AVG-Windows update failure [Closed]

Report
Posts
2
Registration date
Monday December 8, 2008
Status
Member
Last seen
December 9, 2008
-
 lll -
Hello,
I have got problem with updates ,I think there is new kind of virus type that effecting computor to browse Windows update-antivirus web page update even to open all other antivirus sites at the same time.
it is really a strange type.
I use AVG 8.0 free type addition and surely cannot update+open www.avg.com site to update +to browse any other latest antivirus sites to load latest antivirus editions downloads to solve my problem.
Please help how to solve it.

78 replies

Posts
169
Registration date
Sunday December 7, 2008
Status
Member
Last seen
March 25, 2011
83
The chances of this being a virus is low.
The chances of this being non-viral malware is extremely high.



Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en...HJTInstall.exe

Then post the contents of the HJT log here.

Also! this could also be a malware that has edited your host file. Meaning, whenever you look to surf antivirus or antispyware/malware websites, it redirects you to the address of your own internet port! Which is a pain in the butt!

So look at your "host" file, that is,
C:\windows\system32\drivers\etc\hosts. (hosts has no extention; it is just
"hosts".)

(Note, you may need to change windows explorer setting to allow seeing
system and hidden files.)

This file can be used to bypass a DNS server, effectively equating a web
address to a specific place. However, it can also be used to short-circuit
any website, pointing back to the local PC. That is a great way to block
advertsiements, but it could also be used to prevent access to specific
websites, like antivirus.

The minimum contents of a hostfile file is the one line below:

127.0.0.1 localhost

Other lines are optional.

For example, to block a webiste called www.ads.active.com", add a line like:

127.0.0.1 ads.active.com

Placing a "#" in column one of a line makes it a comment.
5
Thank you

A few words of thanks would be greatly appreciated. Add comment

CCM 3969 users have said thank you to us this month

Thank you once again for your help.
I try all you have written and explained.
But the result is the same.
Shall I download ''hijack this''?
The host file consists of 127.0.0.1 localhost only.
So what shall we do next?
I really appreciate your kind help.
Hi,

I have the same problem. My windows defender cannot update, nor can a manual windows update. AVG seems to update, but doesn't detect any errors. I tried to do the TrendMirco HouseCall, but it couldn't work - an error occurred right at the beginning. HijackThis ran normally the first time, then the second time it came up with an error and asked me to run it as administrator. I did this, and it presented the following log. Could someone help me identify the stuff I should remove? Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:07 PM, on 28/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\RUBEND~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c98f382744ce9d) (gupdate1c98f382744ce9d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Posts
169
Registration date
Sunday December 7, 2008
Status
Member
Last seen
March 25, 2011
83
I would definitely try to use HiJack this.
> afig13
Argh! I have this same exact thing... on 2 computers that are hard wired to a wireless router.

Blocks ALL update sites; windows, avg, anything. But allows for browsing no problem. The windows updater page redicts to a "page no found", everything else just gives some sort of "failed to connect" message.

I've run every virus and malware software known to man.... nothing fixes it. It has crippled my systems.
> Morphine
Morphine - where did you get Trojan Remover? Did you need to DL it on a non-infected PC first? I'm having the same symptoms....Spybot, SUPERAnti-Virus, AVG, et. al. have indicated presence of Virtumonde, smitfraud-c, and win32.sdBot.aad type viruses/malware....smitfraudfix seemed to wipe out Smitfraud-C, yet Virtumonde remains and the win32.sdDobt.aad showed up after smitfraud-c was removed.

Whatever is happening, it seems to block access to ANT site with the words anti-virus, security, removal, etc...as 'thecoat' stated above: "The malware is intercepting windows dns resolutions at the highest levels". Indeed...
> sheepdog
I got it from here: https://www.softpedia.com/get/Antivirus/Trojan-Remover.shtml

Both my PCs were infected, so I loaded it up on both, then just ran it.
> Morphine
cheers for the troganremover it sorted my issues out
> Morphine
ty all for the help TR did the job
I have this same virus...this is the first site I've found that has an idea of whats going on....
I took the lazy way out, backed up important data, scanned it on my Gentoo system, reformated and reinstalled, no problems from the files I backed up yet. Reformats always work. Just wish I didn't have to.

God forbid I ever run into one of these pests who have the nerve to create said malware, they'll find out just why I bothered to get a concealed carry permit.

Though my suspicions lay around the idea that a lot of people profit from malware and fixing it. Tis why I only ever use freeware period. Nobody should ever pay for antivirus software. Ever.

Of course, there is the random fat greasy pimply 30 year old boy living in his mother's basement trying to get revenge at the world because he is a fail.
Just some technical info on this issue, working on my girl friends computer atm and she's having this issue. Name resolution is being intercepted in some way. Windows TCP/IP name resolution goes through several steps the first is to check the local systems dns cache. The second is that it checks the hosts file. I added www.agv.com with the correct address in the hosts file. The address still resolved as 127.0.0.1 (localhost). I then did an ipconfig /flushdns which should flush the dns cache on the local machine. This also did not work and www.avg.com still resolved as 127.0.0.1.

ipconfig /displaydns listed only two common correct entries in the dns cache.

This malware is intercepting windows dns resolution at the highest levels. It is not messing with the windows dns cache or the hosts file as is typically the case with hijacks.

This does most likely mean that there is an actively executing program doing the hijack, or a replaced library to which a program is making calls.. most likely the former. I'll post a solution if I find one.
Thanks to this forum, I could solve that invasion on my laptop, what I would call the Update Blocker Super Rootkit Virus. Like Dav the culprit for me seems to be:
gaoopdxklowrct.sys" and the Reg key was "HKLM\SYSTEM\CURRENT CONTROL SET\ Services\gaopdxserv.sys" .

Trojan Remover cleared it and I"m crossing my fingers that this Rootkit (named officially TDss.A I think) won"t reappear.

In the meantime, Mr. Coat (or somebody else here), since you seem more technically savvy, could you explain how this can occur: What network layer is compromised when this happens ? What is the mechanism at play and how can we disable it by ourselves (without resorting to Antivirus products)? Thanks, A. R.
Hi Thecoat,

Do you have any update on this?

I have the exactly same problems recently. My AVG virus database stands as March 14 2009. No updates were successful ever since. Can't do Windows update either.

The scary thing is that I noticed that this malware (or whatever it might be) was first reported around Dec 2008. Between now and then I had performed many virus database updates and I still have it in my computer! I always have my Windows up to date and my Antivirus and Firewall are fully loaded and operational. I don't go to dodgy websites either. How this thing got into my computer was beyond me. From the threads I can tell it affects many security-minded people with good surfing habits too. Isn't it scary?! Microsoft don't seem to do anything about it either.

Your help is much appreciated.

Ferdinko
I have also encountered this problem and the Trojan Remover solved it.

thanks for this thread.
Mine started with spoofs telling me my machine needed virus protection and some crazy pop-up every 1-2mins. Then the error message forcing me to shut down. I tried getting updates from all the (AV) sites with no luck. Blank no connection or error message was all I could get. I ran (AVG anti-rootkit) and that paved the way for me to go get all the updates. Ran (microtrend housecall), (malwarebytes-anti-malware), and (spybot). Got the latest (AVG 8.0)
Trojan Remover worked for me, too. Thanks Morphine. I don't know why that link worked when other wouldn't, maybe because the AV is buried in the link through google?

For those that missed it, the link is:
https://www.softpedia.com/get/Antivirus/Trojan-Remover.shtml

Just click it and hit the first download button and run the program.
my computer has also been blocked for over a week now.

windows update blocked

antivirus update blocked

fix it pages and HIJACK fixes all blocked.

Even SYSTEM RESTORE is blocked!

the HP tools I burned onto a CD that is supposed to boot the computer is also blocked.


this is a MAJOR issue. if you get it, you will understand. I never dreamed that I'd be crippled to this extent.
It seems that the problem gets worse with every attempted fix.

it starts out with a HIJACKED browser ... search results on yahoo or google are redirected to websites that are related to the search, but not what I selected ... basically SPAM

i've tried 5 browsers: Opera Maxtor IE Safari and FIREFOX .... all browsers were the latest edition. ALL browsers are affected.

i tried to back up my data files ... even purchased a new portable hard drive ... but the backup process is interrupted and shuts down every time.
i was able to back up in small sizes by avoiding the spots that cause a hang up ... but this type of backup is not exactly reliable ... 20 backups of bits and pieces.

something is seriously screwy.

if you don't have it, you're darn lucky. this is the first problem that I've been unable to solve in years.
> Morphine
I have the same problem. I've ran all the apps you listed, but no ability to update. I've downloaded, AVS, CA, and several other antivirus programs and the end result is no updating and I can't access the www. Removed the programs and can now access the www, but still no updating. After uninstall, I checked and found in the device manager under non plug & play drivers the driver...." AVG Free8 Network Re Director X64". Unstalled it, rebooted and it was still there. Used Avenger to remove it and that worked; however, I still can't update or interface with the servers on sites I contact..."error parsing'" Looked at hosts and under localhost 127.0.0.1 was ::1

I was unable to remove the ::1

Suspect this may be the problem, but I can't remove it.

Have no idea where I got this PIA, but will try almost anything to get rid of it. Any suggestions?
> Morphine
I have the same problem. I've ran all the apps you listed, but no ability to update. I've downloaded, AVS, CA, and several other antivirus programs and the end result is no updating and I can't access the www. Removed the programs and can now access the www, but still no updating. After uninstall, I checked and found in the device manager under non plug & play drivers the driver...." AVG Free8 Network Re Director X64". Unstalled it, rebooted and it was still there. Used Avenger to remove it and that worked; however, I still can't update or interface with the servers on sites I contact..."error parsing'" Looked at hosts and under localhost 127.0.0.1 was ::1

I was unable to remove the ::1

Suspect this may be the problem, but I can't remove it.

Have no idea where I got this PIA, but will try almost anything to get rid of it. Any suggestions?
Ferdinko
Posts
6
Registration date
Sunday March 22, 2009
Status
Member
Last seen
May 10, 2009
> Morphine
Hi Morphine,

I tried Trojan Remover first as it seemed to work for many people but it did not work for me. It was the SUPERAntiSpyware that did the trick! Thanks a lot! Thanks also go to the guys in SUPERAntiSpyware. You are brilliant!!

My AVG virus database was last updated on March 12, 2009 before I had this nasty thing. Obviously I was unable to update my AVG after March 12. However this bug was first reported several months ago, in as early as Nov 2008. Between then and now I had done many virus definition updates from AVG. That means AVG8, with the Anti-Spyware built-in, was unable to detect this bug which seems to be widespread and has caused huge damages. Microsoft had not done anything about it either. Isn't it unsettling?

For those who want to download SUPERAntiSpyware you need to go to sites other than SUPERAntiSpyware's own site as it may be blocked. Following is the link I used. You may not be able to update the definition either. Just use it straight out of the "box" and it worked for me.

https://filehippo.com/download_superantispyware/

Once again thanks heaps Morphine and also many others who have provided helpful comments. I am fortunate to have found this website and have the problem solved which had almost crippled my system.
> Morphine
Trojan remover worked for me too! thanks a lot Morphine

I agee. I just came across this situation my self and I just graduated with a degree in computer technology. This the newest, critical computer virus on the internet now. Please email me if u have any ?s about fixing this problem.

keionl.bryant@gmail.com
I have it too. Not sure how I got it as we don't visit suspicious sites. Hijacked the browser and then blocks all anti-virus sites. If you get hijacked then disconnect form internet at once.
I got whatever this thing is after 12/26, since that's my last symantec update. I now have it blocked. Lots of sites reference the hosts file, but that's clearly something different, this is clearly much more difficult.

I ran a few antivirus scans in normal and safe mode, and it cleaned a few files, but the DNS hijack still exists. I'm glad to see other people talking about this, and today!. This is a PIA to get rid of. I'm going to try the list of applications you listed one at a time and see what I can do to eliminate the DNS hijack. The quick test will be to go to the dos prompt (run-->CMD) and try to ping www.symantec.com or whatever, if it pings to 127.0.0.1, the problem is not solved. I'll keep you updated.
This appears to be some kind of Trojan / Rootkit thing. Pretty much out of nowhere, my computer suddenly showed a number of symptons: an Internet Explorer window opened up (by itself: I don't use it) and tried to get me to click on something about spyware removal.

Then Windows Firewall and Windows Update were disabled (Windows Security Centre notified me), and I started getting messages that my computer would shutdown in 60 seconds because of a crash in the Generic Host Process (if this happens to you, click on Start / Run and enter shutdown -a to cancel the shutdown).

I also couldn't access antivirus sites such as trendmicro.com, symantec.com or f-secure.com. These sites did *not* appear in the windows/system32/devices/etc folder as they do with other infections.

I rebooted to safe mode (not necessarily a good idea) and scanned with AVG and spybot. I did a whole lot of manual fooling around before finding this site and following the advice above to use Trojan Remover:

https://download.cnet.com/s/security-antispyware/windows/?tag=404

(thanks!)

You might also try Sophos Anti-Rootkit
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

And you may also want to run:

- AVG Free
https://www.avg.com/fr-fr/free-antivirus-download

- Spybot Search & Destroy
http://www.safernetworking.de

and throw in some other spyware removers if you like.

If you don't have these programs and your browser won't let you access them, try:
- searching on a reputable download site such as tucows.com, download.com or softpedia.com
- accessing through a web proxy of your choice (I used hidemyass.com)
- getting someone else to download them for you...

Good luck

A
Trojan Remover seems to have worked. I tried Morphine's list, some of the sites wouldn't open or the programs wouldn't start just like all the security programs I had already.
Now I can upgrade again. This is TR's log:

***** THE SYSTEM HAS BEEN RESTARTED *****
03/01/2009 14.25.03: Trojan Remover has been restarted
----------
Cleaning up TDSS keys/files:
HKLM\SOFTWARE\TDSS - key (and subkeys) deleted
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata - key (and subkeys) deleted
C:\WINDOWS\system32\TDSSoipa.dll - deleted
C:\WINDOWS\system32\TDSSmupe.dat - deleted
C:\WINDOWS\system32\TDSSirxy.dll - deleted
C:\WINDOWS\system32\TDSSyavu.dll - deleted
C:\WINDOWS\system32\TDSSncur.dll - deleted
C:\WINDOWS\system32\TDSSqxnr.dll - deleted
C:\WINDOWS\system32\TDSSwgod.log - deleted
----------
=======================================================
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSmhoe.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSmhoe.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys - removed
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv) - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys) - already removed (or did not exist)
=======================================================
03/01/2009 14.25.03: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2559. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14.16.05 03 gen 2009
Using Database v7248
Operating System: Windows XP SP3 [Windows XP Professional Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Raf\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Raf\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************************

The regfile\shell\open\command Registry Key appears to have been modified.
The current Registry entry is: "regedit.exe" "%1".
This entry calls the following file:
C:\WINDOWS\regedit.exe
Trojan Remover has restored the Registry regfile\shell\open key.
--------------------

************************************************************
14.16.20: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
14.16.20: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
14.16.20: ----- SCANNING FOR ROOTKIT SERVICES -----
Hidden Service Keyname: TDSSserv.sys
C:\WINDOWS\system32\drivers\TDSSmhoe.sys appears to contain: BACKDOOR.TDSS
C:\WINDOWS\system32\drivers\TDSSmhoe.sys - file backed up to C:\WINDOWS\system32\drivers\TDSSmhoe.sys.vir
C:\WINDOWS\system32\drivers\TDSSmhoe.sys - file has been erased using RAW erasure

************************************************************
14.16.46: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 16/01/2007
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 04/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 04/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IMJPMIG8.1
Value Data: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
208952 bytes
Created: 18/01/2008
Modified: 16/01/2007
Company: Microsoft Corporation
--------------------
Value Name: PHIME2002ASync
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 18/01/2008
Modified: 03/08/2004
Company: Microsoft Corporation
--------------------
Value Name: PHIME2002A
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 18/01/2008
Modified: 03/08/2004
Company: Microsoft Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
-R- 135168 bytes
Created: 18/01/2008
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
13574144 bytes
Created: 05/12/2007
Modified: 07/10/2008
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1630208 bytes
Created: 05/12/2007
Modified: 07/10/2008
Company: NVIDIA Corporation
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1261336 bytes
Created: 04/07/2008
Modified: 27/11/2008
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 05/12/2007
Modified: 07/10/2008
Company: NVIDIA Corporation
--------------------
Value Name: BluetoothAuthenticationAgent
Value Data: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
C:\WINDOWS\system32\bthprops.cpl
110592 bytes
Created: 04/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1231752 bytes
Created: 03/01/2009
Modified: 01/01/2009
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created: 17/01/2008
Modified: 17/01/2008
Company: DT Soft Ltd
--------------------
Value Name: NVIDIA nTune
Value Data: "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
81920 bytes
Created: 04/09/2007
Modified: 04/09/2007
Company: NVIDIA
--------------------
Value Name: CTZDetec.exe
Value Data: C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
368640 bytes
Created: 22/01/2008
Modified: 24/04/2008
Company: Creative Technology Ltd.
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty

************************************************************
14.16.47: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
14.16.47: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
14.16.47: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
220672 bytes
Created: 04/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------

************************************************************
14.16.47: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
14.16.47: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BthServ
Path: %SystemRoot%\System32\bthserv.dll
C:\WINDOWS\System32\bthserv.dll
30208 bytes
Created: 04/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
14.16.48: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ASPI
ImagePath: \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
C:\WINDOWS\System32\DRIVERS\ASPI32.sys
16512 bytes
Created: 07/03/2008
Modified: 17/07/2002
Company: Adaptec
----------
Key: atksgt
ImagePath: system32\DRIVERS\atksgt.sys
C:\WINDOWS\system32\DRIVERS\atksgt.sys
278728 bytes
Created: 22/12/2008
Modified: 22/12/2008
Company: [no info]
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
875288 bytes
Created: 04/07/2008
Modified: 30/08/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
231704 bytes
Created: 04/07/2008
Modified: 30/08/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
97928 bytes
Created: 23/05/2008
Modified: 30/08/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
26824 bytes
Created: 18/01/2008
Modified: 04/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
76040 bytes
Created: 23/05/2008
Modified: 04/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: BlueletAudio
ImagePath: system32\DRIVERS\blueletaudio.sys
C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [file not found to scan]
----------
Key: BlueletSCOAudio
ImagePath: system32\DRIVERS\BlueletSCOAudio.sys
C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [file not found to scan]
----------
Key: Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
229376 bytes
Created: 28/02/2006
Modified: 28/02/2006
Company: Apple Computer, Inc.
----------
Key: BT
ImagePath: system32\DRIVERS\btnetdrv.sys
C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [file not found to scan]
----------
Key: Btcsrusb
ImagePath: System32\Drivers\btcusb.sys
C:\WINDOWS\System32\Drivers\btcusb.sys [file not found to scan]
----------
Key: BthEnum
ImagePath: system32\DRIVERS\BthEnum.sys
C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17024 bytes
Created: 12/12/2008
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: BTHidEnum
ImagePath: System32\Drivers\vbtenum.sys
C:\WINDOWS\System32\Drivers\vbtenum.sys [file not found to scan]
----------
Key: BTHidMgr
ImagePath: System32\Drivers\BTHidMgr.sys
C:\WINDOWS\System32\Drivers\BTHidMgr.sys [file not found to scan]
----------
Key: BTHMODEM
ImagePath: system32\DRIVERS\bthmodem.sys
C:\WINDOWS\system32\DRIVERS\bthmodem.sys
37888 bytes
Created: 12/12/2008
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: BthPan
ImagePath: system32\DRIVERS\bthpan.sys
C:\WINDOWS\system32\DRIVERS\bthpan.sys
101120 bytes
Created: 12/12/2008
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: BTHPORT
ImagePath: System32\Drivers\BTHport.sys
C:\WINDOWS\System32\Drivers\BTHport.sys
273024 bytes
Created: 12/12/2008
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: BTHUSB
ImagePath: System32\Drivers\BTHUSB.sys
C:\WINDOWS\System32\Drivers\BTHUSB.sys
18944 bytes
Created: 12/12/2008
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: CLEDX
ImagePath: system32\DRIVERS\cledx.sys
C:\WINDOWS\system32\DRIVERS\cledx.sys
33792 bytes
Created: 16/03/2008
Modified: 09/05/2005
Company: Team H2O
----------
Key: CTDevice_Srv
ImagePath: C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
61440 bytes
Created: 02/04/2007
Modified: 02/04/2007
Company: Creative Technology Ltd
----------
Key: dmxfire
ImagePath: system32\drivers\dmx6fire.sys
C:\WINDOWS\system32\drivers\dmx6fire.sys
148724 bytes
Created: 29/08/2003
Modified: 29/08/2003
Company: Terratec Electronic GmbH
----------
Key: dmxsens
ImagePath: system32\drivers\dmxsens.sys
C:\WINDOWS\system32\drivers\dmxsens.sys
403968 bytes
Created: 22/07/2003
Modified: 22/07/2003
Company: Sensaura Ltd
----------
Key: EagleNT
ImagePath: \??\C:\WINDOWS\system32\drivers\EagleNT.sys
C:\WINDOWS\system32\drivers\EagleNT.sys [file not found to scan]
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
655624 bytes
Created: 18/01/2008
Modified: 19/11/2008
Company: Acresso Software Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
-R- 5672032 bytes
Created: 18/01/2008
Modified: 13/01/2007
Company: Intel Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005
Modified: 14/11/2005
Company: Macrovision Corporation
----------
Key: irsir
ImagePath: system32\DRIVERS\irsir.sys
C:\WINDOWS\system32\DRIVERS\irsir.sys
18688 bytes
Created: 18/01/2008
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: lirsgt
ImagePath: system32\DRIVERS\lirsgt.sys
C:\WINDOWS\system32\DRIVERS\lirsgt.sys
25416 bytes
Created: 22/12/2008
Modified: 22/12/2008
Company: [no info]
----------
Key: mcdbus
ImagePath: system32\DRIVERS\mcdbus.sys
C:\WINDOWS\system32\DRIVERS\mcdbus.sys [file not found to scan]
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
382248 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Nero AG
----------
Key: nocashio
ImagePath: system32\drivers\nocashio.sys
C:\WINDOWS\system32\drivers\nocashio.sys
4096 bytes
Created: 12/05/2008
Modified: 12/05/2008
Company: [no info]
----------
Key: nTuneService
ImagePath: C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
131072 bytes
Created: 04/09/2007
Modified: 04/09/2007
Company: NVIDIA
----------
Key: NVR0Dev
ImagePath: \??\C:\WINDOWS\nvoclock.sys
C:\WINDOWS\nvoclock.sys
29696 bytes
Created: 04/09/2007
Modified: 04/09/2007
Company: NVidia Corp.
----------
Key: pcouffin
ImagePath: System32\Drivers\pcouffin.sys
C:\WINDOWS\System32\Drivers\pcouffin.sys
47360 bytes
Created: 27/11/2008
Modified: 27/11/2008
Company: VSO Software
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
66872 bytes
Created: 20/01/2008
Modified: 21/11/2008
Company: [no info]
----------
Key: RFCOMM
ImagePath: system32\DRIVERS\rfcomm.sys
C:\WINDOWS\system32\DRIVERS\rfcomm.sys
59136 bytes
Created: 12/12/2008
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: RivaTuner32
ImagePath: \??\C:\Program Files\RivaTuner v2.20\RivaTuner32.sys
C:\Program Files\RivaTuner v2.20\RivaTuner32.sys
9088 bytes
Created: 19/11/2008
Modified: 19/11/2008
Company: [no info]
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: sr
ImagePath: \SystemRoot\system32\DRIVERS\sr.sys
C:\WINDOWS\system32\DRIVERS\sr.sys
73472 bytes
Created: 18/01/2008
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{9C06143E-7556-458C-95F3-F86B10C31391}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 04/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: trutil
ImagePath: \??\C:\DOCUME~1\Raf\LOCALS~1\Temp\trutil.sys - this file is a Trojan Remover component
----------
Key: UnlockerDriver5
ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys
C:\Program Files\Unlocker\UnlockerDriver5.sys
4096 bytes
Created: 07/09/2006
Modified: 07/09/2006
Company: [no info]
----------
Key: usbsermpt
ImagePath: system32\DRIVERS\usbsermpt.sys
C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
22768 bytes
Created: 21/05/2008
Modified: 21/05/2008
Company: Microsoft Corporation
----------
Key: Useless
ImagePath: \??\C:\Kaizoku_Script\KEngine\Dll\Useless.sys
C:\Kaizoku_Script\KEngine\Dll\Useless.sys [file not found to scan]
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98840 bytes
Created: 07/11/2007
Modified: 07/11/2007
Company: Microsoft Corporation
----------
Key: VComm
ImagePath: system32\DRIVERS\VComm.sys
C:\WINDOWS\system32\DRIVERS\VComm.sys [file not found to scan]
----------
Key: VcommMgr
ImagePath: System32\Drivers\VcommMgr.sys
C:\WINDOWS\System32\Drivers\VcommMgr.sys [file not found to scan]
----------
Key: VirtualFD
ImagePath: \??\D:\Accumulator\vfd21-080206\vfd.sys
D:\Accumulator\vfd21-080206\vfd.sys [file not found to scan]
----------
Key: WMConnectCDS
ImagePath: C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
855552 bytes
Created: 18/01/2008
Modified: 06/10/2005
Company: Microsoft Corporation
----------
Key: {DEF85C80-216A-43ab-AF70-1665EDBE2780}
ImagePath: \??\C:\WINDOWS\TEMP\60.tmp
C:\WINDOWS\TEMP\60.tmp [file not found to scan]
----------

************************************************************
14.16.53: Scanning -----VXD ENTRIES-----

************************************************************
14.16.53: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
-R- 204800 bytes
Created: 18/01/2008
Modified: 13/01/2007
Company: Intel Corporation
----------

************************************************************
14.16.53: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Adobe.Acrobat.ContextMenu
CLSID: {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
Path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
677504 bytes
Created: 22/10/2006
Modified: 22/10/2006
Company: Adobe Systems Inc.
----------
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
99608 bytes
Created: 04/07/2008
Modified: 04/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: PowerISO
CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
Path: C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL
208896 bytes
Created: 20/01/2008
Modified: 20/01/2008
Company: PowerISO Computing, Inc.
----------
Key: TagRename_ContextMenu
CLSID: {7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}
Path: C:\PROGRA~1\TAGREN~1\TRshell.dll
C:\PROGRA~1\TAGREN~1\TRshell.dll
144640 bytes
Created: 15/02/2008
Modified: 05/12/2007
Company: Softpointer Inc
----------

************************************************************
14.16.53: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {7A5117B0-B594-4DA8-829D-D15BF11996F2}
File: C:\Program Files\DAEMON Tools Lite\awxDTools.dll
C:\Program Files\DAEMON Tools Lite\awxDTools.dll
151552 bytes
Created: 18/01/2008
Modified: 27/03/2006
Company: arniWORX
----------
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
357888 bytes
Created: 28/08/2008
Modified: 28/08/2008
Company: Sun Microsystems, Inc.
----------

************************************************************
14.16.53: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006
Modified: 22/10/2006
Company: Adobe Systems Incorporated
----------
Key: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}
BHO: C:\Program Files\Winamp Toolbar\winamptb.dll
C:\Program Files\Winamp Toolbar\winamptb.dll
1267040 bytes
Created: 19/03/2008
Modified: 19/03/2008
Company: AOL LLC.
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll - file is excluded from scanning [SPYBOT S&D file]
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 10/11/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
----------
Key: {AE7CD045-E861-484f-8273-0445EE161910}
BHO: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
321120 bytes
Created: 22/10/2006
Modified: 22/10/2006
Company: Adobe Systems Incorporated
----------

************************************************************
14.16.54: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
14.16.54: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
14.16.54: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
14.16.54: Scanning ----- APPINIT_DLLS -----
The HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key appears to be locked
AppInitDLLs entry = [avgrsstx.dll]
File: avgrsstx.dll
C:\WINDOWS\system32\avgrsstx.dll
10520 bytes
Created: 23/05/2008
Modified: 04/07/2008
Company: AVG Technologies CZ, s.r.o.
----------

************************************************************
14.16.54: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
14.16.54: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 18/01/2008
Modified: 18/01/2008
Company: [no info]
--------------------
C:\Program Files\TerraTec\DMX 6fire\DMX6Fire.exe
335872 bytes
Created: 18/01/2008
Modified: 29/08/2003
Company: TerraTec Electronic GmbH
DMX 6fire 2496 ControlPanel.lnk - links to C:\Program Files\TerraTec\DMX 6fire\DMX6Fire.exe
--------------------

************************************************************
14.16.55: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Raf
[C:\Documents and Settings\Raf\START MENU\PROGRAMS\STARTUP]
The Startup Group for Raf attempts to load the following file(s):
C:\Documents and Settings\Raf\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008
Modified: 18/01/2008
Company: [no info]
----------

************************************************************
14.16.55: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************************
14.16.55: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
14.16.55: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
1 TDSS rootkit driver(s) heuristically detected
No specific TDSS rootkit drivers could be located - no action taken
-----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Raf\Application Data\IrfanView\IrfanView_Wallpaper.bmp
C:\Documents and Settings\Raf\Application Data\IrfanView\IrfanView_Wallpaper.bmp
3888054 bytes
Created: 18/01/2008
Modified: 01/01/2009
Company: [no info]
----------
Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\Bliss.bmp
C:\WINDOWS\web\wallpaper\Bliss.bmp
1440054 bytes
Created: 18/01/2008
Modified: 18/01/2008
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
14.17.05: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[15 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[74 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[41 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[59 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[68 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[45 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[140 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[36 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[44 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
[151 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[60 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgtray.exe - file already scanned
[49 loaded modules in total]
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
[35 loaded modules in total]
--------------------
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[58 loaded modules in total]
--------------------
C:\WINDOWS\system32\rundll32.exe
[38 loaded modules in total]
--------------------
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[38 loaded modules in total]
--------------------
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe - file already scanned
[29 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe - file already scanned
[38 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[35 loaded modules in total]
--------------------
C:\WINDOWS\system32\CTsvcCDA.exe
[22 loaded modules in total]
--------------------
C:\Program Files\Creative\Shared Files\CTDevSrv.exe - file already scanned
[22 loaded modules in total]
--------------------
C:\WINDOWS\system32\nvsvc32.exe
[40 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[44 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
[27 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe - file already scanned
[66 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[34 loaded modules in total]
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
[86 loaded modules in total]
--------------------
C:\Documents and Settings\Raf\Application Data\Simply Super Software\Trojan Remover\qri5E.exe
FileSize: 2913144
[This is a Trojan Remover component]
[65 loaded modules in total]
--------------------

************************************************************
14.17.39: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
14.17.39: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
14.17.39: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
14.17.39: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\Raf\LOCALS~1\Temp\etilqs_xCq1O2fXEr6pAmeLBAkT appears to be in-use/locked
************************************************************
14.17.51: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
************************************************************
14.17.51: Scanning ------ ROOT DIRECTORY ------

************************************************************
14.17.51: ------ Scan for other files to remove ------
No malware-related files found to remove

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=73960D15C3CC4942B0C871380AA65EA0{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=73960D15C3CC4942B0C871380AA65EA0{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 14.17.51 03 gen 2009
Total Scan time: 00.01.45
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
03/01/2009 14.17.57: restart commenced
************************************************************
Trojan Remover did the trick! Been having this issue for about 24 hours now, ran 2 anti-virus and 3 anti-spyware with no luck. Run Trojan Remover!!

THANKS MORPHINE!!!!
It worked for me too!
Glad it helped! If you have any trouble downloading the software, search for mirrors sites... like "Spysubtract mirror" Most have other sites where you can download the EXE, and they are not blocked.

Happy virus-free 2009!
> morphine
Thanks for the info Morphine! I used Trojan Remover first and that did the trick! Happy New Year!
sourya_4
Posts
4
Registration date
Thursday February 12, 2009
Status
Member
Last seen
February 13, 2009
> morphine
hi mate,,,,,i hav d same prob...not abl to open anti-v sites or update avg.....i uninstalled avg n downloaded 'ur' trojandwnldr as proposed. I started d scan when it displayed dat avg is running....proceed with scan? I scanned but my probz still der torturing me. I searched for every single avg file n dltd but still same msg.....pls help me as u did it 4 many


in seach of help

an amateur techfella
Trojan Remover worked! I can now access AVG.com, including updates, etc. Thanks a ton.

I also ran AVG (without the update) and Malwarebytes Anti-Malware. They both found lots of stuff, but didn't get rid of the DNS blocks.
WOW! I thought I was the only one with this problem! Thanks for helping morphine that did the trick! I noticed that I could use a proxy to get to AVG to update but it still didn't work but this sure did thanks a bunch!
Morphine!!!! THANK YOU SO MUCH. Your link to the trojan removal did the trick. I've been dealing with this for a week and have tried EVERYTHING! Thanks for the tip.

I just used the TR at your first link and everything seems to be running fine. I was able to update my AVG. But I didn't use the other step you mentioned in your later post:
1) SmitFraudFix (normal)
2) SmitFraudFix (safe mode)
2) Spy Subtract
3) SuperAnti Spyware
4) Avira AntiSpywhere
5) Trojan Remover

Do I need to do steps 1-4?
Thanks a lot guys!!!! im now updating my avg. Thanks morphine.
Thanks for everything... Thats a nasty infection and one which I never want to see again! Does anyone have any more info on what it is or how it has got on to all these pcs? I for one know I havent been using dodgy sites and still got it??? please let me know if there is any info on what this is as it took me ages to get rid of!

Cheers
I have (had) it too. Thanks to morphine for the List.
The first thing I noticed when it started to work again was the toolbar accross the top of the google page appeared again !!
Had the same problem after updating on or around xmas... It's all malware dude. I tried all the internet gimmicks - None worked. Solution was simple: Scan your computer with an antivirus which support spyware, spam, rootkit etc.. (i used AVG security Center); then use (Malwarebytes' Anti-Malware) - it found about 30 malware on my machine. Erase malware found... Restart your computer!!! bang bang - my updates worked again... Note: Keep a working antivirus/spyware/spamware software which is updated regularly... WORKS
I tried three different anti-virus and two anti-spyware, but none of them could fix it. Trojan Remover did the magic, and it seems to be back to normal. Thanks for all your help, Morphine!
This virus was the worst...I slowed down a fcked up my computer.. Thankfully I was able to surf the web to find valuable information like this to kill it... Good job Fellas
> LILO
Issues I had with friends machine....(I know they are cheap bastards, Maybe one day just maybe they will send the folks helpin 'em out some cake, hope diz chiznit don't effect my networks)!!!

Fresh install XP Home on 8-28-2008 with SP3 and AVG7.5. And it begins, glad they kicked down for some media cuz dis sucka would not boot and the OEM disks did not exist as usual, don't get me started on the office suite). I love M$FT but the L-users on the other hand...Such are the days of my life. Installed Adobe flash, reader and shockwave (did I forget some of their poo?), Java, QuickTime, Fire Fox, the necessary dung. Also, the lovely QuickBooks poo. Along the way someone installed MBAM ,a program I recommend but also when the problem started according to my buddy (I had no knowledge of this one for real, everyone is searching goog to fix they pcs before calling a tek). Also I-Tunes (with all the ipoo; bonjour, apple updater, ipood service...blah blah), viewpoint manager, seriously not much else, but obviously searched a lot of pron. Really a pretty fckin clean install??? Supposedly the teens are out now and this will not happen again...

6pm Sun 3-8-2009:
Made successful backup of data to DVD. Tried multiple AV and malware programs (uninstall non-updating AVG & MBAM, retry, Avast, Spy-bot S&D, Ad-aware) with latest updates from flash drive, unsuccessful on any kind of update at this point, MBAM will not even run (damn I loved this prog for last 6months, removed lotsa poo for me and saved at least half a dozen comps for friends of mine)

9pm:
after unsuccessful attempts at removing issue tried "Trojan Remover 6.7.6" from ran then reboot. Upon reboot no boot record found, ran recovery console from disk and fixmbr and fixboot. Successful reboot but no view log opens for tr6.76? AVG successfully updates and this is a windows fresh load with XPSP3 and IE7 and almost all updates. This was a gnarly one. No more windows update redirect or anti-virus/malware led searches astray?

10:30pm 3-8-2209:
Thanks for the link and the info. This almost equals my average 5 minute job at work which only takes about 4 hours regularly!!! ( I do take care of COPS on a daily basis, thus the L-users comment cuz they are the most "special" of all!) Sometimes it is just faster to reload the whole darn winderz.......... Be back soon
> slednecktek
Hey.
i seem to be having the same sort of problems that have been discribed in this forum. this is the second time that I have had these symtoms before and with the help of this forum managed to get rid of it. but now its back and everything that I have tried previously no longer works.

some the symtoms that are new this second time round.

Itunes will not update or connect to the servers to collect info from CDs in the way that it normaly would if it were connected to the internet.
No program anti virus, malware or any other will update.
Having bought a game throungh miniclip there is no connection to the miniclip serves to register my purchase.

i have tryed all kinds of anti malware most mentioned in this forum but nothing has worked.
SAS found a Trojan but after deleteing it there was no change.

all my internet browsers work with no problems.

Any ideas? im willing to try nything short of reinstallin windows atm.
I have the same prob I try trojan remover but it says com is clean and I can not go to malwarebytes web, cannot update windows xp, cannot update pc tools internet security helllllllllllpppppppppppppppppppp I had this prob for like 4 days and its making me mad!
> Spud
Yeah, I'm having these problems too... brand new install, windows XP Home SP... 2, I think... currently got SpyBot S&D, Conficker detector (because I was told that conficker might be the culprit), Trojan Remover trial... tried the MTU fix, the OpenDNS fix, the Trojan Remover fix, and still no micros*** site or antivirus sites (except Spybot and certain links to Trojan Remover)

Really don't know what's up here, but judging by the search I've been doing all day, lots of peeps are having the same problems, worldwide. Might be something new, methinks. Either that, or a global DNS cockup... who knows?
> JamieTheD
Interesting... one point of interest is that nearly all owners of nForce Network Controllers seem to solve the problem by rebooting into safe mode, trying to uninstall the controller, then rebooting. It's *currently* working now, although from the reports I've noted, the problem might come back...

...but the *most* interesting thing is that it worked even though I didn't *actually* uninstall the driver! I tried, but it told me I couldn't... wonder if just rebooting in safe mode then rebooting normally might work?

PS - that''s safe mode, no networking, btw.
1 2 3 4