View Full Version : Redirect on Yahoo search; not able to view Google
Thanks for this forum. Toward the end of June during a Firefox update pick up something which caused redirects during a yahoo search. First the search bar indicated that is was "overclick.com". Had norton protecting the computer at the time, it found nothing during scans. Have ran the following programs during the time since and each found different problem files but the problem still exists.
Avast
Malwarebytes
Super Anitspyware
ATF Cleaner
CCleaner
Spybot search & destroy
Avenger
Sophos Anti Rootkit
Now the search bar indicates that the redirect is "drivingfeed.com". Also, not able to pull up the Google Home page at all whether clicking on link to typing URL directly. Status bar indicates "done" but page is blank. Am able to get to Google pages by typing URL but some of the tools such as Keyword will not function. Two other compuers using the same internet connection are working perfectly; able to pull up Google and naviagate from their home page. Also search functions have no problems, no redirects at all.
Here is the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:43 AM, on 8/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Shared\winfsc\Program\FSCUpdateMGR.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 89.149.206.68 www.google.com
O1 - Hosts: 89.149.206.68 www.google.de
O1 - Hosts: 89.149.206.68 www.google.fr
O1 - Hosts: 89.149.206.68 www.google.co.uk
O1 - Hosts: 89.149.206.68 www.google.com.br
O1 - Hosts: 89.149.206.68 www.google.it
O1 - Hosts: 89.149.206.68 www.google.es
O1 - Hosts: 89.149.206.68 www.google.co.jp
O1 - Hosts: 89.149.206.68 www.google.com.mx
O1 - Hosts: 89.149.206.68 www.google.ca
O1 - Hosts: 89.149.206.68 www.google.com.au
O1 - Hosts: 89.149.206.68 www.google.nl
O1 - Hosts: 89.149.206.68 www.google.co.za
O1 - Hosts: 89.149.206.68 www.google.be
O1 - Hosts: 89.149.206.68 www.google.gr
O1 - Hosts: 89.149.206.68 www.google.at
O1 - Hosts: 89.149.206.68 www.google.se
O1 - Hosts: 89.149.206.68 www.google.ch
O1 - Hosts: 89.149.206.68 www.google.pt
O1 - Hosts: 89.149.206.68 www.google.dk
O1 - Hosts: 89.149.206.68 www.google.fi
O1 - Hosts: 89.149.206.68 www.google.ie
O1 - Hosts: 89.149.206.68 www.google.no
O1 - Hosts: 89.149.206.68 search.yahoo.com
O1 - Hosts: 89.149.206.68 us.search.yahoo.com
O1 - Hosts: 89.149.206.68 uk.search.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - S-1-5-18 Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: FSCUpdateMGR.lnk = C:\Shared\winfsc\Program\FSCUpdateMGR.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (User 'Default user')
O4 - .DEFAULT Startup: FSCUpdateMGR.lnk = C:\Shared\winfsc\Program\FSCUpdateMGR.exe (User 'Default user')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Startup: FSCUpdateMGR.lnk = C:\Shared\winfsc\Program\FSCUpdateMGR.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.billerweb.com
O15 - Trusted Zone: *.farmersinsurance.com
O15 - Trusted Zone: *.foremostfarmers.com
O15 - Trusted Zone: *.foremoststar.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {503D7C7B-2428-4E93-8F00-47A6ED8788B1} (cseUpload.ctlCSEUpload) - https://newbiz.cseagents.com/controls/cseUpload.CAB
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Update Service (gupdate1c9fa60bc40528a) (gupdate1c9fa60bc40528a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10326 bytes
Thanks in advance for any help.
Hi rab57
Download HostsXpert (http://www.funkytoad.com/download/HostsXpert.zip) and unzip it to your desktop.
Open HostsXpert that you earlier unzipped on your desktop
Click "Make Hosts Writable?" upper right corner (if available)
Click "Restore Microsoft's Original Hosts File" and then click OK
Close HostsXpert
Note; IF you used any custom Hosts (eg. MVPS Hosts), you will have put them back manually
After that:
Download at your desktop DDS from one of the links below:
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://www.forospyware.com/sUBs/dds)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finish it will open 2 reports.
Copy/paste both reports back here and remove DDS from your desktop.
Hi Shaba. Here are the logs you requested.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Rocky at 7:46:51.95 on Mon 08/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.52 [GMT -7:00]
AV: avast! antivirus 4.8.1335 [VPS 090816-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Shared\winfsc\Program\FSCUpdateMGR.exe
svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rocky\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [GoToMyPC] c:\program files\citrix\gotomypc\g2svc.exe -logon
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [EPSON Stylus C62 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\rocky\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\rocky\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\rocky\startm~1\programs\startup\fscupd~1.lnk - c:\shared\winfsc\program\FSCUpdateMGR.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: billerweb.com
Trusted Zone: farmersinsurance.com
Trusted Zone: foremostfarmers.com
Trusted Zone: foremoststar.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
DPF: {503D7C7B-2428-4E93-8F00-47A6ED8788B1} - hxxps://newbiz.cseagents.com/controls/cseUpload.CAB
DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab
DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37838.539849537
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-24 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-24 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-24 138680]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-7-24 1251720]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-24 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-24 352920]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S2 gupdate1c9fa60bc40528a;Google Update Service (gupdate1c9fa60bc40528a);c:\program files\google\update\GoogleUpdate.exe [2009-7-1 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1e.tmp --> c:\windows\system32\1E.tmp [?]
=============== Created Last 30 ================
2009-08-12 08:27 <DIR> --d----- c:\program files\Trend Micro
2009-08-12 05:41 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 05:40 655,872 -c------ c:\windows\system32\dllcache\mstscax.dll
2009-08-11 09:19 <DIR> --d----- c:\program files\Axon Data
2009-08-10 12:01 <DIR> --d----- c:\program files\JavaFX
2009-08-10 09:52 1,152 a------- c:\windows\system32\windrv.sys
2009-08-07 09:57 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-07 09:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-05 02:11 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 11:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\The Print Shop Business
2009-07-29 11:54 <DIR> --d----- c:\program files\The Print Shop Business
2009-07-27 11:41 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-07-27 11:41 21,504 a------- c:\windows\system32\hidserv.dll
2009-07-27 11:41 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-07-27 11:41 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-07-27 11:41 59,264 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-07-27 11:41 59,264 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-07-27 11:41 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-07-27 11:41 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-07-27 08:44 <DIR> --d----- c:\program files\Rosetta Stone
2009-07-27 08:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RosettaStoneLtdBackup
2009-07-27 08:19 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-07-27 08:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Rosetta Stone
==================== Find3M ====================
2009-08-10 12:00 410,984 a------- c:\windows\system32\deploytk.dll
2009-08-05 02:11 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 02:18 233,472 -------- c:\windows\system32\wmpdxm.dll
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 11:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 11:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 11:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 11:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 11:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 11:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 11:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 11:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 11:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 11:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 11:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 11:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-25 08:38 103,720 a------- c:\windows\java\GoToAssistDownloadHelper.exe
2009-06-22 04:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 04:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 04:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 04:48 91,776 a------- c:\windows\system32\drivers\mqac.sys
2009-06-16 07:55 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 07:55 82,432 -------- c:\windows\system32\fontsub.dll
2009-06-12 04:50 80,896 -------- c:\windows\system32\tlntsess.exe
2009-06-12 04:50 76,288 -------- c:\windows\system32\telnet.exe
2009-06-10 07:21 84,992 -------- c:\windows\system32\avifil32.dll
2009-06-09 23:32 132,096 -------- c:\windows\system32\wkssvc.dll
2009-06-05 00:42 655,872 -------- c:\windows\system32\mstscax.dll
2009-06-03 12:27 1,290,752 -------- c:\windows\system32\quartz.dll
2008-02-10 21:54 86,816 a------- c:\docume~1\rocky\applic~1\GDIPFONTCACHEV1.DAT
2005-09-21 11:23 28,672 a------- c:\documents and settings\rocky\atwbxdet.dll
============= FINISH: 7:47:19.55 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/5/2003 12:30:41 PM
System Uptime: 8/13/2009 8:00:28 AM (95 hours ago)
Motherboard: Dell Computer Corp. | | 0G0728
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2792/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 111 GiB total, 95.547 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 6/25/2009 8:23:37 AM - System Checkpoint
RP2: 6/25/2009 9:50:59 AM - Software Distribution Service 3.0
RP3: 6/25/2009 10:01:15 AM - Installed Windows Internet Explorer 8.
RP4: 6/25/2009 10:02:04 AM - Software Distribution Service 3.0
RP5: 6/25/2009 3:42:37 PM - Software Distribution Service 3.0
RP6: 6/26/2009 4:17:40 PM - System Checkpoint
RP7: 6/27/2009 5:15:57 PM - System Checkpoint
RP8: 6/28/2009 6:15:58 PM - System Checkpoint
RP9: 6/29/2009 7:15:59 PM - System Checkpoint
RP10: 6/30/2009 11:06:34 AM - Installed Java(TM) 6 Update 13
RP11: 7/1/2009 5:51:18 PM - System Checkpoint
RP12: 7/2/2009 6:30:12 PM - System Checkpoint
RP13: 7/3/2009 7:30:10 PM - System Checkpoint
RP14: 7/4/2009 8:30:10 PM - System Checkpoint
RP15: 7/5/2009 9:30:10 PM - System Checkpoint
RP16: 7/6/2009 10:30:12 PM - System Checkpoint
RP17: 7/7/2009 11:30:12 PM - System Checkpoint
RP18: 7/9/2009 12:30:12 AM - System Checkpoint
RP19: 7/10/2009 1:21:26 AM - System Checkpoint
RP20: 7/11/2009 2:17:02 AM - System Checkpoint
RP21: 7/12/2009 3:17:01 AM - System Checkpoint
RP22: 7/13/2009 4:17:01 AM - System Checkpoint
RP23: 7/14/2009 4:37:05 AM - System Checkpoint
RP24: 7/15/2009 3:00:18 AM - Software Distribution Service 3.0
RP25: 7/16/2009 3:37:06 AM - System Checkpoint
RP26: 7/17/2009 3:44:58 AM - System Checkpoint
RP27: 7/18/2009 4:44:58 AM - System Checkpoint
RP28: 7/19/2009 5:44:56 AM - System Checkpoint
RP29: 7/20/2009 6:44:56 AM - System Checkpoint
RP30: 7/21/2009 6:57:39 AM - System Checkpoint
RP31: 7/22/2009 11:26:30 AM - System Checkpoint
RP32: 7/23/2009 4:36:40 PM - System Checkpoint
RP33: 7/24/2009 5:18:28 PM - System Checkpoint
RP34: 7/25/2009 6:18:26 PM - System Checkpoint
RP35: 7/26/2009 7:18:26 PM - System Checkpoint
RP36: 7/27/2009 8:14:21 AM - Software Distribution Service 3.0
RP37: 7/27/2009 8:17:53 AM - Installed Rosetta Stone V3.
RP38: 7/27/2009 8:44:13 AM - Installed Rosetta Stone Version 3
RP39: 7/28/2009 12:19:00 PM - System Checkpoint
RP40: 7/29/2009 3:00:17 AM - Software Distribution Service 3.0
RP41: 7/30/2009 3:28:51 AM - System Checkpoint
RP42: 7/31/2009 4:28:51 AM - System Checkpoint
RP43: 8/1/2009 4:47:13 AM - System Checkpoint
RP44: 8/2/2009 5:47:11 AM - System Checkpoint
RP45: 8/3/2009 6:47:11 AM - System Checkpoint
RP46: 8/4/2009 8:30:25 AM - System Checkpoint
RP47: 8/5/2009 10:50:38 AM - System Checkpoint
RP48: 8/6/2009 12:05:59 PM - System Checkpoint
RP49: 8/7/2009 4:18:55 PM - System Checkpoint
RP50: 8/8/2009 4:30:20 PM - System Checkpoint
RP51: 8/9/2009 5:30:20 PM - System Checkpoint
RP52: 8/10/2009 11:56:36 AM - Installed Java(TM) SE Development Kit 6 Update 14
RP53: 8/10/2009 12:00:16 PM - Removed Java(TM) 6 Update 13
RP54: 8/10/2009 12:00:37 PM - Installed Java(TM) 6 Update 14
RP55: 8/10/2009 12:01:42 PM - Installed JavaFX(TM) 1.2 SDK
RP56: 8/11/2009 9:30:08 AM - Removed Java DB 10.4.2.1
RP57: 8/11/2009 9:31:01 AM - Removed Java(TM) 6 Update 14
RP58: 8/11/2009 9:32:05 AM - Removed Java(TM) SE Development Kit 6 Update 14
RP59: 8/11/2009 9:33:15 AM - Removed JavaFX(TM) 1.2 SDK
RP60: 8/12/2009 7:27:44 AM - Software Distribution Service 3.0
RP61: 8/13/2009 9:33:18 AM - System Checkpoint
RP62: 8/13/2009 12:34:29 PM - Software Distribution Service 3.0
RP63: 8/14/2009 4:19:00 PM - System Checkpoint
RP64: 8/15/2009 5:04:38 PM - System Checkpoint
RP65: 8/16/2009 6:04:38 PM - System Checkpoint
==== Installed Programs ======================
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.1.0
Adobe® Photoshop® Album Starter Edition 3.0
Array Management
AutoUpdate
avast! Antivirus
Avery Assistant for the Personal Label Printer
Avery DesignPro
AxCrypt (Remove Only)
Brother HL-5240
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
Dell ResourceCD
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Easy CD Creator 5 Basic
eFax Messenger
EPSON Printer Software
ERUNT 1.1j
FSC Forms by Lightpaper
FSC Rater - Bridge Client
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMyPC
H.264 Decoder
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Adapters and Drivers
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office XP Small Business
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
MyDVD
NVIDIA Windows 2000/XP Display Drivers
PowerDVD
QuickBooks 99
QuickTime
Residential Component Technology - Standalone
Rosetta Stone Version 3
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shockwave
Sophos Anti-Rootkit 1.5.0
SoundMAX
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
SuperCheck
Symantec KB-DocID:2003093015493306
The Print Shop Business - Business Cards Premier 3.0.0.0
Update for 2007 Microsoft Office System (KB967642)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
VLC media player 0.9.9
WebEx
WebFldrs XP
WildTangent GameChannel (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinFSC CSE California
WinFSC Workstation
WinRAR archiver
==== Event Viewer Messages From Past Week ========
8/13/2009 12:37:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3.
8/11/2009 7:30:11 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/10/2009 4:07:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SASKUTIL Tcpip
8/10/2009 4:07:43 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2009 4:07:43 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2009 4:07:43 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2009 4:07:43 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2009 4:06:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/10/2009 3:53:48 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer ROCKY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{44D6DD02-6F13-462C-B1E. The master browser is stopping or an election is being forced.
8/10/2009 12:06:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
8/10/2009 1:48:27 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
==== End Of File ===========================
Thank you for working on this.
rab57
Right-clickthis (http://www.mvps.org/winhelp2002/DelDomains.inf) and choose Save As (or "Save Target As") in order to download DelDomains.inf to your computer.
Right-click DelDomains.infand choose Install.
After that:
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Here they are Shaba.
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, August 17, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, August 17, 2009 17:23:46
Records in database: 2641619
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Objects scanned: 95054
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:35:07
File name / Threat / Threats count
C:\Documents and Settings\Rocky\My Documents\Downloads\spynomore244.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.a 1
C:\Documents and Settings\Rocky\My Documents\Downloads\spynomore244.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.b 1
Selected area has been scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:40 AM, on 8/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Shared\winfsc\Program\FSCUpdateMGR.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Rocky\Local Settings\Temp\jkos-Rocky\binaries\ScanningProcess.exe
C:\compass\Omnis7.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - S-1-5-18 Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: FSCUpdateMGR.lnk = C:\Shared\winfsc\Program\FSCUpdateMGR.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (User 'Default user')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: FSCUpdateMGR.lnk = C:\Shared\winfsc\Program\FSCUpdateMGR.exe (User 'Default user')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: FSCUpdateMGR.lnk = C:\Shared\winfsc\Program\FSCUpdateMGR.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {503D7C7B-2428-4E93-8F00-47A6ED8788B1} (cseUpload.ctlCSEUpload) - https://newbiz.cseagents.com/controls/cseUpload.CAB
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Update Service (gupdate1c9fa60bc40528a) (gupdate1c9fa60bc40528a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9311 bytes
Delete this:
C:\Documents and Settings\Rocky\My Documents\Downloads\spynomore244.exe
Empty Recycle Bin.
Still problems?
PROBLEM SOLVED!! Thanks so much Shaba! Wow, what a feeling to finally have this machine work right! Anything else that I need to do?
Good :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) Comodo (http://www.personalfirewall.comodo.com/download_firewall.html) (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Next we remove all used tools.
Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)
Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
Thanks Shaba. In process now of implementing your recomendations. Kudos to you and the rest of the volunteers on this site. I hope I never have to come back here again but its good to know that this site is here and that someone can get the help and advice they need.
Thanks again. You're the king! :crowned:
"something new has been added" :sad:
Shaba, I downloaded a new firewall and when the machine rebooted, there are no icons on the desktop! Rebooted again and same result. Was able to access IE by opening the windows task manager and navigating to IE. Haven't tested anything else or made any other changes.
Help!
Sorry to hear that. Which firewall you downloaded?
Do you have windows CD handy?
Before using windows CD, I have to ask that can you access start menu?
The only way I can access programs is through Windows Task Manager via ctrl-alt-del. There is no bar at the bottom of the screen so "start" does not show up. Is there a way to get to it with Windows Task Manager?
Please try next if desktop shows in safe mode next.
It does and "start" is visible and functioning.
Good.
Please uninstall Online Armor in safe mode and let me know if it helped.
Done and it did! Desktop back and icons working. Leave it to me to pick the firewall that wouldn't work on my machine.:red:
What should be the next step?
Glad to hear :)
Please then choose another firewall and let me know if it worked better.
Installed PC tools firewall plus. Rebooted, everything working great. Going through the rest of the list of things you said to do.
Just realized its very late where you are. Thank you for your time and helping me through this.
rab57
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.