Hi I am new.

Ive seen this problem in another post but mine is a bit different.

I received an older computer from a friend and many of the features were outdated so I began to install the appropriate updates (Service Packs, Automatic Updates, Internet Explorer 7, etc.) I also saw the version of McAfee Security Center was very outdated and so removed it before I began the installation of McAfee Total Protection 2009, however, I received an error and could not begin install. At this point I realized there was no Anti-Spyware/Anti-Virus software on the computer so I went on the internet to quickly download Windows Defender so I could buy some time before I fixed the McAfee installation problem.
That is when the Google redirects started, I found my way around and downloaded Windows Defender, but received errors when trying to update the definition files. Thats also when automatic updates stopped working and when I tried to manually download files from the Microsoft website the page simply would not load. Same with trying to download SpyBot S&D. Other sites unrelated to antivirus/spyware would load. The sound software on the computer also does not work. As well as the Window Theme periodically switching from the normal XP theme to the theme you would see as if you were in safe mode.

I tried many things including Fixwareout which stopped the redirects but none of the update/downloading problems, that was all before I discovered this site.


Sorry for long post, I really hope someone can help.
HJT log:

Ive seen this problem in another post but mine is a bit different.

I received an older computer from a friend and many of the features were outdated so I began to install the appropriate updates (Service Packs, Automatic Updates, Internet Explorer 7, etc.) I also saw the version of McAfee Security Center was very outdated and so removed it before I began the installation of McAfee Total Protection 2009, however, I received an error and could not begin install. At this point I realized there was no Anti-Spyware/Anti-Virus software on the computer so I went on the internet to quickly download Windows Defender so I could buy some time before I fixed the McAfee installation problem.
That is when the Google redirects started, I found my way around and downloaded Windows Defender, but received errors when trying to update the definition files. Thats also when automatic updates stopped working and when I tried to manually download files from the Microsoft website the page simply would not load. Same with trying to download SpyBot S&D. Other sites unrelated to antivirus/spyware would load. The sound software on the computer also does not work.

I tried many things including Fixwareout which stopped the redirects but none of the update/downloading problems, that was all before I discovered this site. Sorry for long post, I really hope someone can help.


HJT log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:36 AM, on 3/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe
C:\WINDOWS\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Satyam Infoway Limited
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABE3A1F4-12F8-45D7-9E22-8ECEF0CC0556}: NameServer = 85.255.112.146,85.255.112.76
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.146,85.255.112.76
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.98,85.255.112.137
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.146,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.146,85.255.112.76
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe

--
End of file - 4777 bytes

Hello. :)

Please download Malwarebytes' Anti-Malware by clicking the link below:
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* You'll be required to post the contents of this log later.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


==============================================


Ok. Let's have you download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review (copy and paste them, not attach), so that we may continue cleansing the system:

MBAM log
C:\ComboFix.txt
New HijackThis log

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

It seems my computer wont let me open Malwarebytes' Anti-Malware after I downloaded and installed it. I can open other programs but the computer does not do anything when I try to open this program.

Click on Start, click Run, and then type devmgmt.msc and click OK
On the View menu click on Show hidden devices
Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys
Highlight that driver and right click on it and select DISABLE
Now RESTART your computer.
Download a new copy of Malwarebytes (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) but DO NOT run it yet.
Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.
Once the program is installed go to the UPDATE tab and try to update the program if you can.
Then go to the SCANNER tab and run a FULL Scan and allow MBAM to fix anything found.


After that, proceed with ComboFix as per my previous post's instructions and post back with all three logs requested.

Hi Chiaz,

I am having the same issue as smurf42 with EXACTLY same symptoms but i am using Windows Vista Home Premium Edition and unable to find TDSSserv.sys in device manager.
I am running PC Cillin but since i got the spyware i am unable to update windows or antivirus software, also as smurf42 experienced same thing happened to me, unable to run Malwarebytes Antimalware software.
Any suggestions, please help i am struggling from last one week due to this, please advise if i should start a new thread for my problem instead.
I wasn't sure about that since smurf42 and i have same symptoms.
Thanks

Click on Start, click Run, and then type devmgmt.msc and click OK
On the View menu click on Show hidden devices
Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys
Highlight that driver and right click on it and select DISABLE
Now RESTART your computer.
Download a new copy of Malwarebytes (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) but DO NOT run it yet.
Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.
Once the program is installed go to the UPDATE tab and try to update the program if you can.
Then go to the SCANNER tab and run a FULL Scan and allow MBAM to fix anything found.


After that, proceed with ComboFix as per my previous post's instructions and post back with all three logs requested.

Yes, please do start a new thread so that we can keep things organized.