Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Redirect Virus - please help [Solved]

Started by CoolSunrise , Sep 22 2013 11:35 AM

This topic is locked

#16
CoolSunrise

Posted 25 September 2013 - 07:36 AM

Member

Topic Starter
Member
30 posts

Thanks for the vote of confidence, but this stuff makes my skin crawl and stomach churn. Commencing with "Remove Selected."

#17
CoolSunrise

Posted 26 September 2013 - 08:07 PM

Member

Topic Starter
Member
30 posts

1. I still get the add New Hardware window upon rebooting the computer. (Hardware "Unknown") I also still have "Firefox prevented this page from automatically redirecting to another page" msg upon signing in and out of a forum, but it does not happen when using Internet Explorer.

2. AdwCleaner[SO].txt log:

# AdwCleaner v3.005 - Report created 24/09/2013 at 18:12:25
# Updated 22/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Vicki - NORTHPOLEFAMILY
# Running from : C:\Documents and Settings\Vicki\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\optimizer pro
Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\Vicki\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Vicki\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\jetpack
File Deleted : C:\END
File Deleted : C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\\invalidprefs.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3284668
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3303001
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\prefs.js ]

Line Deleted : user_pref("CT3303001.FF19Solved", "true");
Line Deleted : user_pref("CT3303001.UserID", "UN56719609023039130");
Line Deleted : user_pref("CT3303001.browser.search.defaultthis.engineName", "");
Line Deleted : user_pref("CT3303001.fullUserID", "UN56719609023039130.IN.20130919135810");
Line Deleted : user_pref("CT3303001.installDate", "19/09/2013 13:58:35");
Line Deleted : user_pref("CT3303001.installSessionId", "{905638BE-136D-4E7D-8FF1-5185C2915F5C}");
Line Deleted : user_pref("CT3303001.installSp", "TRUE");
Line Deleted : user_pref("CT3303001.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3303001.keyword", "true");
Line Deleted : user_pref("CT3303001.originalHomepage", "hxxp://www.msn.com/");
Line Deleted : user_pref("CT3303001.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3303001.originalSearchEngine", "Bing");
Line Deleted : user_pref("CT3303001.originalSearchEngineName", "Bing");
Line Deleted : user_pref("CT3303001.searchRevert", "false");
Line Deleted : user_pref("CT3303001.searchUserMode", "2");
Line Deleted : user_pref("CT3303001.smartbar.homepage", "true");
Line Deleted : user_pref("CT3303001.versionFromInstaller", "10.20.0.13");
Line Deleted : user_pref("CT3303001.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3303001&octid=CT3303001&SearchSource=61&CUI=UN56719609023039130&UM=2&UP=SPAB987A0B-496E-4E3C-B6FB-DF6372D711E3");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("extensions.crossrider.bic", "1413807650c6625cd860a20c382cf47e");

*************************

AdwCleaner[R0].txt - [5101 octets] - [24/09/2013 12:08:19]
AdwCleaner[R1].txt - [5161 octets] - [24/09/2013 18:10:59]
AdwCleaner[S0].txt - [5218 octets] - [24/09/2013 18:12:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5278 octets] ##########

3. JRT.txt log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Microsoft Windows XP x86
Ran by Vicki on Tue 09/24/2013 at 18:30:48.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\SearchProtect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411161172}

~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\nsprotector.js"

~~~ Folders

~~~ FireFox

Emptied folder: C:\Documents and Settings\Vicki\Application Data\mozilla\firefox\profiles\s66rmlhk.default\minidumps [3 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/24/2013 at 18:36:59.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4. MalwareBytes log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.24.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Vicki :: NORTHPOLEFAMILY [administrator]

9/24/2013 6:53:14 PM
mbam-log-2013-09-24 (18-53-14).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296454
Time elapsed: 2 hour(s), 27 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 16
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.

Files Detected: 106
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0072424.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0072436.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074621.exe (PUP.Optional.SevereWeatherAlerts) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074672.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074673.exe (PUP.Optional.DefaultTab) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074674.exe (PUP.Optional.DefaultTab) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074676.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074677.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074679.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074687.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074709.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074710.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074744.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074745.dll (PUP.Optional.Lyrics.A) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074747.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074748.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074749.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074750.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074752.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP295\A0074755.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\System Volume Information\_restore{9F4E94AF-261B-48AE-AC96-4A280566DA57}\RP305\A0077609.exe (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\Vicki\Desktop\Glen\My Documents\Downloads\rcpsetup2_dcomnew_sec_728_dcomnew_sec_728(1).exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vicki\Desktop\Glen\My Documents\Downloads\rcpsetup2_dcomnew_sec_728_dcomnew_sec_728.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vicki\Desktop\Glen\My Documents\Downloads\Firefox_setup.exe (PUP.Optional.Ibryte) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vicki\My Documents\Downloads\hitman-pro(1).exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vicki\My Documents\Downloads\hitman-pro.exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vicki\My Documents\Downloads\Launcher__2594_il8359654.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vicki\My Documents\Downloads\Setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\bin\rep.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\bin\SPHook32.dll_20130414175030.406 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\bin\SPHook32.dll_20130416093714.593 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\popupTransparent.xul (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\1.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\a.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\b.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\c.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\d.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\e.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\f.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\g.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\h.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\i.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\j.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\k.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\l.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\m.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\n.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\o.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\p.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\q.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\r.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\s.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\t.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\u.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\v.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\w.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\wlu.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\x.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\y.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isaiah\Application Data\PriceGong\Data\z.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.

(end)

5. ESET scan log:

C:\Documents and Settings\Vicki\Desktop\Glen\My Documents\APNSetup.exe Win32/Bundled.Toolbar.Ask.B application
C:\Program Files\Uninstaller\Uninstall.exe MSIL/DomaIQ.A application
C:\_OTL\MovedFiles\09242013_112143\C_Documents and Settings\NetworkService\Application Data\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application
C:\_OTL\MovedFiles\09242013_112143\C_Documents and Settings\NetworkService\Application Data\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A application

Thank you for your continued help! :thumbsup:

#18
godawgs

Posted 27 September 2013 - 12:56 PM

Teacher

Retired Staff
8,228 posts

Hello again,

Well AdwCleaner and JRT removed a lot of rubbish.

If you are only having the problem with Firefox it sounds like it is either a setting on the site you are visiting ar a setting in FF or an add-on in FF. Let's clear the browsing history in FF and see if that resolves it.

Click here to go to the Mozilla support page.
Scroll down to the How do I clear my history? section and follow the instructions to clear the browsing history. NOTE: Under the Time range to clear: select Everything

NEXT:

Click here to go to the Mozilla support pag for clearing the Firefox Cache and follow the instructions there. Now try the browser and see if the issue has been resolved. If it hasn't, start FF in safe mode.

How to start Firefox in Safe Mode

At the top of the Firefox window, click the Firefox button, go over to the Help menu and select [/b]Restart with Add-ons Disabled....[/b] Firefox will start up with the Firefox Safe Mode dialog.
When the Safe Mode window opens click the Start in Safe Mode button.

Posted Image

This loads FF without any add-ons. If the web site works now it is an extension, theme or add-on that is most likely causing the issue. Scroll down to the Troubleshooting problems in Safe Mode on that same Mozilla support page and follow the links and directions for troubleshooting.

If that still doesn't resolve the problem go back to the web page with the problem and look somewhere at the top or bottom of the page that says "Clear Your Cookies" or "Delete Your Cookies"

For the phantom device let's see if the Device Manage will give us any info on the device. Also ask your husband if his friend plugged any USB (thumb) drives or any other removable devices into the computer.

Click on Start and then Run.
Type the following command in the Open: text box, and then hit the Enter key or click on the OK button.

devmgmt.msc
The Device Manager should display right away.
You should see a yellow question mark or exclamation point next to on of the Devices.
Click the + sign beside the device and then post a screen shot in your next reply.

To post a screen shot:

Capture a Screen Shot

When you have the screen up that you want to capture...click on the ALT key + PRT SCR key. This will put the screen shot in the clipboard.
Click on Start>> All Programs>> Accessories>> Paint. A Paint window will open up.
Left click in the white area and press the CTRL + V keys. This will paste the screen shot from the clipboard into the Paint window.
On the Menu bar at the top of the Paint window, click on File, click on Save and save it to your desktop.
In the File Name box, name it something related to the screen your capturing.
In the Save as type: box, BE SURE TO SAVE IT AS A .JPG ...otherwise it may be to big to upload.

To upload the screen shot and put it in a post, click on this link for directions.

#19
CoolSunrise

Posted 27 September 2013 - 03:10 PM

Member

Topic Starter
Member
30 posts

Firefox: I did all the things you recommended, but I still get the msg on signing in and out of the forum. I do see where I can ask Mozilla Firefox about that so its OK if you are out of ideas about it. I leave that up to you.

New Hardware problem:

ESET scan log: It looks like the 1st entry in the log is the USER ID I deleted. I chose to save it to my desktop at the time. I would like to delete the whole thing and start from scratch on that when you give me the go-ahead.

Edited by CoolSunrise, 27 September 2013 - 03:49 PM.

#20
godawgs

Posted 27 September 2013 - 11:13 PM

Teacher

Retired Staff
8,228 posts

Firefox: I did all the things you recommended, but I still get the msg on signing in and out of the forum. I do see where I can ask Mozilla Firefox about that so its OK if you are out of ideas about it. I leave that up to you.

My last suggestion would be to reset Firefox. Please click here to go to the Mozilla support page and follow the instructions to reset Firefox.

For the Found New Hardware message:

Open the device manager again. Click the + beside Other Devices. Then right click on the first PCI serial Port device. Click Properties. The device property page will open. click the Driver tab. The driver page will open. Click the Driver Detailsbutton[/b]. Under the Driver files: section copy down the information in the Driver files: box. Repeat for the other PCI device and the Unknown device.
Post that information in your next reply.

ESET scan log: It looks like the 1st entry in the log is the USER ID I deleted.

Did I miss something? When did this happen?

#21
CoolSunrise

Posted 28 September 2013 - 09:40 AM

Member

Topic Starter
Member
30 posts

1. Resetting Firefox fixed the problem so I deleted the old data folder Firefox created like they suggested. :thumbsup:

Thank you!

2. Found New Hardware msg: I did what you said for all three devices and had the same Windows msg box pop up for all 3 of them: "No driver files are required or have been loaded for this sight." Only one option to click: OK.

3. You asked before if the other guy that was here plugged in any hardware like a thumbdrive, etc - the answer is no.

4.

Quote
ESET scan log: It looks like the 1st entry in the log is the USER ID I deleted.

Did I miss something? When did this happen?

Post #6 - After they took it upon themselves to tinker I removed the USER ID they were using. During the process I was given the option to delete it all or save it to a folder on my desktop. I didn't know if deleting it would cause a problem for you so I saved it to my desktop. The ESET scan log's first entry shows my desktop with a folder named Glen - that's his old USER ID. When it is OK, I would like to delete the whole thing and he can start from scratch - he needed to clean it up anyway. I hope this hasn't caused problems.

Thank you for your continued efforts for me. If you ate a pizza for every time I wished I could have bought you one you'd never want to see another slice again.

Edited by CoolSunrise, 28 September 2013 - 09:40 AM.

#22
godawgs

Posted 28 September 2013 - 11:44 AM

Teacher

Retired Staff
8,228 posts

1. Resetting Firefox fixed the problem so I deleted the old data folder Firefox created like they suggested. Thank you!

Good Job!

2. Found New Hardware msg: I did what you said for all three devices and had the same Windows msg box pop up for all 3 of them: "No driver files are required or have been loaded for this sight." Only one option to click: OK.

This sounds like a web site looking for a driver. I seem to recall that SuperAntiSpyware has been known to cause this kind of issue when it it uninstalled. So we will run the SuperAntiSpyware uninstall tool and then delete the devices in the Device Manager and see if that resolves it

3. You asked before if the other guy that was here plugged in any hardware like a thumbdrive, etc - the answer is no.

Thank you.

Post #6 - After they took it upon themselves to tinker I removed the USER ID they were using. During the process I was given the option to delete it all or save it to a folder on my desktop. I didn't know if deleting it would cause a problem for you so I saved it to my desktop. The ESET scan log's first entry shows my desktop with a folder named Glen - that's his old USER ID. When it is OK, I would like to delete the whole thing and he can start from scratch - he needed to clean it up anyway. I hope this hasn't caused problems.

Acknowledged. And you should be able to delete the folder on the desktop now.

Thank you for your continued efforts for me. If you ate a pizza for every time I wished I could have bought you one you'd never want to see another slice again.

You are very welcome. Make it a double Pepperoni, with some :pepsi:

please.

Step-1.

SAS Uninstaller Tool

Click here to download the SuperAntiSpyware uninstall tool. Save it to the desktop.
Close all Windows and the browser.
Double click the SASUNINST.EXE file to launch the program and follow the on screen instructions.
Reboot the computer after the tool has finished.

If the Found New Hardware messages are gone you don't need to follow the instructions below. If the message is still there:

Step-2.

Open the Device Manager again.
Click the + beside Other Devices
Right click each entry under the Other devices and click Delete on the context menu.
Reboot the computer.

#23
CoolSunrise

Posted 28 September 2013 - 12:31 PM

Member

Topic Starter
Member
30 posts

Oh, dear, I must be particularly dense on Saturday mornings because I cannot for the life of me find an Uninstaller Tool on the website you sent me to in step 1. Please look at the website and tell me exactly what I am looking for. Thank you.

:mellow:

#24
godawgs

Posted 28 September 2013 - 04:51 PM

Teacher

Retired Staff
8,228 posts

it isn't you. I messed up the link. Try it now.

#25
CoolSunrise

Posted 28 September 2013 - 05:44 PM

Member

Topic Starter
Member
30 posts

Found New Hardware prompt gone after doing Step 1.

What's next? I remember you said AdwCleaner & JRT removed a lot of junk, and I believe you had me deleted the stuff MBAM found, what about the ESET scan log or anything else? I hope that doesn't sound impatient, I'm just trying to refresh my memory on where we were.

Thank you!

Edited by CoolSunrise, 28 September 2013 - 05:46 PM.

#26
godawgs

Posted 29 September 2013 - 09:14 AM

Teacher

Retired Staff
8,228 posts

What's next? I remember you said AdwCleaner & JRT removed a lot of junk, and I believe you had me deleted the stuff MBAM found, what about the ESET scan log or anything else? I hope that doesn't sound impatient, I'm just trying to refresh my memory on where we were.

It can get confusing can't it? MBAM did remove all it found except the files in System Restore, the file in the user ID that you deleted but saved to the desktop and one other. We will remove the files in system restore and the C:\Program Files\Uninstaller\Uninstall.exe file during the clean up process. Once you delete the user ID folder that you saved to the desktop that will take care of that file.

Next we want to run a tool to check the system services and a tool to check for any programs that need to be updated. After that is done, if there are no further issues, we will be ready to clean up. See, we're almost there

Step-1.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.

Double click the FSS.exe file to run it.
Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Step-2.

Run Security Check

Download Security Check from here or here and save it to the Desktop.

Double click the SecurityCheck icon to run the application.
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The FSS.txt log
2. The checkup.txt log

#27
CoolSunrise

Posted 29 September 2013 - 10:47 AM

Member

Topic Starter
Member
30 posts

1. FSS.txt log:

Farbar Service Scanner Version: 13-09-2013
Ran by Vicki (administrator) on 29-09-2013 at 09:37:46
Running from "C:\Documents and Settings\Vicki\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A0000000400000001000000020000000300000009000000080000000A000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

2. checkup.txt log:

Results of screen317's Security Check version 0.99.73
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
A
V
G
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
F
r
e
ECHO is off.
E
d
i
t
i
o
n
ECHO is off.
2
0
1
4
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.8.800.168
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

3. I deleted the USER ID from my desktop yesterday.

#28
godawgs

Posted 29 September 2013 - 11:24 AM

Teacher

Retired Staff
8,228 posts

The services are :thumbsup:

There is one program to update and then we'll get one last OTL scan. If all is ok then we will be ready to clean up.

Step-1.

Update Adobe Reader

Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.

Go to Start > Control Panel > Add/Remove Programs
Remove ALL instances of Adobe Reader. The versions I see on the system are:
- Adobe Reader 10.1.8
Re-boot your computer as required.
Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here.
Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.
Click the Download Now button to download Adobe Reader and follow the directions.

Alternative Option: After uninstalling Adobe Reader, you could try installing Foxit Reader from HERE. Foxit Reader is a much smaller program. It has fewer add-ons therefore loads more quickly.
NOTE: When installing FoxitReader, be careful not to install anything to do with AskBar or any other 3rd party software.

Step-2.

Posted Image

OTL Scan

Please re-open Posted Image

on the desktop. To do that:

XP users: Double click the OTL icon.
At the top of the console, click the box beside Scan All Users
Make sure the Output box at the top is set to Standard Output.
Click the box beside LOP Check and Purity Check
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted.
When the scan completes, it will open OTL.Txt. This file is saved in the same location as OTL.
Please copy the contents of this file and paste it into your reply. To do that:
On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the Adobe Reader went.
2. The new OTL.txt log
3. Are there any other issues?

#29
CoolSunrise

Posted 29 September 2013 - 12:20 PM

Member

Topic Starter
Member
30 posts

1. Adobe Reader Uninstalled & Installed w/o a problem. I'll check into Foxit Reader at a later date. Thanks.

2. OTL.txt log:

OTL logfile created on: 9/29/2013 10:53:27 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Vicki\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 627.57 Mb Available Physical Memory | 61.89% Memory free
2.38 Gb Paging File | 2.03 Gb Available in Paging File | 85.26% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.39 Gb Total Space | 19.48 Gb Free Space | 62.06% Space Free | Partition Type: NTFS

Computer Name: NORTHPOLEFAMILY | User Name: Vicki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/22 09:16:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vicki\Desktop\OTL.exe
PRC - [2013/09/15 23:12:16 | 004,851,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/09/15 23:08:30 | 000,895,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/09/03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/09/03 22:22:16 | 000,588,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/09/02 11:19:00 | 000,669,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/09/02 09:46:43 | 002,202,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
PRC - [2013/08/20 23:03:42 | 000,728,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2011/01/23 20:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2011/01/23 20:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010/04/14 21:08:14 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeccoms.exe
PRC - [2010/04/14 21:08:06 | 000,193,192 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxecserv.exe
PRC - [2008/08/21 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2013/09/02 09:46:43 | 002,202,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
MOD - [2011/01/23 20:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2011/01/23 20:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010/04/05 06:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epoemdll.dll
MOD - [2010/04/05 06:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2010/04/05 06:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epwizres.dll
MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epwizard.dll
MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epfunct.dll
MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\eputil.dll
MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\imagutil.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009/11/04 14:14:20 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxecdrpp.dll
MOD - [2009/05/27 13:16:52 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxecdatr.dll
MOD - [2009/05/27 13:13:38 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeccats.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009/02/20 09:48:44 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\lxecsmr.dll
MOD - [2009/02/20 09:48:04 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\lxecsm.dll

========== Services (SafeList) ==========

SRV - [2013/09/22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/19 13:30:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/17 12:53:35 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2010/04/14 21:08:14 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxeccoms.exe -- (lxec_device)
SRV - [2010/04/14 21:08:06 | 000,193,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/09/10 22:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/08 22:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/09/02 10:39:32 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/09/02 10:28:06 | 000,145,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/09/02 10:28:04 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/09/02 10:28:00 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/08/20 22:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/08/01 16:06:14 | 000,120,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2008/11/23 22:56:50 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 2E E7 51 84 B9 CE 01 [binary data]
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\..\SearchScopes\{687DEFE4-5A4A-45CA-B22A-00331D0C5016}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2013/01/06 10:26:58 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2013/02/09 16:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Extensions
[2013/09/29 07:48:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\m8vc46zo.default-1380379518609\extensions
[2013/09/29 07:37:58 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\m8vc46zo.default-1380379518609\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/09/29 07:48:38 | 001,314,979 | ---- | M] () (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\m8vc46zo.default-1380379518609\extensions\[email protected]
[2013/09/17 13:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/17 13:14:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2008/08/21 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1356147684000 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E76578B-BEE8-479F-956A-57B71864310E}: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Vicki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vicki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/08 17:52:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/29 10:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/09/29 10:48:00 | 050,573,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Vicki\Desktop\AdbeRdr11004_en_US.exe
[2013/09/29 09:34:56 | 000,358,923 | ---- | C] (Farbar) -- C:\Documents and Settings\Vicki\Desktop\FSS.exe
[2013/09/28 16:30:32 | 000,101,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Vicki\Desktop\SASUNINST.EXE
[2013/09/26 16:45:17 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Vicki\Desktop\esetsmartinstaller_enu.exe
[2013/09/26 08:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/09/24 18:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\Application Data\Malwarebytes
[2013/09/24 18:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/24 18:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/09/24 18:50:23 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/09/24 18:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/09/24 18:30:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/24 17:24:37 | 010,284,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Vicki\Desktop\mbam-setup.exe
[2013/09/24 17:21:55 | 001,030,038 | ---- | C] (Thisisu) -- C:\Documents and Settings\Vicki\Desktop\JRT.exe
[2013/09/24 12:08:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/24 11:35:08 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Vicki\Desktop\aswmbr.exe
[2013/09/23 13:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\Application Data\AVG2014
[2013/09/23 13:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\Local Settings\Application Data\Avg2014
[2013/09/23 11:58:02 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/23 11:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/09/23 11:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/09/22 14:26:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/22 09:17:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vicki\Desktop\OTL.exe
[2013/09/19 14:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/09/19 14:23:02 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/09/19 13:58:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/09/17 13:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/16 15:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\My Documents\Homeschool
[2013/09/09 09:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG 0913a Campaign

========== Files - Modified Within 30 Days ==========

[2013/09/29 10:51:15 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/09/29 10:48:04 | 050,573,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Vicki\Desktop\AdbeRdr11004_en_US.exe
[2013/09/29 10:44:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/29 10:44:30 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job
[2013/09/29 10:44:27 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\AVG_SYS_TASK.job
[2013/09/29 10:43:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/29 10:29:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/29 09:40:26 | 000,891,144 | ---- | M] () -- C:\Documents and Settings\Vicki\Desktop\SecurityCheck.exe
[2013/09/29 09:36:35 | 000,358,923 | ---- | M] (Farbar) -- C:\Documents and Settings\Vicki\Desktop\FSS.exe
[2013/09/28 16:30:29 | 000,101,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Vicki\Desktop\SASUNINST.EXE
[2013/09/27 15:08:40 | 000,009,193 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\MSN homepage.odt
[2013/09/27 13:54:47 | 000,052,214 | ---- | M] () -- C:\Documents and Settings\Vicki\Desktop\devicemanager.JPG
[2013/09/26 16:45:18 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Vicki\Desktop\esetsmartinstaller_enu.exe
[2013/09/26 08:48:36 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2013/09/24 22:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/24 18:50:26 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/24 17:59:06 | 000,036,746 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\geekstogo redirect virus.odt
[2013/09/24 17:24:53 | 010,284,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Vicki\Desktop\mbam-setup.exe
[2013/09/24 17:21:51 | 001,030,038 | ---- | M] (Thisisu) -- C:\Documents and Settings\Vicki\Desktop\JRT.exe
[2013/09/24 12:06:05 | 001,042,066 | ---- | M] () -- C:\Documents and Settings\Vicki\Desktop\AdwCleaner.exe
[2013/09/24 11:57:29 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Vicki\Desktop\MBR.dat
[2013/09/24 11:34:59 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Vicki\Desktop\aswmbr.exe
[2013/09/22 09:16:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vicki\Desktop\OTL.exe
[2013/09/19 14:23:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/09/19 13:58:55 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Vicki\ntuser.pol
[2013/09/19 13:30:23 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/19 13:30:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/17 12:15:55 | 000,013,908 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Glen's Daily Work Record
[2013/09/16 19:37:28 | 000,036,209 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\2013 Food Pantry Income Verification.odt
[2013/09/16 19:21:24 | 000,033,359 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Logo
[2013/09/12 03:17:43 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/10 22:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/09/10 05:57:50 | 000,010,726 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\Client form.odt
[2013/09/09 14:58:38 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Vicki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/08 22:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2013/09/07 13:17:30 | 000,052,725 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\ABA Stories.odt
[2013/09/02 10:39:32 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2013/09/02 10:28:06 | 000,145,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2013/09/02 10:28:04 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2013/09/02 10:28:00 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys

========== Files Created - No Company Name ==========

[2013/09/29 10:51:14 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/09/29 10:51:13 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/09/29 09:40:30 | 000,891,144 | ---- | C] () -- C:\Documents and Settings\Vicki\Desktop\SecurityCheck.exe
[2013/09/27 15:08:39 | 000,009,193 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\MSN homepage.odt
[2013/09/27 13:54:47 | 000,052,214 | ---- | C] () -- C:\Documents and Settings\Vicki\Desktop\devicemanager.JPG
[2013/09/24 18:50:26 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/24 12:06:10 | 001,042,066 | ---- | C] () -- C:\Documents and Settings\Vicki\Desktop\AdwCleaner.exe
[2013/09/24 11:57:29 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Vicki\Desktop\MBR.dat
[2013/09/23 11:59:05 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2013/09/22 12:52:51 | 000,036,746 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\geekstogo redirect virus.odt
[2013/09/19 13:58:53 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Vicki\ntuser.pol
[2013/09/16 20:33:55 | 000,013,908 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Glen's Daily Work Record
[2013/09/16 19:31:41 | 000,036,209 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\2013 Food Pantry Income Verification.odt
[2013/09/16 19:21:23 | 000,033,359 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Logo
[2013/09/09 13:01:32 | 000,010,726 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\Client form.odt
[2013/09/09 09:46:01 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\AVG_SYS_TASK.job
[2013/09/09 09:44:16 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job
[2013/09/07 13:17:29 | 000,052,725 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\ABA Stories.odt
[2013/04/02 06:40:56 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Vicki\hotshot.db
[2013/04/02 06:40:56 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Vicki\files.db
[2013/01/22 16:38:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/15 12:21:18 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXECinst.dll
[2013/01/15 12:21:11 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomm.dll
[2012/12/27 17:03:40 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Vicki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/21 20:55:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2013/01/06 10:24:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/08/21 05:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/08/21 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/04 08:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/09/09 09:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG 0913a Campaign
[2013/09/23 11:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2012/12/23 22:36:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/06/17 08:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro800-Pro900 Series
[2013/09/29 08:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/12/23 06:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/09 08:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/01/04 08:28:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/09/26 08:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013/01/05 19:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2013/06/17 08:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WeatherBlink
[2013/01/04 08:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\AVG
[2013/09/23 13:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\AVG2014
[2013/03/17 12:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\CouponMatcher
[2013/01/04 10:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\MSNInstaller
[2013/01/04 10:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\OfficeSuiteX

========== Purity Check ==========

< End of report >

QUESTIONS about the OTL log - what is CouponMatcher and WeatherBlink?

When resetting Firefox yesterday I did lose my add-ons so I put them back on this morning: Ghostery & Forecastfox Weather.

3. Any other issues? My refrigerator leaks. :whistling:

There are no other computer issues.

I cannot give high enough praise for this forum and your diligence.

#30
godawgs

Posted 29 September 2013 - 04:59 PM

Teacher

Retired Staff
8,228 posts

Glad the update went without a hitch. I don't see anything in the new OTL log.

...about the OTL log - what is CouponMatcher and WeatherBlink?

A browser toolbar, add-on or extension that were most likely added by one of the malware programs we uninstalled or one of the other browser entries we killed with an earlier OTL fix. The CouponMatcher is just that. It is supposedly coupon database that will let you search coupons. Nothing wrong with that but it's one of those little surprises that also has tracking capabilities and adware and is installed without the user's knowledge. So we just remove them.

See this page for an explanation of the WeatherBlink toolbar.
I will remove the entries in the ApplicationData folder with the OTL cleanup. The main files have already been killed.

When resetting Firefox yesterday I did lose my add-ons so I put them back on this morning: Ghostery & Forecastfox Weather.

Unfortunately that's one of the drawbacks to resetting FF. That's why I use it as a last resort. The good news is you only had two. You would not believe the number of logs I see where 20+ add-ons have been added to each browser.

3. Any other issues? My refrigerator leaks.

Get a lot of dry towels.
Place some under the leaking refrig.
Replace the wet towels with dry ones as needed

2.
Call an appliance repair company and schedule a repair appointment.

3.
Tell your husband that his part of cleaning the computer is buying a new refrigerator. :rofl:

If you are a happy camper now we will clean up the tools we used and I will give some suggestions for keeping the computer more secure in the future.

OK! Well done. :thumbsup:

Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

In post #13 you told me that you went into the power settings and changed the TURN OFF MONITOR button to NEVER. Don't forget to change it back.

I would suggest that you keep MBAM and use it to scan the system with a Quick Scan frequently and a Full Scan at least monthly. You don't need to buy the Pro version because you don't need it running in the background.
I would also recommend that you not reinstall SuperAntiSpyware. You've seen what kind of problems it can cause when you try to uninstall it.

If you didn't uninstall ESET after running the program we will do it now.

Step-1.

Uninstall ESET

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

ESET

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\ESET

2. Close Windows Explorer.

Step-2.

Uninstall AdwCleaner

Re-open AdwCleaner

Click the Uninstall button
Confirm with yes

Step-3.

OTL Cleanup
1. Please copy all of the text in the Quote box below (Do Not copy the word Quote). To do this, highlight everything inside the Quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
[2013/09/26 08:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013/06/17 08:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WeatherBlink
[2013/03/17 12:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\CouponMatcher

:FILES
C:\Program Files\Uninstaller\Uninstall.exe

:COMMANDS
[EMPTYTEMP]
Please re-open on your desktop.
Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
Click the button.
Let the program run unhindered. When finished click the OK button and close the log that appears.
NOTE: I do not need to review the log produced.
OTL may ask to reboot the machine. Please do so if asked.

2. Please re-open Posted Image

on your desktop.

Be sure all other programs are closed as this step will require a reboot.
Click on
You will be prompted to reboot your system. Please do so.

The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-4.

Delete the following Files and Folders (If Present):

esetsmartinstaller_enu.exe
AdbeRdr11004_en_US.exe
SecurityCheck.exe
checkup.txt
SASUNINST.EXE
mbam-setup.exe
MBR.dat
JRT.exe
JRT.txt

Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

Step-5.

Reset Hidden Files and Folders

1. Click Start.
2. Open My Computer.
4. Select the Tools menu and click Folder Options.
5. Select the View tab.
6. Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
7. Click the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.

Step-6.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Windows XP

Click Start > All Programs > Accessories > System tools > System Restore. The System Restore Wizard opens.
Note: If the System Restore Wizard does not open, the System Restore feature may be turned off. To turn System Restore on, follow these steps:
Click Start, click Control Panel, and then double-click System.
Click the System Restore tab.
Make sure that the Turn off System Restore check box is not selected. Or, make sure that the Turn off System Restore on all drives check box is not selected.
Click OK.

[*] On the dialogue box that appears select Create a Restore Point
[*] Click NEXT
[*] Enter a name e.g. Clean
[*] Click CREATE
[*] Close System Restore[/list]Turn OFF System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
System Restore will now be active again.

After all of this is done you can defragment the hard disk. It will make accessing files faster and reduce wear and tear on the hard disk.

Step-7.

Defragment Windows

For XP

Click on Start, then click Run
In the Open box type in CMD and click on OK.
At the Command Prompt C:\ > type CD C:\ and press the Enter key
Now type in: DEFRAG C: -F and press the Enter key.
A Analysis report will be displayed and then Windows will start the Defragmention run automatically. This may take some time.
When completed the Command Prompt C:\ > will appear.
Type Exit and press the Enter key to exit the Command Window.

Preventing Re-Infection

Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable.
Please either enable Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

XP Users: You must use Internet Explorer to Update Windows.

1. Click Start> All Programs, in the programs window that comes up, look for Windows Update toward the top of the list and click it.

:Turn On Automatic Updates:

XP Users:
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:

For Firefox, install the NoScript add-on.
For Chrome, install the Script-No add-on.
NOTE: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Java.
Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)

If you still want to keep Java

Click the Start button
Click Control Panel
Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
Click the Update tab
Click Update Now
Allow any updates to be downloaded and installed

: Keep Adobe Reader Updated :

Open Adobe Reader
Click Help on the menu at the top
Click Check for Updates
Allow any updates to be downloaded and installed

NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

NOTE: Many installers offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

This webpage is worth bookmarking/reading for future reference:
Securing Your Web Browser

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.

NoScript - for blocking ads and other potential website attacks
WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

:Install the MVPs Hosts File:

MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========

Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
SpywareGuard-to catch and block spyware before it can execute. A tutorial can be found here.
WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.

It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========

TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.

:BACKUPS:

Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT-(Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

:Keep Installed Programs Up to Date:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A program that will do this is listed below. Download and install the program and run it monthly:
Filehippo Update Checker

Finally, please read How did I get infected in the first place? by Mr. Tony Cline

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

IF I have helped you and you want to say "thanks", you can do that by clicking the Rep+ button at the bottom right of this post.

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave: