Over 1 million tech questions and answers.

Open Cloud Security / Google redirect

Q: Open Cloud Security / Google redirect

I've tried the 'Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help' and did the steps but was unable to do the gmer option because it wouldn't let me open it. Heres the DDS logs that I did get to do.

RELEVANCY SCORE 200
Preferred Solution: Open Cloud Security / Google redirect

I recommend trying the free service from Zip Cloud. It's currently our users' favorite backup and storage solution and will save you headaches down the line.

You can get it direct from this link http://goo.gl/rFYDxc. (This link will open the Zip Cloud homepage.)

A: Open Cloud Security / Google redirect

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421168 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER logAs I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

Read other 2 answers
RELEVANCY SCORE 102.8

Referred from here: http://www.bleepingcomputer.com/forums/topic420705.html/ ~ OBBroni directed me here as the problem I had never went away. Here is the original post describing my problem:"It seems as if I've been hit at once by 2 different things. Not sure how it happened but it first started with the random redirecting which was blocked mostly by AVG, then after a few days all of a sudden Open Cloud Security hit me. After I used MBAM or CCleaner, I don't remember which one to try to stop the redirect, upon restarting Open Cloud appeared. It applies to both Firefox and Internet Explorer, not one by the way. I've looked up many different ways as to how to fix this but so far nothing, so I'm here.I have did the whole ipconfig/flushdns thing and that seems to stop the redirect temporarily until I restart and it's back at it. As for the Open Cloud Security rogueware - MBAM and CCleaner always detect things, but after clearing it all out and rebooting in non-safe mode, it always comes back.Hopefully someone can help me. I see many people have this redirect problem, but I seem to have gotten screwed further with this Open Cloud thing on top of it all."Now whenever I try to start Windows normally it blue screens. Here is what it says: http://i52.tinypic.com/oh6yvl.jpg Before it would only blue screen after I tried to start a program to get rid of it, such as MBAM or RKILL. I followed that guide before posting in this section and it says only do the G... Read more

A:Open Cloud Security and Google Redirect

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by Mark at 12:06:26 on 2011-09-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4084.3078 [GMT -4:00]
.
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64 ... Read more

Read other 58 answers
RELEVANCY SCORE 102.8

It seems as if I've been hit at once by 2 different things. Not sure how it happened but it first started with the random redirecting which was blocked mostly by AVG, then after a few days all of a sudden Open Cloud Security hit me. After I used MBAM or CCleaner, I don't remember which one to try to stop the redirect, upon restarting Open Cloud appeared. It applies to both Firefox and Internet Explorer, not one by the way. I've looked up many different ways as to how to fix this but so far nothing, so I'm here.

I have did the whole ipconfig/flushdns thing and that seems to stop the redirect temporarily until I restart and it's back at it. As for the Open Cloud Security rogueware - MBAM and CCleaner always detect things, but after clearing it all out and rebooting in non-safe mode, it always comes back.

Hopefully someone can help me. I see many people have this redirect problem, but I seem to have gotten screwed further with this Open Cloud thing on top of it all.

A:Open Cloud Security and Google Redirect

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log c... Read more

Read other 22 answers
RELEVANCY SCORE 99.6

I got the nasty Open Cloud Security rogue anti-virus software. Popped up while I was out of the room so I wasn't able to do an immediate hard shut down in time. By the time I got back, a few minutes later, it had sunk its tentacles in pretty deeply. It has disabled my Malwarebytes Anti-Malware, my AVG anti-virus, and system restore, even in safe mode. When I try to run MBAM or GMER I got a notification that says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Again, this occurs even in Safe Mode (with networking). I've also got Google re-direct going on. I manually deleted what I could of the virus and that seemed to slow it down considerably, but it's still in there somewhere. Here is my DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Mike at 12:02:27 on 2011-10-01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.346 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
C:\WINDOWS\370523963:3292588777.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla F... Read more

A:Open Cloud Security w/ Google Redirect; MBAM/AVG/GMER disabled

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421421 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 4 answers
RELEVANCY SCORE 86

Hi all! Beginning this morning, I've been getting redirected when using Google. Open Cloud fake AV also installed itself. I was able to get into safemode and use Malwarebytes to "remove" it but I'm still getting redirected (no sign of open cloud, however). My AV software (Malwarebytes & Symantec Endpoint) is not detecting any malicious files. Endpoint also seems to have gotten corrupted, but this may be unrelated.

I have tried using DDS three times and each time it froze. GMER did work, however.

I'll try again on DDS and if it works I'll attach the log. Thanks in advance!

Note: Running windows 7 32-bit, updated as of this morning

A:Open Cloud & Google redirect

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419481 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 82.4

Hello,

I am having multiple problems with my windows 7 computer. Every time I get on google chrome/firefox/IE and click on a link in a google search it always redirects me to some other random site. Also, my windows firwall has been disabled (without me disabling it) and I can't turn my firewall on. It comes up with an error message says "Windows Firewall can't change some of your settings. Error code 0x8007042c. I also did just notice today that every so often when I'm on google chrome/firefox or whatever browser, all my windows (browsers) close expectantly, even my windows folders. I have AVG on my computer and it comes up with a pop up every 10 mins or so saying threat blocked.

My problems all started about a couple of weeks ago with Open Cloud AV. I rebooted my system in safe mode and ran rkill then mbam. Mbam found multiple threats and was able to delete all of them. Evidently that wasn't enough because when I rebooted my computer the firewall error code popped up for the first time and my google searches were redirecting. I have ran mbam multiple times and found a few threats each time, but I don't know what to do next.
Any help is appreciated.

Thanks

A:Google redirect virus/Open Cloud AV/Windows Firewall Disabled

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

Read other 1 answers
RELEVANCY SCORE 81.2

While I was on Facebook today, a message popped up out of the blue that said I was infected with the Zeus Keylogger and to click here to buy the "only" way to remove it. When I tried to shut it down with tskmngr.exe it screamed that it was "infected" and refused to let me run the program. I also began getting fake email alerts every four minutes, a fake virus scan with the Zeus warning every seven minutes, and a fake BSOD and reboot every ten minutes (It happened so often I timed them, and the reboots always jumped back to where I left of instead of a usual reboot.). I also ended up with a program running in the task bar called "Security Guard 2012" that refused to let me shut it down. It also killed MBAM, SUPER ANTI-SPYWARE, and RKiller and it's various names (I tried them all...). When I try to run it, they all return an error that says: "Windows can't access the specified device, path, or file. You may not have the appropriate permissions to access the item." I have even tried Safe Mode on all of them after fighting with it for two hours to get into Add/Remove Programs feature to uninstall / reinstall (and the whole time the pc is screaming "It's infected!!" at the top of it's lungs - lol.). I even resorted to going to: C:\WINDOWS\system32\Taskmgr.exe since alt+ctrl+del didn't work. This program also created an icon on the desktop under the same name. When I right-clicked i... Read more

A:Security Guard 2012 becomes Open Cloud AV, google redirects, and ads galore

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\WINDOWS\338603927
Press Create button and post the content of the Result.txt.

Important: Restart the computer.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is ... Read more

Read other 3 answers
RELEVANCY SCORE 68

I'm a computer consultant and three of my clients have been infected with this virus in the last 2 weeks. One was so bad that I had to run a recovery back to the origin of the computer. On the other two computers I had removed Open Cloud from startup and then all the files it created manually. I was then able to run Malwarebytes on this computer and it found the malware and others. (I wasn't able to run any scans on the second computer, including McAfee.) But then I had further problems - either the computer was excruciatingly slow, or as on this computer, when you click on All Programs, only McAfee is listed! I also get some startup errors that I didn't get before. Then I found the post about TDSSKiller. I ran it and RKill (Explore.exe) on both computers and nothing changed. I gave up on the other computer and did a full recovery. I'm hoping I don't have to do that on this one. There are lots of files to backup and several programs to reinstall. I've attached the files you need to analyze the problem. Thanks, Leslie

A:Open Cloud Security/AV

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/423685 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 9 answers
RELEVANCY SCORE 68

My computer has the Open Cloud Security virus. I followed the steps to get rid of it, but they have failed.
1. I started my computer in safemode with networking
2. I checked the internet options but the box was not checked to begin with so skipped that step
3. Downloaded and ran r-kill. It got rid of the dialog boxes for Open Cloud
4. Ran Malwarebytes antimalware. Tried to run Quick scan and Full scan. Both failed after a few seconds and then cannot open Malwarebytes anymore.
It shows Error message reading: Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.
If i resintall the program, it will open again and then fail the same way.

Ran dds and gmer.

gmer fails a 20 seconds in and gets the same error as Malwarebytes. I saved the log file before it failed.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Sarah and Steve at 16:36:46 on 2011-09-28
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\3788055388:2749117982.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C: ... Read more

A:Open Cloud Security

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420949 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 68

Hello, I have open cloud security taking over my computer. PLEEEEEEASE HELP.
Here is my Hijack this logfile.
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ... Read more

A:Open Cloud Security

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420173 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 67.2

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23
Run by Aaron and Tracey at 21:38:29 on 2011-09-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.402 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Aaron and Tracey\My Documents\Downloads\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/se... Read more

A:Open Cloud Security Removal

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421411 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 67.2

Hi, I've had the open cloud security problem for about 2 weeks now, at first it kept popping up over and over again telling me I had all kinds of threats etc., I Googled it and followed the instructions for removal with the malwarebytes' malware removal kit, and it would find some infected files, and then the scan would stop just before it finished saying it experienced some kind of error. I also ran AVG and found some infected files, put them in the virus vault, and then emptied the vault. I put the open cloud security link from my desktop into the trash can and then emptied it, and the pop-ups about me being infected stopped, but I'm assuming it's still on here because I didn't really do anything, so I came on here, I read the preparation guide for removing the malware, and I downloaded the recommended files and ran the scans, and I'm attaching them below. I'm not very good with any of this, and I would really appreciate any help with removing it. Thank you.
 opencloudsecurity.log   6.06KB
  0 downloads
 DDS-opencloudsecurity.txt   23.79KB
  1 downloads
 Attach-opencloudsecurity.txt   8.58KB
  0 downloads

A:trying to remove open cloud security

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download AntiZeroAccess by Webroot to your DesktopDouble-click antizeroaccess.exe to run the program.NOTE: If running Vista or Windows 7, make sure to Right-click on it and select Run as an Administrator.
At the black window, type y and then press Enter.Once AntiZeroAccess has finished scanning, a report AntiZeroAccess_Log.txt will be created in the same location as the program.Please post the contents of the report in your next reply, and let me know how your system is running now. :thumbup:---Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANTPlease post the contents of that log in your next reply.There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.===Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the defaul... Read more

Read other 5 answers
RELEVANCY SCORE 67.2

Hi everyone on this helpful websiteFirst i must apologize for my language since I am not a native english speaker and I just try my best to write gramatically correct english hoping you guys can understand me and may give me a helping hand.Back to the theme:I've read the guide teaching how to remove OpenCloud Security on this site.http://www.bleepingcomputer.com/virus-removal/remove-opencloud-securityI have followed every step however I have not succeeded The problem shows at step 14 while running Malwarebyes' Anti-malwareI did run RKill, but Malwarebyes' Anti-malware just still cannot run the scan.Everytime I start scanning , it is shut down very soon, maybe a few secs after starting.I guess it's probably interrupted and terminated by Open Cloud Security.So I wonder if RKill did not succesfully do its job?After the black window closed, notepad pops out with only the below"This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 09/2011 Sunday at 20:03:51. Operating System: Windows 7 Ultimate Processes terminated by Rkill or while it was running: Rkill completed on 09/2011 Sunday at 20:03:53. "Other than Malwarebyes' Anti-malware, I tried Spy Doctor, Trojan Killer, HijackThis.And they result in the same, being shut down very shortly after starting scanning.The softwares are unable to be opened again after they are shut down. (de... Read more

A:Need help on Open Cloud security removal

Ronarch,The information provided shows the characteristics of the ZeroAccess Rootkit.First, let's take care of this file:C:\Windows\4241468026:2236952579.exeIt throws a wrench in the works, and programs will not run successfully...Please download DummyCreator.zipUnzip the folder:Right-click and select: Extract allFollow the prompts to extractOpen the new folder that appears on the Desktop:Double-click DummyCreator/DummyMaker to run the tool.Now, copy/paste the following into the blank area:C:\Windows\4241468026Press the Create button. Save the content of the Result.txt to your Desktop, and post it in your reply.Next, restart the computer!Please do not run any malware removal programs while we are in the process of malware repairs. Doing so may just make matters worse, and that, you do not want!Thanks!

Read other 1 answers
RELEVANCY SCORE 67.2

I have tried everything to get rid of Open Cloud Security, and am having no luck.I got rid of the annoying popups, but some random exe file (3571092410.exe) continues to start every time except when I launch Safe Mode WITH Alternate Shell/Command Prompt.The random exe is blocking programs such as my Anti-Virus, Anti-Spyware, Regedit, etc. from executing as needed. I also suspect it may be spoofing certain programs, b/c when I run rkill it immediately closes but then opens again and finds nothing to kill here.Please help!Hi there,I am working with a nasty little virus.More details at this thread:http://www.bleepingcomputer.com/forums/topic421299.htmlBascially, I have tried everything. The DDS log is attached. Although I can find't the attached.txt that is suppose to be zipped. The random exe files in the root are renamed versions of rkill. However, I can't explain the random ones in the Windows directory.Gmer throws an error that it found system modifications and wants to run a full scan. But doing so causes it to crash. Image attached.Please help. Thanks.Merged topics then posts. ~ OB

A:Open Cloud Security Not Removing

Ok... I think I finally got rid entirely rid of it. I kind of winged it myself without any 3rd party tools, but have notes if you would like me to share them.

Can I get confirmation that my system is ENTIRELY clean based off these logs? I mean it runs fine now, but I want to be sure some I didn't leave some key logger or something hiding in there...

I have 2 concerns:
1) The GMER log mentions something about the file system and keyboard driver.
2) I see "Error 1012: There was an error while attempting to read the local hosts file" in Component Services (although I have no problems access the web).

Thanks go to this forum for all the tips and strategies!

-Brett

Read other 6 answers
RELEVANCY SCORE 67.2

I looked Open Cloud Security up on bleepingcomputer.com and I tried to follow the instructions. I'm using Windows XP, and i'm not savvy with regedit so I tried the antimalware route via safe mode. When I tried to open any form of safe mode i got the blue screen of death with some sort of memory dump notice at the bottom. So i started in my regular mode, used RKill (renamed iexplorer) to stop the rogue processes which allowed me to run antimalwarebytes. It took forever, and finally logged some things as killed, but open cloud security was still there. So in a fit of desperation I took to deleting what appeared to be folders which were definately not there before the infections. Files named with loooong numbers, as well as the files associated with open cloud security. Several clone shortcuts were found, but no program files. I went to the registry and deleted the only file i could find in the registry that has been linked to this virus. Then I restored last known good settings, but now I can't open a single program. The notice says to restore the file association in folder options in the control panel. But I don't even know how to do that. Does anyone know what happened? I'm not backed up in any way, and I will lose things which i would be very sad to lose, but I'm not against starting from scratch. It doesn't look like I have the virus anymore, but regardless, my computer is completely devastated. Is it possible that I deleted something that... Read more

Read other answers
RELEVANCY SCORE 66.4

This past week my fianc? got a rogue antivirus on her PC ? Open Cloud Security ? while searching DeviantArt and listening to Pandora. Though I wasn?t present to observe, it appeared to be a drive-by installation (AFAIK, she didn?t click on any suspicious items).

Her PC stats:
What I know: Win XP Pro 32-bit, Ad-Aware free running constantly, router/hardware firewall, IE 8, EVGA GTX 460 @ 1024 MB, no virtual drive installed

What I can?t remember specifically offhand: Quad-core Intel, 2.5+ GB RAM, Mobo?(Asus ETS2 Energy Saver?)

I have searched numerous forums and sites for advice, and found many helpful tips ? but nothing has worked.

(NOTE: This post does not contain DDS and GMER logs, because I downloaded and transferred those programs to her computer with a flash drive and experienced problems, noted below:

DDS: began to run, but seemed to freeze up the machine?after 2 hours, the ?bar of asterisks? had not moved past ? of the way or so?I had to hard restart, and it took several tries on the initial BIOS screen, along with pulling the power cord out and letting the mobo power drain, before the BIOS would find the HD?s and continue the boot process.

GMER: Started and ran successfully, run overnight. In the morning, I tried to ?Save? a log for submittal, but received an error that there were ?not enough resources to complete the process? in My Documents or something similar, and then the computer froze?could move the mouse but not click anything, or pull up Task Manager?h... Read more

A:Open Cloud Security problem need advice

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Your logs indicate that a ZeroAccess infection is present on your computer:Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\WINDOWS\2478689085
Press Create button and post the content of the Result.txt.

Important: Restart the computer.===See if you can now run the DDS tool and include the log in your next reply.

Read other 1 answers
RELEVANCY SCORE 66.4

Hi all, thanks for taking a look. I think I've contracted the same thing that many others here have. A few days ago I noticed that Firefox was popping up extra tabs for ads both on launch and when clicking links, but just assumed that the beta update had broken my adblocker again. I closed them and everything was fine. Yesterday I noticed the Open Cloud AV notification pop up and immediately started scanning with Kaspersky, Spybot, and MalwareBytes. All three found things to kill whenever I'd reboot (side note for anyone with the same problem: as soon as I rebooted, I was able to regain control of my computer by immediately opening up task manager and killing all randomly named processes, they would spawn continuously, but eventually I could close them all and Open Cloud would go away).

All of my files were marked as hidden, so I just let windows explorer see hidden files, and am currently running unhide.exe to restore start menu files. Currently Malwarebytes comes back clean after a reboot when using Quick Scan, but I know that I'm still infected because on reboot (and sometimes at other times) I have to go into the Show All Processes tab on task manager to kill Ping.exe, or else it eats up all of my cpu cycles and an enormous amount of ram. I suspected it was using me as a bot, but then I got a prerecorded call from my ISP today saying that they had detected a bot on my connection, so that pretty much seals it. I'm really hesitant to use my computer for an... Read more

A:Browser redirect, Open Cloud AV, Ping.exe cpu usage at 100%, and being used for a botnet

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

Read other 4 answers
RELEVANCY SCORE 66.4

(Content of original post follows, link here: http://www.bleepingcomputer.com/forums/topic421919.html/page__gopid__2432268#entry2432268)
Hi all, thanks for taking a look. I think I've contracted the same thing that many others here have. A few days ago I noticed that Firefox was popping up extra tabs for ads both on launch and when clicking links, but just assumed that the beta update had broken my adblocker again. I closed them and everything was fine. Yesterday I noticed the Open Cloud AV notification pop up and immediately started scanning with Kaspersky, Spybot, and MalwareBytes. All three found things to kill whenever I'd reboot (side note for anyone with the same problem: as soon as I rebooted, I was able to regain control of my computer by immediately opening up task manager and killing all randomly named processes, they would spawn continuously, but eventually I could close them all and Open Cloud would go away).

All of my files were marked as hidden, so I just let windows explorer see hidden files, and am currently running unhide.exe to restore start menu files. Currently Malwarebytes comes back clean after a reboot when using Quick Scan, but I know that I'm still infected because on reboot (and sometimes at other times) I have to go into the Show All Processes tab on task manager to kill Ping.exe, or else it eats up all of my cpu cycles and an enormous amount of ram. I suspected it was using me as a bot, but then I got a prerecorded call from my ISP tod... Read more

A:Browser redirect, Open Cloud AV, Ping.exe cpu usage at 100%, and being used for a botnet

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

Read other 12 answers
RELEVANCY SCORE 64

Help ... Computer taken over by by XP 2011 Security virus and Google redirect virus. I used SuperANTIspyware to kill it, and it seemed to work, but I couldn't open any exe files. Then a week later the XP 2011 Security virus came back. I can't open the Hijackthis and GMER files because they're exe files, but I've attached the DDS logs. By the way my computer has two user profiles. One has the XP 2011 security virus and google redirect virus, and the one I'm on now hasn't been attacked yet, but I can't open exe files. What do I do?

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by laryza martell at 14:25:47.28 on Sun 03/27/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1435 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\ASTSRV.EXE
svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBI... Read more

A:XP Security 2011 Virus, Google Redirect Virus, and Can't Open EXE files

Read other 14 answers
RELEVANCY SCORE 59.6

This has been happening for sometime but I haven't thought anything of it til now. Whenever I search google, when I click on a link I get redirected to a new page. More recently however, it will redirect me to a page saying this site is known for attacks and asks if I want to get out of there or ignore. I know this is obviously a fake but I have no idea why it is being directed to this. I have scanned with Nortan and Spybot Search and Destroy with no avail. I also looked through some sites and it sounds like a problem that is best left to a professional. Please help.

A:Google Search Redirect and Fake Security Risk Redirect

Hi ZJ88 and welcome to Bleeeping Computer.Have you tried scanning with MBAM?Let me have the reports from these 2 steps and then we'll take it from there.Step 1Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the... Read more

Read other 1 answers
RELEVANCY SCORE 58.8

For a few days now, after getting one of those fake "antivirus" programs my Google Chrome browser is unable to open any pages. I can open them in IE and Firefox, but on those browsers any links I click typically get redirected to random advertisement websites rather than the page I'm trying to reach.

Any help would be greatly appreciated.

DDS (Ver_10-11-03.01) - NTFSx86
Run by Adam at 20:18:34.04 on Thu 11/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1024 [GMT -4:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDevice... Read more

A:Google Chrome unable to open pages, Google Ads in other browsers redirect to advertisement sites

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------The Gmer scan shows possible TDSS issues. Please run TDSSKillerDownload TDSSKiller and save it to your Desktop.

Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

Now click Start Scan.
If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
Click Close
Finally press Report and copy and paste the contents into your next reply. If you've rebooted ... Read more

Read other 12 answers
RELEVANCY SCORE 55.6

my internet explorer won't open most of the time and says that the "data execution prevention" has shut down internet explorer to protect it. when ie does work i get pop-ups like never before. I updated my malwarebytes anti-malware and ran a complete scan with that, found 0 infections. then i ran my norton anti virus which also came back negative. i had problems running the GMERS log, my computer would shut down in the middle of it. i am running in safe mode right now and my internet explorer is opening up just fine. i am running windows vista. and I am also getting an error message when I first log on saying that I am missing a .dll file C:\users\matthew\appdata\local\temp\{8cd07d68-caeb-4cf8-9aaf-af9ef90fe8df}\1c18.dll any help would be greatly appreciated. also I am getting redirected to spam sites when i do a google search.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Matthew at 10:52:44.26 on Mon 11/22/2010
Internet Explorer: 8.0.6001.18975
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2045.1012 [GMT -5:00]

FW: PC-cillin Internet Security - Firewall *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.... Read more

A:ie won't open, pop-ups, google redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 55.6

Hi - when I click any search result using Google I'm redirected to an ad site. Also, MSE won't open on this computer - no error message, just doesn't do anything. I tried removing and re-installing MSE with same result. I zipped ARK.txt because it was too big to attach. I need help, please, to fix whatever's causing these problems.
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Sylvie at 11:13:55 on 2012-10-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1032 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\ms4w\Apache\bin\httpd.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\ms4w\Apache\bin\httpd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre7\bin\jqs.exe... Read more

A:Google redirect and MSE won't open

Hello pawbhaji and welcome to BC.Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop. Link 1Link 2It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HEREClose any open windows, including this one.Double click on ComboFix.exe & follow the prompts.ComboFix will check to see if the Microsoft Windows Recovery Console is installed.*It's strongly recommended to have this pre-installed on your machine before doing any malware removal. *The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. *This allows us to more easily help you should your computer have a problem after an attempted removal of malware.If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console. When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Important notes:Leave your computer alone... Read more

Read other 15 answers
RELEVANCY SCORE 55.2

Earlier this week I got infected with the xp security, and after a day, I was finally able to get rid of it. Then the following day, it came back, and keeps coming back. Now I am enjoying life with google redirect, and how can I get this nasty bug off my computer? Running XP service pack 3. Your help will be greatly appreciated, and I have been reading other threads on this issue, and not sure which route to go, so I don't cause more trouble. Can't get GMER to run completely, thanks for your help.

A:xp security, now google redirect....When will it end?

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger:Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appea... Read more

Read other 3 answers
RELEVANCY SCORE 55.2

I was infected with xp security 2012 recently, and was able to get that off so it no longer shows up on my computer, but now I'm dealing with google redirect, and Malwarebytes, MSE, TDSSKiller, everything I run doesn't seem to catch it. Please help me get rid of this nasty problem. Thanks

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Run by bb at 10:55:09 on 2011-12-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.768.167 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
D:\Superanti\here\SASCORE.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour&#... Read more

A:xp security, then google redirect..

please post the TDSSKiller and ComboFix log(s)

Read other 2 answers
RELEVANCY SCORE 54.8

Referred from here: http://www.bleepingcomputer.com/forums/topic415319.html ~ OBI have recently been having problems opening programs that used to work just fine. I get an error window that says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." This happens on some of the programs I have downloaded from your site as well.Also, when on bleepingcomputer.com and maybe other sites(I haven't been on others because I'm trying to figure out my problem)some of the links to download programs I click on do not direct me to the page stated. Instead I am directed to a page with many links about fixing malware and AV. These pages look fishy.Also, when I restart the computer an error comes up, Title bar: itunes helper.exe - No DiskMessage: There is no disk in the drive please insert disk into the drive\device\harddisk5\dr5I don't know what is causing any of this.Here are the logs requested...attached are the 'attach' and 'ark' logs..DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.19088Run by Whitman at 16:14:40 on 2011-08-22Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3071.1062 [GMT -5:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system... Read more

A:Google redirect (I think) and many programs won't open.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415658 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 32 answers
RELEVANCY SCORE 54.8

I think I have two problems and not sure if they are related, but the combination has made my computer unworkable.

First came the google redirect problem. I have been afraid to try to address it without being walked through the correction steps.

On the last start up, avg detected a threat. Chose to neutralize it. After another restart, avg and intel proset wireless utility were no longer in the icon tray as before. Tried to open both of those from the start menu, and with each the "open with which program" dialog box popped up. Tried with a few other programs (i.e. firefox and explorer) and got the same results. I browsed through and found the program file for firefox so I could open it to get online to solve this problem. Once I clicked on it though the "open with" box, was almost like firefox did a short reinstall.

Currently running a malwarebytes scan to see what that turns up.

O/S is windows xp and normal antivirus is avg free 2011.

Thanks in advance for the help.

A:google redirect and always asks "open with"

to BleepingComputer. Sorry for the delay! My name is Jason and I'll be helping you. You can call me by my screename jntkwx or Jason is fine.If you have any questions following these steps, feel free to ask for clarification (or if you cannot complete a step.) Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. Let's try rebooting into Safe Mode.This can be done tapping the F8 key as soon as you start your computerYou will be brought to a menu with several options. Press the down arrow key on your keyboard until Safe Mode with Networking is selected. Press Enter. Please see here for additional details. Once in Safe Mode with Networking, download Rkill Run Rkill (renamed iExplore.exe).Please be patient while Rkill looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If it appears like Rkill did not stop the malware from running, please try running RKill again until the malware is no longer running. If you are unable to download rkill from the main download, try these alternate download locations:1. http://download.bleepingcomputer.com/grinler/rkill.com2. http://download.bleepingcomputer.com/grinler/rkill.pif3. http://download.bleepingcomputer.com/g... Read more

Read other 11 answers
RELEVANCY SCORE 54.8

Hello, from reading other posts I am guessing I might have the google re-direct virus and maybe something else. I am not super computer literate but I will try my best to describe and follow instructions.

I am on a wireless laptop through a router, my browser is Firefox and I use Windows XP.

My problems:

Every once in a while while I am browsing the internet, more frequently when I open a new tab another tab that I did not authorize will open, the URL makes it look like a pop up but usually only a blank screen loads. I try to X it quickly.
Computer started running slowly. Internet browsing loading slowly.
Every so often my sound card would stop working (may be unrelated)
I recognized the signs and tried to run Malwarebytes. It showed a working hourglass for a moment then did not open, I checked the process manager, I clicked again and it still would not open. Not in safe mode either.

Currently the anti spyware/malware programs I have installed are: Rkill, Malwarebytes and Spybot - search and destroy. Spybot will open and scan but Malware won't. Rkill dosn't seem to find anything worth closing.

Please any directions you can offer would help.

~ Holly

A:Google redirect? + can't open malwarebytes

The problem is actually based in your router and that in turn is infecting all the other computers on your network (if networked_).Here is the entire fix(from the beginning) that you will need to run on each PC.Please download Malwarebytes' Anti-Malware from Here or HereNext disconnect your system from the internet, and your router, then?Double Click mbam-setup.exe to install the application. Launch Malwarebytes' Anti-Malware, then click Finish.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the ... Read more

Read other 6 answers
RELEVANCY SCORE 54.8

looking at some others posts...I started out with the super antispy scan.

here is the log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/19/2009 at 07:35 PM
Application Version : 4.30.1004
Core Rules Database Version : 4294
Trace Rules Database Version: 2165
Scan type : Complete Scan
Total Scan Time : 03:25:55
Memory items scanned : 627
Memory threats detected : 0
Registry items scanned : 6540
Registry threats detected : 57
File items scanned : 190449
File threats detected : 66
Adware.E404 Helper/Variant-AR
HKU\S-1-5-21-1547161642-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A26574A-DD6D-4382-8C76-0DF06C478D3A}
Adware.Tracking Cookie
C:\Documents and Settings\Shelley\Cookies\[email protected][2].txt
C:\Documents and Settings\Shelley\Cookies\[email protected][3].txt
C:\Documents and Settings\Shelley\Cookies\[email protected][4].txt
C:\Documents and Settings\Shelley\Cookies\[email protected][1].txt
C:\Documents and Settings\Shelley\Cookies\[email protected][1].txt
C:\Documents and Settings\Shelley\Cookies\[email protected][1].txt
C:\Documents and Settings\Shelley\Cookies\[email protected][1].txt
C:\Documents and Settings\Shelley\Cookies\[email protected][1].txt
C:\Documents and Settings\Shelley\Cookies\[email protected][1].txt
C:\Documents and Settings\Shelley\Cookies\[email protected][2].txt
C:\Documents and Settings\Shelley\Cookies\[email protected][2].txt
C:\D... Read more

Read other answers
RELEVANCY SCORE 54.8

Well I finally throw in the towel and seek help. In the past I have been fairly sucessful at maintaining and fixing my computers through trial and error/research but this one has me going nuts! My kids (13 & 15) share a desktop computer and use the internet A LOT, needless to say I've got something on that machine that has been redirecting Google searches and I also have an annoying security popup that continually appears on both sides of my screen??

I have XP home, I run Norton AV, AVG 7.5, Ad-Aware SE, Spybot SD, TweakNow Registry Cleaner, Windows Defender and Super AntiSpyware. I have run all of these multiple times trying in Safe Mode and in Normal boot up mode and I still have the annoying problems? The funny thing is that if I run my machine in Safe Mode with Networking I dont get either of the annoying pests happening? But as soon as I go to Normal boot and all my startup programs and services run they are back?

Please lead me in the right direction and my trial and error days seem to be numbered...I want to give the kids back their machine before they put something on my laptop (which they are using now, ugh!).

Thanks in advance for any assistance you can offer....

lex

A:Google Redirect & Security Popups

Hello ,I am moving this to the Am I Infected forum for scans.. Next run MBAM:Please download Malwarebytes Anti-Malware (v1.35) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and clic... Read more

Read other 1 answers
RELEVANCY SCORE 54.8

Hi,

I've had google redirect for a while. TDSSKiller does not find any files to 'cure.' Recently I got the Security Protection virus, and I've had a few like this one in the past. I looked on this website and found that it is commonly bundled with the google redirect virus. Gmer freezes and has to close every time I try to run it (about 15 seconds into the scan). I have DDS logs. Let me know if you need the attach.txt log. Sincere thanks to anyone who can help. Safe mode is working fine.

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_22
Run by Spencer at 13:48:15 on 2011-07-06
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3069.2181 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServic... Read more

A:Google Redirect and Security Protection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 54.8

Hi there! First let me thank you for providing this website and these forums. I know it takes a lot of volunteers to make this site run and I appreciate all of your hard work.I believe I have two viruses/malware/whatever they are on my computer that I can't seem to get rid of. About 3 months ago, I began to notice that every single time I used Google to do an internet search, the first result I clicked on would always redirect me to some random site that had nothing to do with my search. If I hit the back button and then clicked on the exact same result, I would then be taken to the actual legitimate website I was searching for. I honestly did not think anything about this at first as I am less than computer savvy and did not suspect a virus. Since I have been researching it over the last few weeks, I believe it may be a virus. This week I tried to use Bing instead of Google but still had the same redirect experience.I also have a second issue but I do not know whether it is related to the Google redirect or not. About 2 weeks ago, I ran a Google search for the Ellen Degeneres Show. I clicked on the Google result, was redirected to a random site, hit the back button, then clicked on the link again. At that point, a balloon popped up in the bottom right hand corner of my screen that said "Your computer may be at risk. Automatic updates is turned off. Click here to fix the problem." Like an idiot, I clicked on the balloon and immediately Windows S... Read more

A:Can't get rid of Google redirect and Security 2011

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

Read other 30 answers
RELEVANCY SCORE 54.8

I somehow contracted a trojan with a fake security popup describing itself as the AV Security Suite. Steps I took for removal:1) Disconnected the internet2) The virus had set up a proxy in IE and Firefox. Disabled that by modifying the Local Area Network settings in these programs.3) Ran MalwareBytes, Spybot S&D and CCleaner a few times.At this point most of the virus appeared to be gone. What remained was a search engine redirector. If making a search on google or other common search engines the results page would appear as normal, but upon clicking a link on the results page an essentially random malicious site would load which would attempt (and succeed) to load all sorts of nasty software onto the computer. I had contracted a virus with very similar symptoms before, and no conventional means were able to remove it despite me combatting it for a week and eventually destroying my laptop and getting blacklisted from google. The whole situation is essentially the same as this thread: http://www.bleepingcomputer.com/forums/t/324663/infected-with-google-redirect-search-engine-redirect-malware/ , and so I was extremely pleased when running ComboFix appeared to solve the problem. It looks like I have already broken the rule : DO NOT RUN ComboFix unless given approval by a moderator.I wanted to post my logs to see if there is any other cleanup I should do, and also to help others with a similar problem to find a solution. Thank you very much for solving ... Read more

A:AV Security Suite followed by Google Redirect

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

Infected by Security tool, I used MalwareBytes to remove it. That seemed to stop the immediate problems but now google search results redirect me to ad sites from firefox and IE and Chrome which I installed after the infection seems to be behaving strangely and I am not sure whether I was successful in treating all the effects of Security tool. Google chrome will not load files .... - I now wonder whether I have been sending files to whoever infected my computer. I may have sent them ark.txt. I just realise that a button had appeared on top of the browse button in Chrome next to the upload button on this screen. Thank you very much for any help you can give me. Much appreciated.DDS (Ver_10-03-17.01) - FAT32x86 Run by AndreaM at 22:08:30.95 on 15/09/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.528 [GMT 1:00]============== Running Processes ===============C:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\AVG\AVG9\avgcsrvx.exeSVCHOST.EXESVCHOST.EXEC:\WINDOWS\system32\spoolsv.exec:\program files ... Read more

A:Security Tool and Google redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 27 answers
RELEVANCY SCORE 54.8

Hello all! This is my first time posting to the forum but I have been using it for guidance for a while now. First let me say that you guys provide a great service and it is much appreciated.

So here is the situation. My father has an old dell that he his attached to, and now it is in poor condition. It is a dell optiplex 210L with a pentium 4 and 3 gigs of RAM running XP Professional, version 2002, service pack 3.

Upon looking into the issue for him I found Security Sphere 2012 on the computer, then while trying to investigate this program I discovered the redirect (in IE) followed by some other program that I have never seen that tells you your hard drive is failing and throws stacks of warnings onto the screen; and here is the slick part, it takes ALL of your files and hides them to make it look (to the average user) like you were losing data.

So I tried StopZilla (mistake I am guessing) then malwarebytes. I have run malwarebytes 4 times and removed all that it has found but issues continue. The computer will not load any profiles properly in regular boot mode, but it works in safe mode. Over night, the files were re-hidden.

I have read the pre-post instructions and followed the steps, so here is the good stuff:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_12
Run by Wade at 10:45:56 on 2011-11-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2167 [GMT -4:00]
.
.
============== Ru... Read more

A:Security Sphere, google redirect, and more

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download TDSSKiller.zip and extract TDSSKiller.exe to your desktopExecute TDSSKiller.exe by doubleclicking on it.Press Start Scan
If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"Then click Continue > Reboot now
Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txtPost that log, please. Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this linkDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Con... Read more

Read other 11 answers
RELEVANCY SCORE 54.8

I have tried everything to remove the redirecting virus and it seems to be fine for a while then starts up again. Today I was infected with the AV Security 2012 and I have tried every way possible to remove it but it seems to keep redirecting when I type in info to my web browser.

Used Malwarebytes
Prevxcsifree
Seemed to remove the file but still giving me problems.

Also c:/Users/Dell/application data file seems to be missing.

Please give me assistance on what I can do to fix this problem.

I tried following these steps http://www.bleepingcomputer.com/forums/topic427621.html but it seems to be for windows XP and I have windows 7 32 bit.

Also used this : http://www.bleepingcomputer.com/forums/topic427621.html

Thanks

A:Google Redirect and AV Security 2012

Seems to be working fine now. Not sure if its just temporary or if it finally cleared the virus out.

Read other 2 answers
RELEVANCY SCORE 54.8

My computer seems to be infected with Win 7 Home Internet Security 2012 virus and google redirect. FixNCR.reg and iexplorer.exe stop it from running, Malwarebytes seems to find it and remove it, but it regenerates itself. One time it hid everything on my desktop (got that back). TDSSkiller found nothing. GMER runs but top 8 items in right hand column are greyed out and unselectable even when run as admin. Log posted for Services, Registtry, Files.

Please help, I really want to be rid of this damn thing. Thanks in advance.

David

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by David at 16:23:11 on 2011-12-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3758.1909 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Wi... Read more

A:Win 7 Internet Security and google redirect

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433433 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 7 answers
RELEVANCY SCORE 54.8

I have tried everything to remove the redirecting virus and it seems to be fine for a while then starts up again. Today I was infected with the AV Security 2012 and I thought my son got rid of it but then I notice the icon is still present in my start and all programs options.

I have follow the instructions in the Preparation Guide and am posting the logs here. Hope you can help me.

Thanks so much

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by user at 16:23:42 on 2011-11-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1182 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files\IObit\... Read more

A:Google Redirect and AV Security 2012

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

Read other 12 answers
RELEVANCY SCORE 54.8

Hello all, i have the same problem like this guy:I have been fighting a nasty bit of malware for more than a week now and am at a loss as to how to fix it. It started when I was surfing the web and noticed a redirect of a Google link. Thinking I hadn't clicked where I intended to, I went back and tried again and that time it worked. This happened a couple more times over the day (very intermittent). Then when I clicked on a Wikipedia link, I not only got redirected, all of a sudden I got an alert telling me that Security Shield had been successfully installed.I immediately closed all my windows and ran a deep virus scan. Nothing.But the Google redirects continue on an intermittent basis. Usually related to something with sales potential. "Laptop reviews" will usually redirect at least once, but "coat of arms" didn't.So something is still there. I've run more than 15 (yes, 15) different antivirus/malware scans. Sophos located and fixed "Mal/EncPK-ZC." GMER freezes and gives me a BSOD. No other program has found anything. Yet the redirects continue. So far, only in Google.This is not a particularly new computer, so I may simply start over. But if I can prolong its life a bit, that would be fab. Any advice is welcome. Preliminary log results are below. Thanks!I really have exactly the same problem. I checked everything. IP Settings , flushed the dns cache and used combofix and what not, really anything.I now followed your instruction... Read more

A:Google Redirect from Security Shield

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 3 answers
RELEVANCY SCORE 54.8

Hi,I am having trouble with my desktop, Window XP, SP3. It was first infected with AV security. I tried System Restore to one or two days ago. Didn't work that well, because at the same time, I have BSoD (0x7e). I could only entered safe mode if I pressed ESC to stop SPTD.sys (I do not have Daemon tools or alcohol). After I renamed sptd.sys and sptdxxx.sys, now I could start windows without BSoD. I used Malwarebytes to scan the computer and removed a few infections. I also used SuperAntiApyware and SpyBot to scan the computer and did a few more cleaning. But even with all these, I still found a few problems1. I cannot connect to windowsupdate.com (both firefox and IE)2. I get redirected when I search on google (I tried to search for anti-virus scan); somehow the first time I clicked on one of those links, it seems ok, I got to the right website (for example, AVG). But when I went back and click again, it started to redirect me to other websites (for example, AVG was redirected to stopzilla).3. when I connected to Pandasecurity and housecall.trendmicro.com, my firefox popped another tab "208.94.233.34 go.php" which I found very suspicious. Oh, and earlier when I found this redirection problem persists, I used malwarebytes to scan it again. It found Trojan.Dropper. But when I tried to delete it, the computer froze and I had to reboot it. But after that, I scanned it with malwarebytes and found nothing (the log attached).I also attached the log files from HijackTh... Read more

A:AV security, BSoD, google redirect

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

Hello, I could really use some assistance. Here's a brief synopsis: my Dell Latitude D620, running Windows XP, is currently infected with the XP Security Tool Virus, the Good Redirect Virus, and something called apntex.exe. There may be more.

Prior to the XP Security Tool Virus, I ran Malwarebytes but it found nothing. After continuing problems, I tried to run Malwarebytes again, but now it won't open, instead opening the XP Security Tool virus every time I try. This is even true in Safe Mode.

Prior to the infections, I had McAfee and Spybot S&D running (I have since removed Spybot in case it was conflicting with the McAfee search). I ran several McAfee scans. The first one turned up about 10-12 intstances of "svchost.exe" which it identified as a Trojan. They also note that something to the effect that it appears the system is trying to hide something and I should run Prescan or the scan in safe mode. I ran it in Safe Mode and it found nothing.

My HJT log follows. Thank you in advance for your assistance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:18 PM, on 4/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Co... Read more

A:XP Security Tool + Google Redirect + More

Read other 16 answers
RELEVANCY SCORE 54.4

Hi there, I so stupidly clicked on a scam link on my parents laptop and now my microsoft security essentials won?t open. Ive tried to enable it from the services dialogue box but it automatically reverts back to disabled. Im also getting redirected to random sites from google on IE and FF. Computer is running windows 7
DDS LOG:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Jim and Viv at 16:08:41.78 on 23/04/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.1982.1084 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:&... Read more

A:Google Redirect Securiity Essentials Cannot Open

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

Hello, when I right click -> open new tab a secondary tab opens with a website I did not ask for and/or a new window pops up with several tabs open with errors. I can not remember what the errors say at this moment.

I had a virus having to do with windows 7 anti-virus. I ran Malwarebytes as I usually do every couple of days (should I do this?) and it got rid of several infections.

I now have this window popping open deal, and rather than run Malwarebytes which didn't work this time as far as I know, I decided I'd come to bleepingcomputer and have the professionals help me.

Thank you!

A:Possible Google redirect, new windows/tabs open

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart th... Read more

Read other 9 answers
RELEVANCY SCORE 54.4

This has been a tricky hosts reload problem. I was able to solve it by going to: http://support.microsoft.com/kb/972034 and choose "fix it for me" all will be right in the world.

Read other answers
RELEVANCY SCORE 54.4

Earlier this week google started to redirect me to weird websites, I quickly used Malwarebytes in SAFE MODE to remove the problem, it said it removed 15 infected items, on Thursday Oct. 27 my computer won't run Firefox, Malwarebytes (not even in safe mode) pretty much any program, I would be really grateful if someone could help me with this issue.

A:Google started to redirect, now I can't open programs.

Hello, please do not run a Temp file or Registry cleaning tool now.This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.FixNCR.reginsert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computerPlease download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Read other 5 answers
RELEVANCY SCORE 54.4

Hi, I have some kind of redirect bug that pops open random ads (cosmetics, health, etc.) including the infamous "happili". I'm also wondering what else might be buried deep, since that one seems to have slipped through!(the best free software to protect myself in the future would be great, too!)I have an HP Pavilion a1220n desktop with Windows XP running service pack 3. It's a Pentium 4 with 2.93 Ghz, 504MB RAM, and ~200 GB HDD.I've run DDS and GMER, and am attaching the logs as instructed in the Prep Guide.I'm grateful for any help I can get Thanks![here is the DDS log:].DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31Run by HP_Owner at 19:44:57 on 2012-04-12Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.107 [GMT -7:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\SOUNDMAN.EXEC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\HP_Owner\My Documents\Webbles\Programs\TaskBar Shuffle&#... Read more

A:Infected with Google redirect (and random ads open)

Hello sclossick ! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems. Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.IMPORTANT NOTE: One or more of the identified infections is related to the rootkit ZeroAccess. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Wind... Read more

Read other 35 answers