:helper

1. My Windows Firewall won't start. Windows won't/can't start the Windows Firewall/ICS service as it can't find one/some of the files (error 2)
2. My browser sometimes randomly opens a new tab/window to a random page
3. My Google search results are redirecting to random websites. When I click on one of the result links I get redirected to a different site more often than not.
4. Windows Update is failing with error 0x80072EFF

Over the last couple of days I have tried system restores and umpteen scans including Ad-Aware, SpyBot - Search & Destroy, SuperAntiSpyware and MalwareBytes Anti-Malware, plus Avast Antivirus. All are scanning clean (now) but the above problems remain.

Can someone please help as it's driving me seriously mental now? :headbange:headbange

Here's a couple of links showing similar symptoms to what you're experiencing. They list a couple of other removal tools which you might not have tried yet.

http://darfuns.com/remove-google-search-result-redirect-virus/

the above page was linked from this one......

http://www.computing.net/answers/security/google-search-page-redirecting-to-random-site/29486.html

Uninstall whatever firewall you have and install the PCTools one for now.

Use Opera browser it won't be hacked. You also need to run Spyware Doctor from Free Google Pack as that is aimed at Malware not just AV.

Then install something like http://www.browser-hijack.com/ to prevent your browser settings being changed.

None of this seems to be working :thumbsdown:

I'm seriously tempted to restore from scratch, even though my system (and thus restore CDs) are a few years old so even the Windows updates will take countless hours.

What's the best way to ensure I keep all my data though?

And I know you can reinstall Windows without having to splat everything but I want to make sure this malware infection is cleaned up once and for all.

If you know what it is you can manually uninstall it. When you get popups/site redirects .... search for where it is sending you, that'll give you a clue to what malware it is, then just find the manual uninstall instructions. Usually takes about 5 mins.

Have a look what HIJACK THIS throws out.

I've never used Hijack This nor do I understand what it throws out. I've seen several logs posted on forums but I have no idea what they're all about

Most of the stuff in Hijask This is obvious. If you remove something you shouldn't you can install it again. Put the log file on here so we can take a peak.

By the wat, have you used IE in NON-ADDON mode?

I am currently running a StopZilla mega-scan which is supposed to be quite helpful so I will see what that comes back with. It also seems there are a few expert forums around that are willing to help with these things. I have found some generic suggestions on a couple of those that I need to try yet.

What's non-addon mode? Not that I use IE anyway...

Well if you don't use IE then it's no use.... but it's in Accessories.... and allows you to run IE as it was in virgin mode. :hubbahubba:

Im having the exact same problem. Attached is my hijack this log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:14:07 PM, on 7/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\ComcastBackup\ComcastSecureBackupSharebackup.exe
C:\WINDOWS\system32\dldocoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton Security Suite\Engine\4.0.0.127\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Security Suite\Engine\4.0.0.127\ccSvcHst.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ComcastBackup\ComcastSecureBackupSharestat.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.0.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.0.0.127\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.0.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dldomon.exe] "C:\Program Files\Dell 968 AIO Printer\dldomon.exe"
O4 - HKLM\..\Run: [Dell 968 AIO Printer Fax Server] "C:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Secure Backup and Share Status.lnk = C:\Program Files\ComcastBackup\ComcastSecureBackupSharestat.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} (SFImageUpload1_10.ImageUpload) - http://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://producermail1.coloniallife.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261623938437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259066456406
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.ads-pipe.com/dwf/DwfViewerSetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 7
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 7
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 7
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 7
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 7
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\PROGRA~1\QlikView\QVPROT~1\Qvp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Comcast Secure Backup & Share Backup Service (ComcastSecureBackupSharebackup) - Secure Backup and Share - C:\Program Files\ComcastBackup\ComcastSecureBackupSharebackup.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - C:\WINDOWS\system32\dldocoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.0.0.127\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9149 bytes

You asked for it Keith .... :omg:

Nothing stands out in that Mat.... apart from Ad-Aware, and other like it are crap :thumbs

What's in your MSCONFIG/STARTUP?

What Processes are running?

Whatever it is, it'll show up in one of those two.

It's not my log!

Same answer though :biggrin: