A foreign sounding man called me at home and said he was from Windows Care, calling about my freezing up problem. I have had this freezing up problem since early December. Didn't trust him but did a few things he said:

In RUN I typed eventvwr where he showed me the errors showing up.
In RUN I typed cmd then assoc where he proceeded to read me off my "my computer security number"...all but the last two numbers which I wouldn't read to him. He said he knew they were xx but I wouldn't tell him anything. He started getting mad so I told him to get lost.

My computer is freezing up and I am disturbed that he had my unlisted phone number.

I ran spybot (but I couldn't get to safe mode) but didn't know what was bad or not to remove. I did remove:
Freeze.com, GoForFiles, and Google Chrome from my add/remove programs.

After that I printed out and read instructions on this site.

I have downloaded Spybot, ERUNT, DDS Log, aswMBR, and hijackthis.

I sure would appreciate help in cleaning out my computer.
Thanks.
Michele

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 22:38:09 on 2012-12-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1496 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
mRun: [VTTrayp] VTtrayp.exe
mRun: [VTTimer] VTTimer.exe
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{41C246EC-EDEB-4581-8F34-6727F5A5B550} : DHCPNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-5 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-5 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-5 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-5 44808]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-12-22 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-12-22 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-12-22 168384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2009-4-2 27519]
.
=============== Created Last 30 ================
.
2012-12-22 16:23:57 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-12-22 16:23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-22 14:20:53 -------- d-----w- C:\tdsskiller
.
==================== Find3M ====================
.
2012-11-15 12:31:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-15 12:31:07 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-15 12:31:07 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
2009-01-21 16:14:40 9780224 -c--a-w- c:\program files\openofficeorg30.msi
2002-03-11 09:06:30 1822520 -c--a-w- c:\program files\instmsiw.exe
2002-03-11 08:45:04 1708856 -c--a-w- c:\program files\instmsia.exe
.
============= FINISH: 22:38:50.70 ===============

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-22 22:41:16
-----------------------------
22:41:16.937 OS Version: Windows 5.1.2600 Service Pack 3
22:41:16.937 Number of processors: 1 586 0x409
22:41:16.937 ComputerName: MICHELLE-3WVINT UserName: Owner
22:41:17.921 Initialize success
22:41:18.171 AVAST engine defs: 12122201
22:41:23.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:41:23.562 Disk 0 Vendor: WDC_WD1600AAJS-08B4A0 01.03A01 Size: 152627MB BusType: 3
22:41:23.609 Disk 0 MBR read successfully
22:41:23.625 Disk 0 MBR scan
22:41:23.625 Disk 0 Windows XP default MBR code
22:41:23.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
22:41:23.625 Disk 0 scanning sectors +312560640
22:41:23.687 Disk 0 scanning C:\WINDOWS\system32\drivers
22:41:32.015 Service scanning
22:41:43.375 Modules scanning
22:41:47.687 Disk 0 trace - called modules:
22:41:47.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:41:47.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d39ab8]
22:41:48.218 3 CLASSPNP.SYS[ba8e8fd7] -> nt!IofCallDriver -> \Device\00000068[0x89d7ff18]
22:41:48.218 5 ACPI.sys[ba77f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d45940]
22:41:48.640 AVAST engine scan C:\WINDOWS
22:41:55.921 AVAST engine scan C:\WINDOWS\system32
22:44:11.687 AVAST engine scan C:\WINDOWS\system32\drivers
22:44:27.390 AVAST engine scan C:\Documents and Settings\Owner
22:45:09.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
22:45:09.265 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Hi and :snwelcome: Michele2012 :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Please be adviced, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!!:bigthumb:

Thank you. I won't touch anything until instructed. I am not a computer whiz so please make instructions as detailed as possible. Michele

Hi michele2012, sorry for the delay.
First of all: Happy Holidays. :santa:

That phone call was a scam, you were right to tell him to get lost.
very good

Now, follow these steps

Please post Attach.txt, which you can find in the same location of DDS.txt

Next

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe). Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Next

AdwCleaner

Please download AdwCleaner (http://general-changelog-team.fr/en/tools/15-adwcleaner) by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

On your next reply please post :

Attach.txt
Security check report
AdwCleaner log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

Dear Robybel--I appreciate you taking the time to help me and your easy-to-follow instructions. Happy Holidays to you also. Following is what you asked for:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/2/2009 12:23:51 PM
System Uptime: 12/22/2012 7:57:36 PM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5VD2-MX SE
Processor: Intel(R) Celeron(R) CPU 2.80GHz | CPU 1 | 2800/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 26.318 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Motorola SM56 Speakerphone Modem
Device ID: PCI\VEN_1057&DEV_5608&SUBSYS_00001057&REV_00\3&267A616A&0&48
Manufacturer: Motorola Inc
Name: Motorola SM56 Speakerphone Modem
PNP Device ID: PCI\VEN_1057&DEV_5608&SUBSYS_00001057&REV_00\3&267A616A&0&48
Service: Modem
.
Class GUID:
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
RP258: 12/2/2012 3:22:05 PM - System Checkpoint
RP259: 12/5/2012 2:48:35 PM - System Checkpoint
RP260: 12/6/2012 8:00:42 PM - System Checkpoint
RP261: 12/10/2012 9:33:41 PM - System Checkpoint
RP262: 12/16/2012 1:50:24 PM - System Checkpoint
RP263: 12/22/2012 11:41:16 AM - Removed NetAssistant
RP264: 12/22/2012 11:57:07 AM - working on computer freeze up problem
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0)
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avant Browser (remove only)
avast! Free Antivirus
Belarc Advisor 7.2
Bonjour
CCleaner
CDBurnerXP
Cook'n Collection
Critical Update for Windows Media Player 11 (KB959772)
DVD Suite
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
InstaCodecs
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 37
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Access 2000 SR-1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Excel 2000 SR-1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2000 SR-1
MSXML 4.0 SP2 (KB954430)
neroxml
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.2
PDFKey Pro
Platform
PowerDVD
PowerProducer
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB979309)
Spybot - Search & Destroy
TaxCut Basic 2007
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
Xvid 1.2.1 final uninstall
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
12/22/2012 10:24:18 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
12/22/2012 10:24:18 AM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/18/2012 10:20:28 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/18/2012 10:20:24 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
Java(TM) 6 Update 20
Java(TM) 6 Update 37
Java(TM) 6 Update 7
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 10.1.0 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````



# AdwCleaner v2.103 - Logfile created 12/27/2012 at 11:02:50
# Updated 25/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - MICHELLE-3WVINT
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Owner\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Program Files\ConduitEngine

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D2083641-E57F-4EAB-BB85-0582424F4A29}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\clickpotatolitesa

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1710 octets] - [27/12/2012 11:02:50]

########## EOF - C:\AdwCleaner[S1].txt - [1770 octets] ##########

Hi Michele2012 ;)

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)

====================================================


Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://img.photobucket.com/albums/v706/ried7/RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


http://img.photobucket.com/albums/v706/ried7/cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

ComboFix 12-12-28.02 - Owner 12/28/2012 7:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1397 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\WINDOWS
c:\program files\Internet Explorer\SET1247.tmp
c:\program files\Internet Explorer\SET1248.tmp
c:\program files\Internet Explorer\SET1249.tmp
c:\program files\Internet Explorer\SET34.tmp
c:\program files\Internet Explorer\SET35.tmp
c:\program files\Internet Explorer\SET36.tmp
c:\windows\system32\SET1258.tmp
c:\windows\system32\SET1259.tmp
c:\windows\system32\SET125A.tmp
c:\windows\system32\SET125B.tmp
c:\windows\system32\SET125C.tmp
c:\windows\system32\SET125D.tmp
c:\windows\system32\SET125E.tmp
c:\windows\system32\SET125F.tmp
c:\windows\system32\SET1260.tmp
c:\windows\system32\SET1261.tmp
c:\windows\system32\SET1262.tmp
c:\windows\system32\SET1263.tmp
c:\windows\system32\SET1264.tmp
c:\windows\system32\SET1265.tmp
c:\windows\system32\SET1266.tmp
c:\windows\system32\SET1268.tmp
c:\windows\system32\SET1269.tmp
c:\windows\system32\SET126A.tmp
c:\windows\system32\SET126B.tmp
c:\windows\system32\SET126C.tmp
c:\windows\system32\SET126D.tmp
c:\windows\system32\SET126E.tmp
c:\windows\system32\SET126F.tmp
c:\windows\system32\SET1270.tmp
c:\windows\system32\SET1271.tmp
c:\windows\system32\SET1272.tmp
c:\windows\system32\SET1273.tmp
c:\windows\system32\SET1274.tmp
c:\windows\system32\SET1275.tmp
c:\windows\system32\SET1276.tmp
c:\windows\system32\SET1277.tmp
c:\windows\system32\SET1278.tmp
c:\windows\system32\SET1279.tmp
c:\windows\system32\SET12C2.tmp
c:\windows\system32\SET12C8.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET62.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET64.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SETAF.tmp
c:\windows\system32\SETB5.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))))
.
.
2012-12-22 17:54 . 2012-12-22 17:58 -------- d-----w- c:\program files\ERUNT
2012-12-22 16:23 . 2009-01-25 18:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-12-22 16:23 . 2012-12-22 16:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-22 14:20 . 2012-12-22 14:22 -------- d-----w- C:\tdsskiller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 12:31 . 2009-04-04 16:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-15 12:31 . 2012-11-15 12:31 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-15 12:31 . 2010-06-10 18:24 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 23:51 . 2012-04-06 00:30 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2012-04-06 00:30 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 23:51 . 2012-04-06 00:30 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2012-04-06 00:30 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2012-04-06 00:30 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 23:51 . 2012-04-06 00:30 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 23:51 . 2012-04-06 00:30 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2012-04-06 00:30 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 23:51 . 2010-08-24 23:40 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2012-04-06 00:29 227648 ----a-w- c:\windows\system32\aswBoot.exe
2009-01-21 16:14 . 2009-01-21 16:14 9780224 -c--a-w- c:\program files\openofficeorg30.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 -c--a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 -c--a-w- c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2009-04-03 163840]
"VTTimer"="VTTimer.exe" [2009-04-03 53248]
"SMSERIAL"="sm56hlpr.exe" [2003-06-19 548864]
"SkyTel"="SkyTel.EXE" [2009-04-03 2879488]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-21 274608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-03 16264192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/5/2012 6:30 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/5/2012 6:30 PM 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/5/2012 6:30 PM 21256]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [12/22/2012 10:23 AM 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [12/22/2012 10:24 AM 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [12/22/2012 10:24 AM 168384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [4/2/2009 11:31 AM 27519]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-10 23:50]
.
2012-12-22 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-12-22 20:08]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cdc3344bffabd8.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-15 13:07]
.
2012-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-1715567821-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2012-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-1715567821-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2012-12-21 c:\windows\Tasks\ReclaimerResumeInstall_Owner.job
- c:\documents and settings\Owner\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 19:56]
.
2012-12-22 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-12-22 20:07]
.
2012-12-22 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-12-22 20:07]
.
2012-12-28 c:\windows\Tasks\User_Feed_Synchronization-{AFD2C05C-E64F-4ADA-91AC-4F506764F063}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-28 07:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1708537768-1715567821-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-12-28 07:44:06
ComboFix-quarantined-files.txt 2012-12-28 13:44
.
Pre-Run: 28,281,712,640 bytes free
Post-Run: 33,183,825,920 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 729B13BBBD6836AB7B35CC7A872F1E92

Hi Michele2012

Please unistall your old java version, via Add/remove programs

Go to Start > Control Panel, double-click on Add or Remove Programs
Select the program you want to uninstall by clicking on it, and then click the Uninstall button.


Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean


Next

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/products/malwarebytes_free/) to your desktop.


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://whatthetech.com/ldtate/Images/MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.


Next

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://www.eset.com/online-scanner-popup/)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
Push the Back button.
Select Uninstall application on close check box and push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png


Please let me know how your machine is running now

On your next reply please post :

Malwarebytes log
Eset scan report

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

Java uninstall - Which ones should I delete? All of them:

Java(TM) 6 Update 20
Java(TM) 6 Update 37
Java(TM) 6 Update 7

It doesn't say which one is the latest.

Hello Robybel:

I haven't used the computer much since you were helping me and since right before that when I removed the following programs: GoForFiles, Google Chrome, Freeze.com. It used to hang up mainly when I was copying text from a website to Microsoft Word. It would hang up every time using Windows Internet Explorer and then when Avast downloaded Google Chrome I could copy from a website to Word with less errors. I am able now to copy from Explorer to Word, I think, I haven't tried it much. It did hang up on an application today, one that you had me download, TFC I think, because it said it was using it but I rebooted and then it worked.

Anyway, I ended up removing Java 7 and Java 20 and kept Java 37. Here is my Malwarebytes log but I forgot to save the Eset scan log but it had 0 infected files and 0 cleand files after a 50-minute scan.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.29.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: MICHELLE-3WVINT [administrator]

12/29/2012 8:12:49 AM
mbam-log-2012-12-29 (08-12-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240534
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hi Michele2012 ;)

Good job ;)

Updates and upgrades

Your java is out of date. Click your start button > Control Panel

Use the drop down menu beside view by and change it to small icons
locate java (looks like a coffee cup) in the list and click on it
when the java console opens click the update tab
Click update now


Next, clear the java cache

Double-click the Java icon in the control panel.
On the General tab, Click Settings under Temporary Internet Files.
On the Temporary Files Settings screen, Click Delete Files.
check all boxes
Click OK


Ok Michele2012, now, use your computer, and do the things you usually do very often, take a day of the time, later please let me know, how your computer is running, and if there are outstanding issues :)

Explorer update

Okay, I will set another restore point and update my Java. I didn't know what it was and seemed to have trouble whenever I update stuff so didn't.

Question: A lot of websites I go to tell me I need to update my Internet Explorer because they aren't going to handle it anymore. They even say I have Version 7. I have Version 8.0.6001.18720IC. But I have my automatic updates turned off because I never know what these updates are and what I need or not. Is that why I get these messages about the versions of my Internet Explorer?

Thanks. Michele

You don't mention this in your instructions...

When I go to clear the java cache, by going to Jave icon in Control Panel, General Tab, Settings...the Delete Files box is there but up top there is a check mark in Keep Temporary Files On My Computer. Should I uncheck this box and then click Delete Files? Or just click Delete Files with this checked?

Thanks.
Michele

Hi Michele2012 ;)


Question: A lot of websites I go to tell me I need to update my Internet Explorer because they aren't going to handle it anymore. They even say I have Version 7. I have Version 8.0.6001.18720IC. But I have my automatic updates turned off because I never know what these updates are and what I need or not. Is that why I get these messages about the versions of my Internet Explorer?
is very important to have the system constantly updated, so you avoid intrusion by malicious, which exploit the bug, on the systems not upgraded. :santa:

In addition, you must turn on automatic updates, because very often they are released critical updates. :santa:


When I go to clear the java cache, by going to Jave icon in Control Panel, General Tab, Settings...the Delete Files box is there but up top there is a check mark in Keep Temporary Files On My Computer. Should I uncheck this box and then click Delete Files? Or just click Delete Files with this checked? Yes, uncheck this box and then click Delete Files. ;)

Hi Robybel,

I turned on Updates and it installed 118, 2 of which fail to install (KB2656370 and KB2698023). Both say: A security issue has been identified that could allow an unauthorized remote attacker to compromise your system and gain control over it.

After going to Run, Eventvwr, there are 6 Application errors (4 msinstaller and 2 NativeWrapper) and 5 System errors (2 Windows Update Agent and 3 Service Control Manager).

Should I ignore all this and remove those two updates from installing? Because it keeps trying to install them every time I close down my computer.

Thanks. Michele

Hi Michele2012 ;)

Yes, You can decline, those updates. :bigthumb:

Please let me know, how your pc is running, and if there are any outstanding issues ;)

How my computer is running...well, I still get application hang when trying to copy from a website and paste to Word. Maybe it's just the website and the way it is set up because it only does it on half the websites and others are fine.

This morning I had 4 events where it hung up and wanted to send the error report to Microsoft, which I don't do any more since I finally did sent a report once and then got that call from the foreign sounding "Windows Care" man.

In eventvwr I had 3 application hangs in Applications and in System I had 1 DCOM error and 3 Service Control Manager errors.

Can you figure out what is causing this? When Avast download Google Chrome it didn't hang up copying (but I didn't like it so removed it).

Anyway, if nothing can be done about this in this thread, I want to thank you for helping me in making sure I am not infected. I appreciate you.

One last thing, can I remove Spybot? It is now in my tray and could be slowing me down. I don't know how to get it not to run at startup.

Hi Michele2012 ;)

Ok! Thanks for letting me know about your issues. we will come back to that :) don't let me forget ;)

Follow this step

Please download Windows Repair (all in one) from here (http://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio_setup.exe)

Install the program then run it

Go to step 2 and allow it to run Disk check

http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture3.gif

Once that is done then go to step 3 and allow it to run SFC

http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture.gif

On the the Start Repairs tab => Click the Start

http://i.imgur.com/7fthj.png

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure

When done, let me know

Don't close the thread. I haven't ran the Windows repair yet because I need my computer more than ever in the next week and then I will do it. I'm afraid it might cause a problem so I will do it in one week. Thanks.

Hi Michele2012 ;)

Ok :bigthumb: No problem. :greeting:

I got to step 3 and it wanted me to insert my windows home xp cd. I can't find it. It sat for years in the same spot and a few weeks ago I pulled it out and now can't find it. I'm going to have to clean my computer room and will get back with you as soon as possible.

Hi Michele2012 ;)

Please let me know: how you're making out.? :)

Still trying to find my Windows XP cd. It's so frustrating.

Hi Michele2012 ;)

Do not worry, I'm here. Find your Windows XP cd :bigthumb:

Hi Michele2012 ;)

Do not worry, I'm here. Find your Windows XP cd :bigthumb:


Robybel:
I give up. I cleaned every drawer, stack of paper, behind the bookcase where it used to be, no stone unturned in my computer room and cannot find that Windows disk. Go ahead and close out this thread and when I ever find it I will start a new thread. The only problem I am having now is the mouse is clicking too fast and a single click is acting like a double click. I had this problem before so will move back to another mouse that doesn't plug in the BUS and that takes care of that. Thanks for all your help. I can copy now from websites to Word. Only had an error once with something else that I can't remember. Michele

Hi Michele2012 ;)

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :) SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :)

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.


Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png

Unistall AdwCleaner

Double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with yes.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Adobe Update to the latest version

On your computer exist an old version of Adobe products:

Adobe reader


Please go to this page, http://www.adobe.com/downloads/updates/
In Find product updates, scroll down the menu until you find the product you want to update.
Select it and click go.
At this point you will be directed to the update page, scroll down until you Updates/Programs and select the latest version of the product.
It will be 'directed to the download page, and then click proceed to download and follow the instructions.
Follow these steps for all products that require upgrade.
MOST IMPORTANT: You Need to Update Windows and IE to get all the Latest Security Patches to protect your computer from the malware that is around on the internet.

Java is very easily exploited these days and it's a good idea to disable Java in the browser


http://www.techsupportforum.com/forums/f50...ers-683721.html

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:


NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)


2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html). **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)


5.SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
How Did I Get Infected In The First Place? (http://forums.whatthetech.com/So_how_did_I_get_infected_first_place_t57817.html) by TonyKlein
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)by miekiemoes
PC Safety and Security--What Do I Need? (http://www.techsupportforum.com/forums/f112/pc-safety-and-security-what-do-i-need-525915.html)

6. Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

7. WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Okay, don't close this thread out yet. I'm going to attempt to do all these things. First, I'm going to try to change my password that I use to log on to my computer and if I can't find the answer to that online I will be back with questions.

Thanks.

Boy that was scary. I changed the Administrator password and the Owner password and when I rebooted the computer froze at a certain point. Then I unplugged it from the wall and started over and now it works. I don't think I am going to try the part where you do it backing it up on a disc.

Okay....now I'm going to continue with your instructions.

Thanks.

I clicked START and RUN and typed Combofix / uninstall and it said:

A critical update is required. ComboFix shall now update itself. I clicked OK.

Then it said Avast is analyzing.... There was some mention of a file: ns7.tmp

Then it said: We didn't find enough evidence to identify the file as malware.

The file is: c:\32788R22FWJF/ieexplore.exe

I backed out of it.

Should I keep going???

Hi Michele2012

Yes, you can continue :bigthumb:

Hi Michele2012

Yes, you can continue :bigthumb:

Hello Robybel:
Okay, a couple of problems. I continued with uninstalling Combofix like you layed out here. I had to click the Avast continue button about 100 times. (I wonder why you didn't have me disable Avast.) And then Combofix scanned my computer again and created a log at c:\combofix.txt. Is it supposed to do this. I'm not sure it is uninstalled. There is still an icon on the desktop but I do not see it in add/remove programs. Where can I look to see if it remoed it? I don't see it in c:\programs but I do see the txt log at c:\combofix.txt.

Also, your link to remove Java doesn't work. Can you give me another link? I would really like to get rid of this because it seems to me that a lot of my problems began when I updated Java or installed Java. I kept having something pop up to update Java and I never did for about 6 months because I didn't know what it was. Then I decided to go ahead and it seems I had problems after this.

Thanks. I'll wait for these two answers.

Hello Robybel,
I'm continuing and doing some more things you said to do.

1. Making your Internet Explorer more secure:
Mine was set as suggested except mine doesn't have Navigate sub-frames across different domains (which you said set to Prompt), but mine says Navigate windows and frames across different domains and that is checked to disable. Is this ok?

2. Enable Protected Mode.
I don't have the line or the box to check for Enable Protected Mode. Looking on the internet it says that XP automatically has these set to Protected Mode.

3. Use and update an anti-virus software.
Is that what Avast is? If not, what would you recommend?

Probably a dumb question....but....Do the IE latest security patches come in the Windows Update?

Thanks.

Hi Michele2012 ;)


1. Making your Internet Explorer more secure:
Mine was set as suggested except mine doesn't have Navigate sub-frames across different domains (which you said set to Prompt), but mine says Navigate windows and frames across different domains and that is checked to disable. Is this ok?
Yes this is OK


2. Enable Protected Mode.
I don't have the line or the box to check for Enable Protected Mode. Looking on the internet it says that XP automatically has these set to Protected Mode.
Ok! This is a default functionality of Win XP, very good.


3. Use and update an anti-virus software.Is that what Avast is? If not, what would you recommend?Avast, is a good Antivirus.



Probably a dumb question....but....Do the IE latest security patches come in the Windows Update? Yes IE updates when Windows updates.:bigthumb:

Thanks for the last replies. Did you read my post above that one titled Two Problems? I've got two other questiions in there. Thanks.

Hi Michele2012 ;)

Sorry, I did not see your post


Okay, a couple of problems. I continued with uninstalling Combofix like you layed out here. I had to click the Avast continue button about 100 times. (I wonder why you didn't have me disable Avast.) And then Combofix scanned my computer again and created a log at c:\combofix.txt. Is it supposed to do this. I'm not sure it is uninstalled. There is still an icon on the desktop but I do not see it in add/remove programs. Where can I look to see if it remoed it? I don't see it in c:\programs but I do see the txt log at c:\combofix.txt.OK!

Try this

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)

then:


Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png



Also, your link to remove Java doesn't work. Can you give me another link? I would really like to get rid of this because it seems to me that a lot of my problems began when I updated Java or installed Java. I kept having something pop up to update Java and I never did for about 6 months because I didn't know what it was. Then I decided to go ahead and it seems I had problems after this. Java is very important. read the following article

http://www.techsupportforum.com/forums/f50/disable-java-in-browsers-683721.html#post4018821


For your mouse problem,

Set the speed

Click start > comtrol panel > mouse . On the Pointer options tab you can set the speed.

For double click/single click:
1.Click Start, and then click My Computer.
2.On the Tools menu, click Folder Options.
3.On the General tab, click Single-click to open an item (point to select), to enable or click the box to clear it to restore the double click function.

Then click OK.

Hello Robybel:
I guess I'm done except reading in depth 8. Spyware Prevention.

The Java icon didn't show up in my control panel to disable it so I went to add/remove programs and removed it altogether (I hope) and then deleted the folder in Program Files. If I find I need it for something I will download it again and see if it shows up in there and figure out how to disable it.

I guess I'm done. The computer seems to be working good. Thanks for all your great help.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread .