Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect

Started by jubaltolian , Sep 08 2010 10:49 PM

  • Please log in to reply

#1
jubaltolian
Posted 08 September 2010 - 10:49 PM

jubaltolian

    New Member

  • Member
  • Pip
  • 6 posts
Hello, my computer has been infected with the 'google redirect' problem, search results hijacked to different commercial pages and also now something is opening Windows Media.

I've gone to the Malware and Spyware Cleaning Guide, and followed all the steps and will attempt to correctly post log results.

I also went to the 'How to Fix Google Redirects' and followed instructions there but it is not fixed.

Thank you for your assistance! Please let me know if I've left anything out.

Running Windows XP Firefox browser

OTL Logs -

OTL logfile created on: 9/8/2010 9:07:10 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 59.00 Mb Available Physical Memory | 23.00% Memory free
625.00 Mb Paging File | 332.00 Mb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 70.35 Gb Free Space | 94.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERRYLOFT
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/08 21:03:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2010/07/22 19:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/13 17:24:55 | 001,172,144 | ---- | M] (Proland Software) -- C:\Protector Plus\PPINUPDT.EXE
PRC - [2010/02/13 17:24:55 | 000,787,120 | ---- | M] (Proland Software ) -- C:\Protector Plus\POPSCAN.EXE
PRC - [2010/02/13 17:24:55 | 000,070,320 | ---- | M] (Proland Software) -- C:\Protector Plus\PPAVMON.EXE
PRC - [2010/02/13 17:24:54 | 001,303,216 | ---- | M] (Proland Software ) -- C:\Protector Plus\PPTBC.EXE
PRC - [2010/02/13 17:24:53 | 000,094,896 | ---- | M] (Proland Software) -- C:\Protector Plus\PPSERV.EXE
PRC - [2010/01/11 16:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/04/13 17:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/09/08 21:03:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/02/13 17:24:55 | 000,070,320 | ---- | M] (Proland Software) [Auto | Running] -- C:\Protector Plus\PPAVMon.exe -- (ProtectorPlusAVMonitor)
SRV - [2010/02/13 17:24:53 | 000,094,896 | ---- | M] (Proland Software) [Auto | Running] -- C:\Protector Plus\PPServ.exe -- (ProtectorPlusService)


========== Driver Services (SafeList) ==========

DRV - [2010/02/13 17:24:55 | 000,019,272 | ---- | M] (Proland Software) [Kernel | On_Demand | Running] -- C:\Protector Plus\PPEMSCAN.SYS -- (PPEMSCAN)
DRV - [2010/02/13 17:24:53 | 000,703,920 | ---- | M] (Proland Software) [Kernel | On_Demand | Running] -- C:\Protector Plus\PPDRV.SYS -- (PPDrv)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60426
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60426

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.crawler.c...bid=60426&qkw="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/08 21:05:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/07 07:33:25 | 000,000,000 | ---D | M]

[2010/02/13 19:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/09/08 07:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qpa13jxm.default\extensions
[2010/03/14 11:59:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qpa13jxm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/31 11:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qpa13jxm.default\extensions\[email protected]
[2010/09/08 07:49:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/03 08:31:47 | 000,415,577 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14347 more lines...
O4 - HKLM..\Run: [Protector Plus InstaUpdate] C:\Protector Plus\PPINUPDT.EXE (Proland Software)
O4 - HKLM..\Run: [Protector Plus Taskbar Control] C:\Protector Plus\PPTBC.EXE (Proland Software )
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/13 17:25:01 | 000,000,055 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/08 20:36:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/08 20:36:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/08 20:34:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/08 20:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/29 07:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HP
[2010/08/29 07:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Scans
[2010/08/28 07:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Windows Server
[2010/08/12 07:30:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/08/04 08:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/03 13:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Dr Delete
[2010/08/03 08:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/03 07:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/08/03 07:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/03 07:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 90 Days ==========

[2010/09/08 20:48:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/08 20:48:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/08 20:47:32 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/09/08 20:47:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/09/08 20:47:20 | 002,655,806 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/09/08 20:36:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 20:33:11 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/09/08 20:33:11 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/09/08 20:04:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/07 18:21:50 | 000,000,014 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/09/07 07:33:32 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/07 07:33:32 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/07 07:27:47 | 000,070,350 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bookmarks-2010-09-07.json
[2010/08/12 07:05:34 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/03 08:31:47 | 000,415,577 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/10 13:16:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/30 07:46:53 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/15 09:26:31 | 001,744,156 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KerdiShowerBook.pdf

========== Files Created - No Company Name ==========

[2010/09/08 20:36:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 20:33:11 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/09/08 20:33:11 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/09/07 07:33:32 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/07 07:33:32 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/07 07:27:47 | 000,070,350 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bookmarks-2010-09-07.json
[2010/06/15 09:26:27 | 001,744,156 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KerdiShowerBook.pdf
[2010/03/04 10:06:29 | 000,002,241 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/13 17:07:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/02/13 19:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/03/14 11:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/09/07 18:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/08 20:04:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/02/13 17:25:01 | 000,000,055 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/13 17:39:35 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/02/13 16:54:41 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/13 16:54:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/13 16:54:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/02/13 17:34:16 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/02/13 18:46:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/08 20:48:16 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/02/13 08:44:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/02/13 08:44:21 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/02/13 08:44:21 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 03:01:28

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC
< End of report >

MBAM -

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4578

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/8/2010 8:46:30 PM
mbam-log-2010-09-08 (20-46-30).txt

Scan type: Quick scan
Objects scanned: 124219
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

GMER -

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-08 21:02:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwrcypob.sys


---- Kernel code sections - GMER 1.0.15 ----

? skvntd.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF8CDBF80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1508] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00B4874A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0015660B
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0015634D
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00156511
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] WS2_32.dll!recv 71AB676F 5 Bytes JMP 001563C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00156477

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs PPDrv.sys (Protector Plus Antivirus for Windows Kernel Driver/Proland Software)
AttachedDevice \FileSystem\Ntfs \Ntfs PPDrv.sys (Protector Plus Antivirus for Windows Kernel Driver/Proland Software)
AttachedDevice \Driver\Tcpip \Device\Tcp PPEMSCAN.sys (Protector Plus Antivirus Email Scan Driver/Proland Software)

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements

#2
emeraldnzl
Posted 09 September 2010 - 01:13 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello jubaltolian,

Welcome to Geekstogo.

  • C:\WINDOWS\system32\drivers\senfilt.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

After that

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So when you return please post
  • Virscan report
  • ComboFix.txt
  • 0

#3
jubaltolian
Posted 09 September 2010 - 09:41 AM

jubaltolian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for the assistance, emeraldnzl!

Virusscan report -

I'm afraid I don't have this report. I clicked save to clipboard, but when the combofix got done it seems to have also automatically saved to the clipboard and replaced the virusscan report. I can tell you that it found no infection.


ComboFix.txt -

ComboFix 10-09-08.03 - Owner 09/09/2010 8:13.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.93 [GMT -7:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: Protector Plus Anti-virus Software *On-access scanning disabled* (Updated) {2BA05D34-0674-49A3-8DDA-DC7C8007484B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\Windows Server
c:\documents and settings\Owner\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Owner\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Owner\Local Settings\Application Data\Windows Server\uses32.dat
c:\windows\system32\AutoRun.inf

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
.

2010-09-09 04:23 . 2010-09-09 04:23 -------- d-----w- C:\_OTM
2010-09-09 03:36 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-09 03:36 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-09 03:33 . 2010-09-09 03:33 -------- d-----w- c:\program files\ERUNT
2010-08-29 14:44 . 2010-08-29 14:44 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 03:36 . 2010-08-03 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-08 01:22 . 2010-02-14 02:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-08 01:21 . 2010-02-14 02:40 14 ----a-w- c:\windows\popcinfo.dat
2010-08-09 23:50 . 2010-08-09 23:50 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6867e164-n\msvcp71.dll
2010-08-09 23:50 . 2010-08-09 23:50 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6867e164-n\jmc.dll
2010-08-09 23:50 . 2010-08-09 23:50 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6867e164-n\msvcr71.dll
2010-08-09 23:50 . 2010-08-09 23:50 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7d35efe1-n\decora-sse.dll
2010-08-09 23:50 . 2010-08-09 23:50 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7d35efe1-n\decora-d3d.dll
2010-08-04 15:25 . 2010-08-04 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-03 19:49 . 2010-08-03 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-03 14:37 . 2010-08-03 14:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-08-03 14:36 . 2010-08-03 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-30 12:31 . 2002-09-03 16:58 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2002-09-03 17:11 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-09-03 17:04 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-09-03 16:34 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-02-13 23:52 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2002-09-03 16:46 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]
"Protector Plus Taskbar Control"="c:\protec~1\PPTbc.EXE" [2010-02-14 1303216]
"Protector Plus InstaUpdate"="c:\protec~1\PPInupdt.exe" [2010-02-14 1172144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 ProtectorPlusAVMonitor;Protector Plus Anti-virus Monitor Service;c:\protector plus\PPAVMON.EXE [2/13/2010 5:24 PM 70320]
R2 ProtectorPlusService;Protector Plus Service;c:\protector plus\PPSERV.EXE [2/13/2010 5:24 PM 94896]
R3 PPDrv;Protector Plus Driver;c:\protector plus\PPDRV.SYS [2/13/2010 5:24 PM 703920]
R3 PPEMSCAN;Protector Plus Email Scan Driver;c:\protector plus\PPEMSCAN.SYS [2/13/2010 5:24 PM 19272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qpa13jxm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60426&qkw=

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-09 08:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2504)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\protector plus\POPSCAN.EXE
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-09-09 08:27:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-09 15:27

Pre-Run: 75,415,830,528 bytes free
Post-Run: 75,376,873,472 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 3B9F06C89DA9CBF67310A1C9B7299789
  • 0

#4
emeraldnzl
Posted 09 September 2010 - 01:27 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello jubaltolian,

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

So when you return please post
  • MBAM log
  • Kaspersky scan results
  • and tell me how your computer is performing now
  • 0

#5
jubaltolian
Posted 09 September 2010 - 07:35 PM

jubaltolian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Malwarebytes log -

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4584

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/9/2010 1:43:47 PM
mbam-log-2010-09-09 (13-43-47).txt

Scan type: Quick scan
Objects scanned: 124485
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Kaspersky - I followed all directions, but after two hours stuck at 27% of scan I finally closed it.

How is the computer running now? So far I am not being redirected when I click on search results and overall it seems to be running a lot better.

Should I assume the problem has been solved?

Thanks very much for your time and assistance.
  • 0

#6
emeraldnzl
Posted 09 September 2010 - 08:21 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Should I assume the problem has been solved?


Nearly there I think but I wouldn't declare a machine clean until an online scan from a good company has been carried out. We do prefer Kaspersky here but we also use others.

Also when we have finished we need to clean away the tools we have been using.

Kaspersky - I followed all directions, but after two hours stuck at 27% of scan I finally closed it.


Can take a lot longer than that... (had one that lasted 35 hours - very infected machine though lol.) but it can also get stuck, let's try another one.

Please run a free online scan with the ESET Online Scanner
Note: ESET was designed to run with Internet Explorer, compatibility with other browsers has been added recently but if you find difficulty, go to using Internet Explorer
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Click Start and if your security program asks you if you want to allow the program, click yes.
  • If you anti-virus is active you may see a panel appear warning you that this may affect performance. Disabling the programs listed may speed things along.
  • Make sure that the options Remove found threats and Scan archives are checked (do not worry about advanced settings)
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt (open Notepad > File > Open and navigate to the log.txt)
  • Copy and paste that log as a reply to this topic

  • 0

#7
jubal68
Posted 09 September 2010 - 09:58 PM

jubal68

    New Member

  • Member
  • Pip
  • 1 posts
Ok, it says it will take several hours so I'll wait to begin it in the morning, thanks! (Posting from my other computer with wife's registration, therefore, the different name)

Edited by jubal68, 09 September 2010 - 10:01 PM.

  • 0

#8
emeraldnzl
Posted 09 September 2010 - 11:52 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okie dokie :)
  • 0

#9
jubaltolian
Posted 10 September 2010 - 09:55 AM

jubaltolian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Well I ran the eset, it found 5 Win32/Bamital.DX trojans. When the scan completed I tried to save the log as directed but now I can't find it anywhere. Looked in program files for eset, not there. Eset said it had quarantined and cleaned the trojan, but I do not have log to post. Very sorry, don't know what I did wrong.

What next?
  • 0

#10
emeraldnzl
Posted 10 September 2010 - 01:06 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi

Did you check C:\Program Files\EsetOnlineScanner\log.txt

You can right click on Start > Explore and navigate there. Copy and paste back here. :)

If it's not there anymore come back and tell me.
  • 0

#11
jubaltolian
Posted 10 September 2010 - 01:42 PM

jubaltolian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I did check there right after scan and it was empty, now that I've restarted computer the eset file is no longer in the program files.
  • 0

#12
emeraldnzl
Posted 10 September 2010 - 02:24 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again

I think your machine is clean. :)

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.
  • Download from here Java Runtime Environment (JDK) Update
  • Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.

    Reboot your computer.
    You also need to uininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week.

For ease of use, you might consider the following free program:--------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.
-----------------------------------------------------------------------------------------------------------------------

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • It is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > Automatic Updates
    * Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
    * Click Apply then OK.

    And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  • Malwarebytes
  • SuperAntiSpyWare
Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!
  • 0

#13
jubaltolian
Posted 11 September 2010 - 09:17 AM

jubaltolian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for all your help. It is greatly appreciated. I just made a donation to help continue in the good work. G'day :)
  • 0

#14
emeraldnzl
Posted 11 September 2010 - 03:06 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I just made a donation to help continue in the good work.


Very kind of you and much appreciated. Thank you. :)

G'day


I see you know our lingo. :)

Thanks for all your help.


You are very welcome. :)

I will keep this topic open for a day or two in case any issues arise.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP