPER SLOW and no browser connect

Also...my network connection is now getting the bubble; "limited or no connectivity"...and when I disable/enable it then it works for a brief minute and repeats the limited or no connectivity thing. I can see that I am connected, I see my network, the signal strength is 4 out of the 5 bars, but the "activity" says 1,528 packets sent and 4 received...?

Read other 2 answers
RELEVANCY SCORE 64.8

I am not sure what might be going on, but I am struggling to make this computer work for me as topic says.  I ended up not being able to even do malware scans, the programs just freeze except in safe mode.  Eventually got Malwarebytes to run, it never finds anything, nor does Avast find anything. 
 
Tried setting computer back to earlier time, worked a short time then started blocking me off again.  Can't even access regedit.  Something turned off Windows firewall.  
 
Below are FRST  and  Addition logs.  
 
I don't normally run Chrome, I normally use Firefox.  Firefox doesn't load well right now and I can't navigate with it.
  
Thank you for anything you can tell me from these.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by lmbeattie (administrator) on LMBEATTIE-PC (23-01-2018 01:44:29)
Running from C:\Users\lmbeattie\Desktop
Loaded Profiles: lmbeattie & Les.B games (Available Profiles: lmbeattie & Les.B games & Farmville)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the pr... Read more

A:Access blocked to files, security programs/scans, browser redirects

beachbirdie:
 
to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Read other 4 answers