Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

file window lacks OPEN so can't upload attachment [Solved]


  • This topic is locked This topic is locked

#16
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

OK try this alternative scan for me please as follows...

Scan with GMER:

Download GMER Rootkit Scanner from here. <-- The executable to be downloaded will be randomly named.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Posted Image

    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do not take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.
  • 0

Advertisements


#17
cinbar

cinbar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Dakeyras,
The computer has stayed connected today much better and was not slow. I will let you know how it does using IE. Here is the GMER scan. It offered only save as logI tried unsuccessfully to put txt in the type box--but I had put .txt at the end of the file name and it saved as you wanted it to. Thanks for your help, cinbar



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-16 21:51:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST320011A rev.3.10
Running: hyggee6i.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\fwadifog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF3D4C536]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF3DF57BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF3D4CF52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF3D8CC31]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF3D57D7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF3D57DC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF3D57F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF3D8C5E5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF3D57CE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF3D57E0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF3D57D30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xF3D4D146]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF3D57F02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xF3D4D8CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF3D4C584]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF3D8D2F7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF3D8D5AD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF3D50F36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF3D8D162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF3D8CFCD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF3DF589E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF3D4C1EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF3D4C5D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF3D512A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF3D4E292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF3D57DA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF3D57DE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF3D57F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF3D8C941]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF3D57D0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF3D50AAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF3D57E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF3D57D58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF3D50CDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF3D57F26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF3DF5A1E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF3D8CE48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF3D4E15E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF3D8CC9A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xF3D4DD08]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF3E01338]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF3D8BC58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF3D4C620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF3D4C66E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xF3D4D74A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF3D4C276]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF3D4C426]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF3D8D3FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF3D4C3CC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xF3D4DA2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xF3D4DB88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF3D4C496]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xF3D4D468]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xF3D4D5CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF3D4C6BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xF3D4CF96]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF3E0D744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + F8 804E2764 4 Bytes CALL 9A41FCE5
.text ntoskrnl.exe!_abnormal_termination + 24C 804E28B8 1 Byte [DE]
.text ntoskrnl.exe!_abnormal_termination + 398 804E2A04 12 Bytes [20, C6, D4, F3, 6E, C6, D4, ...]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [2C, DA, D4, F3, 88, DB, D4, ...]
PAGE ntoskrnl.exe!ObInsertObject 8056513A 5 Bytes JMP F3E0C0FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058304C 7 Bytes JMP F3E0D748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059EA42 5 Bytes JMP F3E0A61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\smss.exe[488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[568] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1164] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1176] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1500] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1780] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0119FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 014407C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0144079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 01440728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 052F1014
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 052F0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 052F0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 052F0C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 052F0E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 052F01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 052F03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1988] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 052F0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00731014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00730804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00730A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00730C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00730E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007301F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007303FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00730600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00740804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1066003B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1065FFCA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1043AEF3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00740A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00740600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007401F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007403FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2360] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1043B50D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\user\My Documents\Downloads\hyggee6i.exe[3824] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----
  • 0

#18
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

The computer has stayed connected today much better and was not slow. I will let you know how it does using IE.

OK and you're most welcome!

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#19
cinbar

cinbar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Dakeyras, Thanks for your help! cinbar--off to re-enable the Anti-Virus application

1.I downloaded and ran the TFL.exe

2.I used IE and noticed that it is slower than Firefox, but the online connection held

3.
Here is the ESET log

reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
old REG_MULTI_SZ =
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{5352AD1D-9EAB-4B98-9F55-374123A01D16}\NetbiosOptions
added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{99F7EA19-A487-4AD9-9B52-BBA747EA1802}\NetbiosOptions
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEA0902A-C7A8-4D46-843F-5D7E91183D51}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEA0902A-C7A8-4D46-843F-5D7E91183D51}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEA0902A-C7A8-4D46-843F-5D7E91183D51}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEA0902A-C7A8-4D46-843F-5D7E91183D51}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEA0902A-C7A8-4D46-843F-5D7E91183D51}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEA0902A-C7A8-4D46-843F-5D7E91183D51}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEA0902A-C7A8-4D46-843F-5D7E91183D51}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for PCI\VEN_10B7&DEV_9200&SUBSYS_00BE1028&REV_78\4&37725873&0&60F0. bad value was:
REG_MULTI_SZ =
PSched

<completed>
  • 0

#20
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

That does not appear to be the Eset online scan log...Have you attempted/tried something yourself?

If it is the online scan log results, never one I have reviewed before So please double check for myself if it is available still via :-

Click on Start >> My Computer >> C: >> Program Files >> ESET >> EsetOnlineScanner >> log.txt.

And answer my query also, thank you.
  • 0

#21
cinbar

cinbar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Dakeyras,

No, I am too scared of making things worse by trying anything on my own. I am doing only what you tell me and checking off each step in order.

I used IE for all of this session's work so I didn't have to do the extra download to protect Firefox. I turned off Avast.

In program files the ESET folder has 14 or 16 individual files, but this is the only one with log. I was surprised how short it was. I did have to download TFC more than once. I kept getting an Adobe Reader message that it couldn't open the TFC because it was not a supported file or had been damaged. Finally I got it to run and then I rebooted as it said to do.

For ESET I allowed the Active X to install. The Remove found threat was NOT checked and the Scan Archives was checked. The 3 things were selected in Advanced Settings.

The virus database downloaded, never stopped until it finished. I made sure the cats weren't anywhere near the keyboard or mouse and I didn't touch either one. I didn't uninstall so here is the log again

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=11a3550ddfdbd94b8af147a97d7f2641
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-17 11:03:16
# local_time=2012-07-17 07:03:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=34286
# found=0
# cleaned=0
# scan_time=4663

cinbar
  • 0

#22
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

No, I am too scared of making things worse by trying anything on my own. I am doing only what you tell me and checking off each step in order.

Fair play.

I was surprised how short it was.

Actually that is a good sign and not a cause for concern, plus nothing malicious was detected.

I made sure the cats weren't anywhere near the keyboard or mouse and I didn't touch either one.

I have a relatively young cat myself and she still has the propensity every now and again to jump up on my workstation and try too catch the mouse pointer as it moves around the monitor screen! :lol:

Levity aside...

I kept getting an Adobe Reader message that it couldn't open the TFC because it was not a supported file or had been damaged.

Hmm that is a strange occurrence. It may be some settings are incorrect with the reader itself. So carry out the following please...

Next:

  • Launch Adobe Reader >> click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button >> close Adobe Reader.
New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to Java SE 7u5. Click on JRE Download.
  • Check (tick) Java SE Runtime Environment 7u5 License Agreement box.
  • Click on jre-7u5-windows-i586.exe link next to Windows x86 Offline to download it and save this to your desktop.
  • Double-click on on jre-7u5-windows-i586.exe to install Java.
Next:

Let myself know when completed the above and if any further issues remaining. If not we will clean up all tools used during the Malware Removal process and I will provide some advice about online safety etc.
  • 0

#23
cinbar

cinbar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Dakeyras,

I made the requested changes in Adobe Reader. They all went through smoothly.

I installed the new Java and it installed fine.

I still can't send an attachment in my Yahoo email. When I click on the attach files, a window opens, but it is the window a person gets when saving a file (SAVE or CANCEL). The usual window for attachments (OPEN or CANCEL) never appears, whether the list of files is my travel drive (my usual source), Drive C, My Computer or something else. But what is strange is that at the very top of the window it says attaching a file to Yahoo email.

Thanks,
cinbar
  • 0

#24
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

I still can't send an attachment in my Yahoo email. When I click on the attach files, a window opens, but it is the window a person gets when saving a file (SAVE or CANCEL). The usual window for attachments (OPEN or CANCEL) never appears, whether the list of files is my travel drive (my usual source), Drive C, My Computer or something else. But what is strange is that at the very top of the window it says attaching a file to Yahoo email.

How are you actually accessing Yahoo? Via WebMail/with either Internet Explorer, FireFox or say with Outlook Express for example?

How long have you had OpenOffice installed? Did this issue arise after installing?
  • 0

#25
cinbar

cinbar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Dakeyras,

OpenOffice came with the computer when I bought it a little more than a year ago. Until about 10-14 days ago I had no problem creating documents using it, saving them to my flashdrive, and attaching them to emails in Yahoo.
(I have no problems using OO or reading or sending emails now--it's just adding an attachment that is the problem.)

After I get into my email and click on Compose the correct form for a new email appears. The black attachment tab is there. When I click on it a box opens that says at the top "attach this to yahoo mail xxxxx" as usual.

The middle of the box shows names of files--nearly always those on my flashdrive. It doesn't show the choose a location of files list, such as travel drive, C drive, etc.

At the bottom it shows two boxes to click on. One is SAVE (as you would find when creating a document) and the other is CANCEL. Normally the window would have OPEN and CANCEL as choices.

Yahoo is the only email I use. I get there from Firefox and did use IE to get to Yahoo. Firefox has a box in the top left corner with the URLs for the most common sites I visit, so I usually click on yahoo mail within that, rather than typing out the whole URL.

Thanks,
cinbar
  • 0

Advertisements


#26
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Yahoo is the only email I use. I get there from Firefox and did use IE to get to Yahoo. Firefox has a box in the top left corner with the URLs for the most common sites I visit, so I usually click on yahoo mail within that, rather than typing out the whole URL.

Mozilla Firefox has recently been updated so update your version and check for myself please if still the same issue..

Update Mozilla Firefox:

The latest version is 14.0.1

To update, launch the browser >> Help >> About Firefox >> Check for Updates, then download and install. Restart the browser when prompted.

Next:

If still a problem the advice here may be of help.
  • 0

#27
cinbar

cinbar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Dakeyras,

I installed the 14.0.1 new Firefox--saw an article in PC WORLD that said it is better than v. 13 b/c Google searches are contained (I guess that makes it harder for redirect viruses to get through) and for other reasons.

That didn't change the email attachment situation, but I used your Yahoo link and clicked on a tiny triangle to toggle back to attach files *one at a time* (instead of attaching several at a time) and the correct window with OPEN is there! Thank you! (I had prowled through yahoo and never found this suggestion.)

I am going to stick with Firefox, especially since I have the latest version. Should I leave IE on the computer?
If I'm not using it will it update automatically so that it won't be easy for malware to get in? A few weeks ago I started to uninstall it, but a window appeared that said many Windows programs depended on it.

Thanks,
cinbar
  • 0

#28
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

I used your Yahoo link and clicked on a tiny triangle to toggle back to attach files *one at a time* (instead of attaching several at a time) and the correct window with OPEN is there! Thank you! (I had prowled through yahoo and never found this suggestion.)

Good and you're most welcome!

Should I leave IE on the computer?

Yes it would be prudent to do so and leave it at version 8 etc.

If I'm not using it will it update automatically so that it won't be easy for malware to get in?

Correct.

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Reset SR Points/Clean up with OTL:

  • Double-click OTL to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Commands
[ClearAllRestorePoints]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered. When finsihed click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process will flush old Sytem Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once at least once per week.

Other installed security software:

Your presently installed security application, avast! Antivirus automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

Check for updates via Start >> All Programs >> Windows Update

Also ensure Automatic Updates is active:-

How to configure and use Automatic Updates in Windows

Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

Consider installing WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Check your third party software is upto date:

Via visiting the Secunia Online Software Inspector periodically.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
  • 0

#29
cinbar

cinbar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Dakeyras,

I printed out the guides to which you put links, on computer security and maintenance. I went ahead and installed WinPatrol and planned to do the uninstalling and the rest of my "homework" you assigned.

When I came back to the computer later, I saw that the desktop icons were not where they had been and they were larger. When my home page--nbcnews.com) loaded via Firefox the text and photos were so large that they didn't fit within the screen. I was able to reduce the pages through the Zoom Out on Firefox's toolbox, but they're not normal.

I uninstalled WinPatrol to see if that would make a difference, but it did not. I will reinstall it. (That installation was the only `different thing I had done--all the web pages and Yahoo were normal when I left.)

When I opened Yahoo the screen was also much larger than normal. A message said that I had to change the screen resolution. The emails were so wide that I had to move the side arrows to read the start and end of each line.

I went to Display Properties Settings and found the dpi slider, but it would not move (either by dragging or clicking)to change screen resolution.

Meanwhile one time that Firefox was loading my home page, on the bottom toolbar I saw "https ieexplorer.com/ieslice."

So since somehow the sizing of the screen in Firefox (I did not try IE)is way off and since I saw the ieslice message, I thought I should tell you first and not do any of the uninstalling of the log-producing programs and Restore Points, in case you wanted me to run them again.

Thanks for your help,
cinbar
  • 0

#30
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

I thought I should tell you first and not do any of the uninstalling of the log-producing programs and Restore Points, in case you wanted me to run them again.

A prudent move on your behalf. :thumbsup:

OK lets perform a few scans so I can try too ascertain what is causing the problems mentioned as follows...

Re-scan with OTL:

  • Double-click on OTL.exe to start OTL.
  • Ensure both Scan All Users and Standard Output are selected.
  • Click on Run Scan at the top left hand corner.
  • Only one log will be created this time, OTL.txt
Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate download is here.

  • Quit all running programs.
  • Double-click on RogueKiller.exe to start the application.
  • Let the pre-scan complete, then click on Accept option when the disclaimer window appears.
  • Now click on the Scan tab back in the RogueKiller main window.
  • The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Next:

So in your next reply, post a new OTL log and the RogueKiller log and we will go from there.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP