asked on Stumped!
Network administrator here. This site has saved my bacon more times than I can count but this time im stumped. Ive ran Malwarebytes,Super antispyware,hyjack this,combo fix, cw shredder, checked host files, looked in system 32 for rouge files and been all through the regestry and cant find what is blocking these sites. Malwarebytes removes some rouge fake alert programs but it did not identify exactly what it was. Just a generic hit basically. Usually if it is identifyable I can search for manual removal instructions but no luck this time. Im thinking this is something new. Any help would be apreciated.
Anti-Virus AppsAnti-Spyware
Last Comment
technomic
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
3 computers, no domain, ive tried firefox and IE and both are being blocked from going to Windows update/spyware removal sites. all other webpages load no problem. this is my bosses home computers and he went weeks being infected. looks like geek squad gave it a shot with no luck. all in all they are in pretty decent shape except the websites being blocked somehow.
One other thing to try - if you have gotten this far (and you are not using Internet Explorer). You can uninstall completely the browser, and re-install, just check to see if you have a lot of bookmarks to backup.
I did this in a similar scenario as you have described, and uninstalled Firefox and Chrome. It fixed the issue in Firefox (I was being redirected to strange sites when searching on google, sometimes just dead pages), and left me with a problem opening attachments. I had to delete a registry entry that the Google Chrome Uninstall didn't hand back to I.E. and all worked perfectly.
I did this in a similar scenario as you have described, and uninstalled Firefox and Chrome. It fixed the issue in Firefox (I was being redirected to strange sites when searching on google, sometimes just dead pages), and left me with a problem opening attachments. I had to delete a registry entry that the Google Chrome Uninstall didn't hand back to I.E. and all worked perfectly.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER
System restore is hosed. It fails on any date i try. This is a easy setting somewhere I just know it but ive not got lucky yet. Ill wipe and reload if i must but id hate to for some obscure regestry entry or something. desktop is not hijacked or anything, no admin rites have been changed so I think its been disabled with this one issue being ellusive.
ASKER
ill add my hijack this log. maybe someone can see something I cant.
ASKER
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 5:31:12 PM, on 2/18/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\tasken
C:\Windows\system32\Dwm.ex
C:\Windows\System32\igfxpe
C:\Program Files\iTunes\iTunesHelper.
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.ex
C:\Windows\system32\igfxsr
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.e
C:\Windows\ehome\ehmsas.ex
C:\Windows\system32\wuaucl
C:\Windows\explorer.exe
C:\Windows\system32\wbem\u
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\Search
C:\Program Files\TrendMicro\HiJackThi
C:\Windows\system32\DllHos
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R0 - HKCU\Software\Microsoft\In
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-F
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.ex
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUP
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleTo
O16 - DPF: {8100D56A-5661-482C-BEE8-A
O16 - DPF: {E77F23EB-E7AB-4502-8F37-2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SAS
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\Google
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYS
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
End of file - 4977 bytes
Scan saved at 5:31:12 PM, on 2/18/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\tasken
C:\Windows\system32\Dwm.ex
C:\Windows\System32\igfxpe
C:\Program Files\iTunes\iTunesHelper.
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.ex
C:\Windows\system32\igfxsr
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.e
C:\Windows\ehome\ehmsas.ex
C:\Windows\system32\wuaucl
C:\Windows\explorer.exe
C:\Windows\system32\wbem\u
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\Search
C:\Program Files\TrendMicro\HiJackThi
C:\Windows\system32\DllHos
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R0 - HKCU\Software\Microsoft\In
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-F
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.ex
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUP
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleTo
O16 - DPF: {8100D56A-5661-482C-BEE8-A
O16 - DPF: {E77F23EB-E7AB-4502-8F37-2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SAS
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\Google
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYS
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
End of file - 4977 bytes
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
BTW thanks for the prompt help...
There is alway something new coming out like Kneber botnet is out and the news are all over the rss feeds today. I had a few systems with similar issues, I ended up reimaging them as it was just taking to long to address it and issues just kept coming back...
Have you tried MS Malicious Software removal tool ? You listed a few awesome spyware removal tools but did you run something like Symantec Antivirus ? Mcaffe has a tool called Stinger that might be helpful.
Are you running XP or Vista ? Vista will do the closest to true restore.
Have you tried MS Malicious Software removal tool ? You listed a few awesome spyware removal tools but did you run something like Symantec Antivirus ? Mcaffe has a tool called Stinger that might be helpful.
Are you running XP or Vista ? Vista will do the closest to true restore.
Never mind my comment on restore, didn't refresh my browser while others were posting...
Have you tried emptying out the temp files with utilities like ATF-Cleaner or CleanCache. Restore IE setting to default and reset the browser if you are using IE.
Also, take a look at the startup services to see if there is anything questionable Start > Run> msconfig
Have you tried emptying out the temp files with utilities like ATF-Cleaner or CleanCache. Restore IE setting to default and reset the browser if you are using IE.
Also, take a look at the startup services to see if there is anything questionable Start > Run> msconfig
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER
Running Vista, I think thats what im going to do. just bite the bullet and do a wipe and reload. What do you mean by Vista doing the closest restore? I was going to manually back all personal files to an external and just wipe and reload and replace. Is the an easer way with Vista? We are a total XP pro network at work so ive not had to dig into Vista too much yet other than disabling the securrity controll crap etc. for friends and employees.
XP does a restore but Vista actually rewrites evereything including data. Have you tried booting of the Vista disc to try and restore ?
ASKER
yeah, did all of that.
Well guys i really apreciate the help but i think ill just do the wipe instead of wasting anymore time. I sure would like to know how to fix this one though cause i know its going to come up again on the network.
Well guys i really apreciate the help but i think ill just do the wipe instead of wasting anymore time. I sure would like to know how to fix this one though cause i know its going to come up again on the network.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Getting data and reimaging was what I did a few times as it was just taking too long to eliminate the problem....
ASKER
No havent tried that yet. ill give it a shot.
might be worth it, shouldn't take too long before you find out. Take a look at this, might be helpful with the restore
http://vistaultimate.windowsreinstall.com/repairsystemrestore/repairsystemrestore.htm
http://vistaultimate.windowsreinstall.com/repairsystemrestore/repairsystemrestore.htm
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
but first have you tried a system restore to when it was working then re-run those programs.
start-all prgrams-accessories-system