Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Bunch of symptoms, redirecting google links, wins32 error

  • Please log in to reply
1 reply to this topic

#1 IceNHL


  • Members
  • 2 posts
  • Local time:09:54 AM

Posted 02 December 2010 - 11:42 PM


I am running on a Dell Latitude laptop and Windows XP Pro, SP3.

The following symptoms have popped up over the last couple of days. really hard to fully explain but all these random things have occured suddenly.
-Windows error in syncing date and time when booting up. Clock will not sync when attempting to do so when going into the date/time settings.
-A "Wins32 Services" error pops up every now and then. I apologize for not having the exact wording here as I never know when it comes up and do not know how to trigger it in order to find the wording.
-For no reason really, my scroll bars and main taskbar and task manager windows switch from their default XP blue to a gray taskbar that reminds me of Windows 95.
-Internet not working normally. Flash content and animated content especially is either a) not loading or B) taking forever to do so.
-A one time blue screen that simply said "hard error" came up and had to restart the machine. I have never seen it before until then. It was not the full blue screen of death as the 'hard error' was pretty much all it said.
-When i click on a google search link, no matter what i click i get redirected to an advertising site.
-Microsoft Security Essentials will not make it through a full scan.
-Couple of strange occurances with my IP address in relation to some subscription sites not functioning right suddenly because of my location when i have had those issues previously resolved.

I have run full scans on Malwarebytes and A quick scan with Microsfot Security Essentials and nothing has really changed. I have also run my hijackthis log through a couple of auto-analyzers. Nothing really standing out according to those.

Thanks for any help here and please let me know what additional info may be needed.


Edited by IceNHL, 02 December 2010 - 11:42 PM.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,613 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:54 AM

Posted 03 December 2010 - 08:28 AM

I have also run my hijackthis log through a couple of auto-analyzers. Nothing really standing out according to those.

HijackThis is an advanced enumerator (similar in some respects to a registry editor) that is used to display certain areas of the Windows registry where the majority of malware reside. HijackThis will scan these areas of your system and then create a log to help diagnose the presence of undetected malware in known hiding places. However, since HijackThis only scans certain areas of a computer's system/registry, a hijackthis log may not always show all the malware on your system. Most of the log entries are required to run a computer and removing essential ones can potentially cause serious damage such as loss of Internet connectivity or problems with your operating system which could preventing it from starting. Using HijackThis requires advanced knowledge about the Windows Operating System and relies on trained experts to interpret the log entries and investigate them in order to determine what needs to be fixed.

Online HijackThis analyzers work in a similar manner but rely on the user's ability to interpret the results and determine what needs to be fixed. However, they often provide misleading and/or questionable results. In my experience, they DO NOT always identify all the malware or all the files properly. They sometimes list legitimate files as bad and bad files as legitimate. They sometimes show entries with "file missing" as bad when that is not always the case. Although these sites are open to the public, the user needs to know what they are doing and how to research the displayed log entries before using the original HijackThis application to fix anything. If you do not have advanced knowledge about computers or training in malware investigation, you should NOT rely on the results of online analyzers or attempt to fix anything without consulting an expert. Doing so on your own and using HijackThis incorrectly could adversely impact your system.

Further, be aware that HijackThis only scans certain areas of a computer's system/registry to help diagnose the presence of undetected malware in known hiding places. Given the sophistication of malware hiding techniques used by attackers in today's environment, HijackThis is limited in its ability to detect infection and generate a report outside these known hiding places. This limitation has made its usefulness nearly obsolete since a HijackThis log cannot reveal all the malware residing on a computer. As such, HijackThis has been replaced by other preferred tools like DDS, RSIT and OTL which provide comprehensive logs with specific details about more areas of your computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.
-- Note: If you need to scan a usb flash drives or other removable drives not listed, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

Edited by quietman7, 03 December 2010 - 08:32 AM.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users