[Indexx]

Zonealarm has always blocked this and that. These names seem new. No gmail no Amazon. The Plugin Container for Firefox block are really new.
Will send log shortly

[Advertisements]

[emeraldnzl]

[Indexx]

Hello Emeraldnzl,

Here you go.

All processes killed
========== OTL ==========
Prefs.js: false removed from browser.search.update
Prefs.js: "about:blank" removed from browser.startup.homepage
Folder C:\Documents and\ not found.
Folder C:\Program Files\Mozilla\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: boss
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: boss.LASRIUS
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 2933313 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5610173 bytes
->Flash cache emptied: 456 bytes

User: BOSS~1~LAS

User: Default User
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 512 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 8719133 bytes

Total Files Cleaned = 16.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01062013_233630

Files\Folders moved on Reboot...

[emeraldnzl]

Hello Indexx,

We will use another scan now for a slightly different look at things.

Please download DDS and save it to your desktop.

• Disable any script blocking protection do I have a script blocker
• Double click dds.scr to run the tool.
• When done, DDS.txt will open.
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.

Post the reports back here.

[Indexx]

got them


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2010 11:12:41 AM
System Uptime: 1/6/2013 11:37:21 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 30A6
Processor: Genuine Intel® CPU T2250 @ 1.73GHz | U1 | 795/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 97 GiB total, 23.782 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 36.697 GiB free.
E: is FIXED (FAT32) - 14 GiB total, 0.772 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP758: 12/29/2012 1:18:14 AM - System Checkpoint
RP759: 12/30/2012 5:11:15 AM - System Checkpoint
RP760: 12/31/2012 11:25:40 AM - System Checkpoint
RP761: 1/1/2013 2:34:17 PM - System Checkpoint
RP762: 1/2/2013 7:22:54 PM - System Checkpoint
RP763: 1/3/2013 8:00:29 PM - before remove norton
RP764: 1/3/2013 8:23:08 PM - Installed Java 7 Update 10
RP765: 1/3/2013 8:28:55 PM - Removed Java™ 6 Update 10
RP766: 1/4/2013 10:18:15 PM - System Checkpoint
RP767: 1/5/2013 7:16:20 PM - afterNortonBefore Serv3 1-13
RP768: 1/5/2013 10:06:55 PM - Installed Windows XP Service Pack 3.
.
==== Installed Programs ======================
.
5 Card Slingo from Hewlett-Packard Laptops (remove only)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 6.0.1
BarBack for Windows
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Conexant HD Audio
Corel WordPerfect Suite 8
Crystal Maze from Hewlett-Packard Laptops (remove only)
Destinations
DeviceManagementQFolder
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 645 Series Printer Uninstall
EpsonNet Print
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
GemMaster Mystic
H&R Block Deluxe + Efile + State 2010
H&R Block Standard 2011
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
HP Help and Support
HP Imaging Device Functions 6.0
HP Quick Launch Buttons 6.00 E2
HP QuickPlay 2.1
HP Software Update
HP User Guides--System Recovery
HP User Guides 0011
HP Wireless Assistant 2.00 E1
HpSdpAppCoreApp
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
Intel® PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 6
Java 7 Update 10
Java Auto Updater
Jewel Quest from Hewlett-Packard Laptops (remove only)
K-Lite Mega Codec Pack 7.6.0
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
LightScribe 1.4.74.1
Macromedia Flash Player 8
Magnifier Powertoy for Windows XP
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Works
Mozilla Firefox 8.0.1 (x86 en-US)
muvee autoProducer 4.5
NVIDIA Drivers
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
Otto
Paint Shop Pro 7
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quick View Plus
Quicken 2006
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
SmartAudio
Snowboard SuperJam
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Super Granny from Hewlett-Packard Laptops (remove only)
TaxACT 2009
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Tradewinds from Hewlett-Packard Laptops (remove only)
Tweakui Powertoy for Windows XP
Unload
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.5
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Service Pack 3
Wireless Home Network Setup
YSIGet
ZoneAlarm
Zuma Deluxe from Hewlett-Packard Laptops (remove only)
.
==== Event Viewer Messages From Past Week ========
.
12/31/2012 3:38:57 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00130260FB05. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/6/2013 9:20:22 PM, error: Service Control Manager [7034] - The Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s).
1/6/2013 5:27:25 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/6/2013 5:27:25 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/6/2013 12:39:14 PM, error: DCOM [10000] - Unable to start a DCOM Server: {A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\WISPTIS.EXE -Embedding
1/6/2013 10:27:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/6/2013 10:27:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/4/2013 2:10:11 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS RasAcd Rdbss Tcpip vsdatant
1/4/2013 2:10:11 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2013 2:10:11 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2013 2:10:11 AM, error: Service Control Manager [7001] - The NetBios over Tcpip service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2013 2:10:11 AM, error: Service Control Manager [7001] - The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2013 2:10:11 AM, error: Service Control Manager [7001] - The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2013 2:10:11 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2013 2:10:11 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2013 2:10:11 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2013 2:09:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/3/2013 9:36:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SYMTDI
1/3/2013 9:36:16 AM, error: Service Control Manager [7001] - The Messenger service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/3/2013 9:36:16 AM, error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
1/3/2013 9:36:16 AM, error: Service Control Manager [7001] - The Message Queuing service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/3/2013 9:36:16 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/3/2013 9:36:15 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service hpqwmiex with arguments "-Service" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
1/3/2013 9:36:13 AM, error: DCOM [10000] - Unable to start a DCOM Server: {D6D754B6-C211-4920-92EA-FD714A13246B}. The error: "%2" Happened while starting this command: C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE -Embedding
1/3/2013 8:32:04 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
1/3/2013 8:32:04 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
1/3/2013 7:29:51 PM, error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The system cannot find the path specified.
1/3/2013 6:43:49 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
.
==== End Of File ===========================



-----------------------------------------------------------------------------------------------------------


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 10.10.2
Run by boss at 0:19:02 on 2013-01-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.684 [GMT -6:00]
.
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
TB: Norton AntiVirus: {C4069E3A-68F1-403E-B40E-20066696354B} -
uRun: [StatBar] c:\program files\globe software\statbar\StatBar.exe
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatihva.exe /ept "epltarget\P0000000000000000" /M "WorkForce 645" /EF "HKCU"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B8D85FDC-2F63-4DE8-A44A-CF8EBE7B5205} : DHCPNameServer = 192.168.1.254
Handler-: ipp - <Clsid value has no data>
Handler-: msdaipp - <Clsid value has no data>
SEH: Quick View Plus - ShellExecute Hook - {0cab0400-7395-11d0-a5e5-0020afe2fdd9} -
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\boss.lasrius\application data\mozilla\firefox\profiles\diday4bd.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-4-13 392824]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-2 398184]
R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2010-4-14 3712]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-2 21104]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-2 682344]
S4 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
S4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
.
=============== File Associations ===============
.
ShellExec: QPW.EXE: open="c:\corel\suite8\programs\QPW.EXE"
ShellExec: QPW.EXE: print="c:\corel\suite8\programs\QPW.EXE"
.
=============== Created Last 30 ================
.
2013-01-07 05:36:30 -------- d-----w- C:\_OTL
2013-01-07 01:28:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-06 18:58:22 -------- d-----w- C:\JRT
2013-01-06 04:09:10 -------- d-----w- c:\windows\ServicePackFiles
2013-01-04 02:23:46 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-04 02:23:46 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-04 02:23:39 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-02 23:45:02 -------- d-----w- c:\documents and settings\boss.lasrius\application data\Malwarebytes
2013-01-02 23:44:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-01-02 23:44:39 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-02 23:44:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-11 16:50:31 -------- d-----w- c:\program files\YSIGet
.
==================== Find3M ====================
.
2013-01-07 01:28:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-04 02:23:19 143872 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 0:20:00.56 ===============

[emeraldnzl]

Nothing leaping out at me there.

Time to try a different approach by uninstalling an re-installing Firefox. We need to remove your Firefox profile data and settings.

Before we do this we want to backup your bookmarks.

To back up your bookmarks:

In Firefox go to History > Show all History > Import and Backup (toolbar along the top) > Export HTML... and save it to your desktop.

Later when you re-install FF you can reverse the process and Import HTML... when the Wizard comes up just import the HTML file you had saved earlier.

Now

Go to the link below for instructions on how to remove Firefox:

http://kb.mozillazin...install_firefox

Look under the heading On Windows

Follow the instructions there On Windows Vista and in particular follow this instruction - see the bolded part:

Starting in Firefox 3, the uninstaller includes the option, "Remove my Firefox personal data and customizations". This will also remove your Firefox user profile data (bookmarks, passwords, cookies, extensions, preferences, etc.).

If the uninstall fails, as it may in some cases, continue on with the rest of the uninstall instructions.

Once you have remove Firefox entirely then download a new copy and re-install. After that, follow the instruction above to import your bookmarks back.

Firefox may be downloaded from Here.

[Indexx]

Hello Emeraldnzl,

Any chance of reintalling my lean and mean 8.0 The newer ones kinda suck. Bloatware. I should have a copy of it somewhere

[emeraldnzl]

Any chance of reintalling my lean and mean 8.0 The newer ones kinda suck. Bloatware. I should have a copy of it somewhere

I don't recommend it, earlier versions are vulnerable to attack.

I use and really like Firefox. Bloat (if it is there) hasn't bothered me at all and I have found that security has increased a lot over the years.

Having said that if you really want earlier versions the link below takes you to a page with a link to earlier versions. You might like to try the latest version first and if it's not your "cup of tea" revert to an earlier version later.

http://support.mozil...sion-of-firefox

[Indexx]

Thanks Emeraldnzl,

I might give 11.0 or 13. another try. The newer ones just seem to use so much more computer resources.
After the service pack 3 upgrade I have 400 or less RAM left on startup. I'd have 600 to 800 Ram left over after a reboot before it.
Do you think I was ever infected with anything here and if so what was it?

Thanks for all of your help on this,

Indexx

P.S.
Wow there up to 17.0 now. I'll give it a shot.
Indexx

Edited by Indexx, 07 January 2013 - 04:58 PM.

[emeraldnzl]

Do you think I was ever infected with anything here and if so what was it?

Nothing much, there was some left over adware and orphans. The main problem was vulnerabilities with out of date programs and files. Also your computer had very little free space, so little that I was reluctant to run our tools. It's a wonder it hadn't crashed already.

The newer ones just seem to use so much more computer resources.

If you are unhappy with Firefox just don't use it or reinstall the earlier one although it won't have the same security.

Turning to memory problems, you have this on your computer which I understand is useful although I think I have read somewhere that that one uses a lot of memory. Might be worth a thought.

O4 - HKCU..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe (Globe Software)

Before going to clear away the tools we are using I would like to see whether uninstalling/reinstalling Firefox completely (including data and customizations) stops the ZoneAlarm alerts.

What do you think, do you want to do that or would you rather go straight to clearing away the tools?

[Indexx]

Ha, It's been a great computer. I usually get a new one every 12 to 18 months. I think this one is over 7 or 8 years old now. But it was a real hot rod when I got it. Not familar with win 7 or 8 but vista made me think I'd use XP forever.

Can't do without statbar. Most info is right there on my screen 24-7 Been there for many years.
Just looked at my mem. and firefox is REALLY soaking it up. Statbar not to bad. Will turn off some more of these processes when the smoke clears.
I added a photo of the task screen.
Will lose firefox this evening and try it again, maybe even chrome

Indexx

Attached Thumbnails

• 

[emeraldnzl]

Hello again Indexx,

Ha, It's been a great computer. I usually get a new one every 12 to 18 months. I think this one is over 7 or 8 years old now. But it was a real hot rod when I got it. Not familar with win 7 or 8 but vista made me think I'd use XP forever.

Yes I still have an XP OS on one of my machines and I still like it. Good for some of those older programs too.

Now

Your logs look clean to me. I will leave this topic open for a few days though in case you have continuing problems and want to come back.

In the meantime we have a couple of last steps to perform and then you're all set.

• Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
• Click on the CleanUp! button
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep.

Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

• Download Java for Windows
  
  Reboot your computer.
  You also need to unininstall older versions of Java.
  
• Click Start > Control Panel > Add or Remove Programs
• Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

• If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.
  
  * Click Start > Control Panel > System and Security > Windows Update
  * Under Windows Update click on Turn automatic updating on or off
  * Check items shown to ensure you receive updates automatically. Click OK.
  
  And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  
• Malwarebytes
• SuperAntiSpyWare

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!

[emeraldnzl]

Further to my last post, after rechecking the thread I don't see us running an online AV scan. Must have missed it... we should do that.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• Click the green ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
  then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Then click on: Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

[Indexx]

Again thank you for your time Emeraldnzl.
I'll let you know how it goes.
Indexx

[emeraldnzl]