Windows Update - Page cannot be displayed

[macselite]

I've been having malware issues lately, and have performed numerous scans with different programs:

MalwareBytes (removed several threats)

Avira Antivir (found nothing)

Ad-aware (bad cookies)

Safety.live.com - found items but couldn't fix it

The popups (more like new tabs, as I had the popup blocker enabled) have stopped, and it seems to be running better, but the weird thing is I can't access Windows Updates. It just says "This page cannot be displayed".

Also, the yellow shield in the system tray shows up when you first boot up, but then it goes away, as if a program/registry entry has not loaded yet when that icon first loads, but then kicks it out when it does load up.

We did some searches, and found that we should just run HiJackThis and post the log for you smart guys to analyze.

So, here it is.

Thanks!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:43:46 PM, on 6/21/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\tbh\monitor\bin\tbhMonitor.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\Program Files\tbh\base\bin\tbhDaemon.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\tbh\base\bin\tbhSystray.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\STOPzilla!\STOPzilla.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\msiexec.exe

c:\WINDOWS\system\hpsysdrv.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop

R1 - HKCU\Software\Microsoft\WINDOWS\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - (no file)

O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java

[D-FRED-BROWN]

Hello macselite and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

I strongly suggest that you remove STOPZilla, as it has been known to provide false alerts, and otherwise poorly reputable behavior.

To remove it, please navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

STOPZilla

Then, reboot your computer.

-------------

I see in your log you have Viewpoint Manager installed.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval. It is known to be intrusive, but there is some possibility that it is now being used by those companies to give them information about your habits. I suggest you remove it.

Go to Start -> Control Panel, double-click on Add or Remove Programs

Search the list, and uninstall the following programs by clicking the Remove or Change/Remove button.

• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  
• Viewpoint Toolbar
  

Locate and delete this folder using Windows Explorer.(if present.)

C:\Program Files\Viewpoint<<<this folder.

Please reboot the computer.

-------------

I strongly recommend you remove Ask Toolbar from your computer because:

• It promotes its toolbars on sites targeted at kids.
  
• It promotes its toolbars through ads that appear to be part of other companies' sites.
  
• It promotes its toolbars through other companies' spyware.
  
• It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  
• It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  
• It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
  

To remove it, please follow the instructions found here.

-------------

Please do the following:

• Download DDS by sUBs from one of the following links. Save it to your Desktop.
  
  • DDS.com
    
  • DDS.scr
    
  • DDS.pif
    

  NOTE: Before scanning, make sure all other running programs are closed

  There shouldn't be any scheduled antivirus scans running while the scan is being performed.

  Do not use your computer for anything else during the scan.

  [*]Double click on the DDS icon, allow it to run.

  [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

  [*]Notepad will open with the results.

  [*]Follow the instructions that pop up for posting the results.

  [*]Close the program window, and delete the program from your Desktop.

-------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

• DDS logfile
  
• Security Check checkup.txt

How is your computer running now?

[D-FRED-BROWN]

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them.

If not, please let me know so I can close this topic.

-DFB

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!