[bubbu]

Details as follows:

When using Google (haven't seen with other search engines), the search result links redirect (or jump) you to other sites (not the site you requested). I am getting popus to unrelated sites...even when I am not surfing the web. They just open on the desktop. My CPU is maxed out at 100% constantly, so my system is running very slow. Here is what I have done in an attempt to fix:

Run Adaware - removed all tracking cookies. Log file is enclosed in the attached file
Ran McAfee with updated definitions - no viruses found or removed

I attempted to run the programs you requested on your website...here is what I was able to do:
Downloaded and ran ATF Cleaner
Did a System Restore
Downloaded AVG Anti-spyware and ran in safemode. Although it ran and found some infections, it did not create a report. I went under infections and put what it found and where on the attached file. If you need additional info, let me know what you need.

Downloaded and ran SuperAntiSpyware HE. Log is enclosed in the attached file.
Downloaded Panda Activescan, however, the update errors off EVERY time I attempt to run it. I have tried multiple times with restarts. No joy.
I did not run the AVG Anti Virus scan as I have McAfee installed and have run it.

I am running Windows XP with SP2 installed. I have reboot the computer a number of times with the same problems.
Attached is the Hijackthis log...

I am at your mercy....

Attached Files

•  aaaggghhhhh.txt   107.06KB   109 downloads

[Advertisements]

OK this looks fun - lets clear you up

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {00FC4D72-DBC3-47D9-8469-1F800ADE2084} - c:\windows\system32\autodiscs.dll
O2 - BHO: (no name) - {F393BFC2-B666-4D26-BF7D-71C49A330FEE} - C:\WINDOWS\system32\dnsapig.dll
O4 - HKLM\..\Run: [g8w75pspcv] C:\WINDOWS\system32\g8w75pspcv.exe
O4 - HKCU\..\Run: [g8w75pspcv] C:\WINDOWS\system32\g8w75pspcv.exe
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O20 - Winlogon Notify: zjprmxoj - C:\WINDOWS\SYSTEM32\autodiscs.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


THEN

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\system32\g8w75pspcv.exe
  c:\windows\system32\autodiscs.dll
  C:\WINDOWS\system32\dnsapig.dll
  C:\WINDOWS\system32\msiconf.exe
  Purity

• Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

logs required : OTMoveit and Combofix

EDIT : OTMoveit programme instruction change

Edited by Essexboy, 05 April 2008 - 07:41 AM.

[Essexboy]

OK this looks fun - lets clear you up

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {00FC4D72-DBC3-47D9-8469-1F800ADE2084} - c:\windows\system32\autodiscs.dll
O2 - BHO: (no name) - {F393BFC2-B666-4D26-BF7D-71C49A330FEE} - C:\WINDOWS\system32\dnsapig.dll
O4 - HKLM\..\Run: [g8w75pspcv] C:\WINDOWS\system32\g8w75pspcv.exe
O4 - HKCU\..\Run: [g8w75pspcv] C:\WINDOWS\system32\g8w75pspcv.exe
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O20 - Winlogon Notify: zjprmxoj - C:\WINDOWS\SYSTEM32\autodiscs.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


THEN

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\system32\g8w75pspcv.exe
  c:\windows\system32\autodiscs.dll
  C:\WINDOWS\system32\dnsapig.dll
  C:\WINDOWS\system32\msiconf.exe
  Purity

• Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

logs required : OTMoveit and Combofix

EDIT : OTMoveit programme instruction change

Edited by Essexboy, 05 April 2008 - 07:41 AM.

[bubbu]

Thanks for the assist Essexboy...sorry for the delay, on travel for a couple of days.

I read your reply and had a couple of hiccups.

What I did: First, re-opened HiJackThis and ran a scan...checked entries you asked and clicked Fix Checked. All peachy!

I downloaded OTMoveit2.exe and ran it. On the OTMoveIt2 instructions, you asked me to copy the file paths to the clipboard and to paste it under the "Yellow Bar". then click the Moveit button and paste the resutls from the "green" window on the next reply...see attached.

Here is where the fun began. I disabled all my virus protection and antimalware programs and turned off my firewall. I closed all open windows and ran Combo fix. My icons on the desktop blanked, came back online, then a blue box opened on the desktop (nothing in the box, just blue...not the blue screen of death)...the box closed and that was it...nothing else happened. I waited about 1/2 hour...when nothing happened, I ran it again...same results...

Any ideas?

Attached Files

•  aaaggghhh2.txt   479bytes   87 downloads

[Essexboy]

Ok 'till I figure out Combofix - I will go the manual route

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

• Close ALL OTHER PROGRAMS.
• Open the OTScanit folder and double-click on OTScanit.exe to start the program.
• Check the box that says Scan All User Accounts
• Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
• Under Additional Scans check the following:
  • Reg - BotCheck
  • File - Additional Folder Scans
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[bubbu]

As requested....  OTScanIt.Txt   216.94KB   106 downloads

[Essexboy]

Found a few bits there - so lets clear them and then check out your registry for waifs and strays

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
YN -> ~EmptyValue -> []
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {F393BFC2-B666-4D26-BF7D-71C49A330FEE} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dnsapig.dll [Reg Error: Value  does not exist or could not be read.]
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\g8w75pspcv.exe -> C:\WINDOWS\system32\g8w75pspcv.exe [C:\WINDOWS\system32\g8w75pspcv.exe:*:Disabled:g8w75pspcv]
[Files/Folders - Created Within 90 days]
NY -> drzzscwo.dat -> %SystemRoot%\System32\drivers\drzzscwo.dat
NY -> chunzvvl.dat -> %SystemRoot%\System32\chunzvvl.dat
NY -> diaeakgh.dat -> %SystemRoot%\System32\diaeakgh.dat
NY -> dnsapig.dll -> %SystemRoot%\System32\dnsapig.dll
NY -> kemwkpjz.dat -> %SystemRoot%\System32\kemwkpjz.dat
NY -> tmjgbdkq.dat -> %SystemRoot%\System32\tmjgbdkq.dat
NY -> ttncvxzv.dat -> %SystemRoot%\System32\ttncvxzv.dat
NY -> wvlkdcmw.dat -> %SystemRoot%\System32\wvlkdcmw.dat
NY -> bwUnin-8.1.1.50-8876480SL.exe -> %SystemRoot%\bwUnin-8.1.1.50-8876480SL.exe
[Files/Folders - Modified Within 90 days]
NY -> drzzscwo.dat -> %SystemRoot%\System32\drivers\drzzscwo.dat
NY -> chunzvvl.dat -> %SystemRoot%\System32\chunzvvl.dat
NY -> diaeakgh.dat -> %SystemRoot%\System32\diaeakgh.dat
NY -> kemwkpjz.dat -> %SystemRoot%\System32\kemwkpjz.dat
NY -> tmjgbdkq.dat -> %SystemRoot%\System32\tmjgbdkq.dat
NY -> ttncvxzv.dat -> %SystemRoot%\System32\ttncvxzv.dat
NY -> wvlkdcmw.dat -> %SystemRoot%\System32\wvlkdcmw.dat
NY -> IadHide5.dll -> C:\Documents and Settings\Julie & Chris\Local Settings\Temp\IadHide5.dll
NY -> mpegc.dll -> C:\Documents and Settings\Julie & Chris\Local Settings\Temp\mpegc.dll
NY -> 1442 C:\Documents and Settings\Julie & Chris\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Julie & Chris\Local Settings\Temp\*.tmp
NY -> 1442 C:\Documents and Settings\Julie & Chris\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Julie & Chris\Local Settings\Temp\*.tmp
NY -> zronnuto.ini -> C:\WINDOWS\Temp\zronnuto.ini
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

NEXT

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : OTScanit report, MBAM and a new Hijackthis log _ How is your computer running now ?

[bubbu]

Thanks Essexboy...here is what happened:

Cut and pasted info from "code" box into OTScanit. Hit "Run Fix". Ran for about 5 minutes. It however did not give me a OK button, but gave me a "Restart is necessary to complete...do you wish to restart?". I hit no. It did not give me the option to give a report so I can't include it unless you know a way to retrieve it elsewhere.

Downloaded and ran Malwarebytes' Anti-Malware. Performed quick scan..selected everything and "removed selected". Log is attached. Required restart, so I complied. Ran HiJackThis...file is attached.


System is definitely running better...My CPU is finally catching it's breath after a long haul at 100%.... I searched Google and found it working as it was supposed to.

Is my system clean or do I need some more pesticide?

 mbam_log_4_8_2008__17_23_18_.txt   1.55KB   112 downloads

 aaagggghhhh3.txt   8.74KB   111 downloads

[bubbu]

OK.... I may have spoken too soon....

Turned off computer last night to let it breath some...turned it back on this morning. Clicked on IE and AVG popped up a window with a found MALWARE: Trojan.BHO.ndc location: C:\\windows\system32\dnsapig.dll. Asked if I wanted it quaranteed ...selected yes...it then asked me to restart to finish removal. Complied. Upon restart, again clicked on IE and the same thing happened. This time I did not restart (did quarantee), instead continued on to the internet. Went to Google...still getting redirects. My CPU is not tapped out, so that is working much better... but that nasty bug is still there somewhere.

[Essexboy]

It looks like the three lines I took out at the start are back - so a change of tack

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {00FC4D72-DBC3-47D9-8469-1F800ADE2084} - c:\windows\system32\autodiscs.dll
O2 - BHO: (no name) - {F393BFC2-B666-4D26-BF7D-71C49A330FEE} - C:\WINDOWS\system32\dnsapig.dll
O20 - Winlogon Notify: zjprmxoj - C:\WINDOWS\SYSTEM32\autodiscs.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

This time I will use a bigger hammer and look at your system again with a different analysis tool


1. Please download The Avenger2 by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Files to delete:
c:\windows\system32\autodiscs.dll
C:\WINDOWS\system32\dnsapig.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .

PRIOR TO POSTING

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Logs required : DSS texts and Avenger

[bubbu]

OK Partner....Here is what I did and the results:

Downloaded Avenger and DSS...closed IE...

Reopened HiJackThis...selected requested items and clicked Fix Checked.

Downloaded Avenger 2, extracted and ran....pasted your requested code into "script here box"...and executed. Answered yes (twice) and computer restarted. Avenger log attached (I'm no expert, (and the reason I am here) but the report doesn't look like a success to me).

Ran DSS...main and extra logs attached.

Reran HiJackThis...log attached....(named aaaggghhh4)

 avenger.txt   1.54KB   116 downloads
 extra.txt   8.7KB   340 downloads
 main.txt   21.36KB   166 downloads
 aaaggghhh4.txt   9.03KB   123 downloads

[Essexboy]

Correct Avenger failed that time - but now I have found the driver it should be toast

1. Please download The Avenger2 by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Drivers to delete:
gynojlbx

Files to delete:
c:\windows\system32\drivers\drzzscwo.dat
C:\WINDOWS\system32\wvlkdcmw.dat
C:\WINDOWS\system32\tmjgbdkq.dat
C:\WINDOWS\system32\kemwkpjz.dat
C:\WINDOWS\system32\diaeakgh.dat
C:\WINDOWS\system32\chunzvvl.dat
C:\WINDOWS\system32\ttncvxzv.dat
C:\WINDOWS\system32\autodiscs.dll
C:\WINDOWS\extend.dat

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zjprmxoj
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00FC4D72-DBC3-47D9-8469-1F800ADE2084}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F393BFC2-B666-4D26-BF7D-71C49A330FEE}

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .

[bubbu]

Here they are...

Seems to be working much better...at least right now....

 avenger_2.txt   2.91KB   93 downloads
 aaaggghhh5.txt   8.45KB   109 downloads

[Essexboy]

As I said toast

OK lets do a final sweep now for orphans and see how that goes

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

And along with the log if you can give me a final word on your system

[bubbu]

Man what a difference this has made! Here is the file. Google is working like it should and my CPU is working like it did before. Let me know if I am clean or if I need to do anything else. I appreciate all your assistance.

 mbam_log_4_13_2008__20_13_35_.txt   740bytes   96 downloads

[Essexboy]

Clean as a babies bum

Now the best part of the day ----- Your log now appears clean

Double click OTScanit once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTScanit wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe