TechSpot

Google redirect malware

By confused99
Dec 4, 2011
  1. Hi,

    I'm a complete newbie to this site but I've already learnt a lot.
    My laptop is infected by redirecting my google searches to other sites.
    Malwarebytes produces clean output for quick scans but seems to crash the computer on a full scan.

    I'm running Foxpro 8 on XP and I'm also getting JIT Debugger interrupts.

    Can you please help me?

    Many thanks

    Confused
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I will do my best to help with the malware and hopefully in the process, make you less confused!

    The redirects are being caused by many different malwares. There really isn't "Google Virus Redirect"- it's usually called that because most of us use the Google Search Engine, so it gets the rap.

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    If you have any questions along the way or if a scan doesn't go as it's suppose to, please stop and tell me what happens.
    ======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  3. confused99

    confused99 TS Rookie Topic Starter

    Many thanks for your help so far Bobbye. Very much appreciated.

    Please find below a continuous paste of all logs as requested. I look forward to hearing from you. Once again, many thanks

    Confused99

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8314

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    05/12/2011 10:30:12
    mbam-log-2011-12-05 (10-30-12).txt

    Scan type: Quick scan
    Objects scanned: 199517
    Time elapsed: 14 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-05 10:46:12
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD12 rev.01.0
    Running: d0hxsf77.exe; Driver: C:\DOCUME~1\Susan\LOCALS~1\Temp\kwlyrkog.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF71E8210]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF71E8224]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF71E8250]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF71E82A6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF71E81FC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF71E81D4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF71E81E8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF71E823A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF71E827C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF71E8266]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF71E82D0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF71E82BC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF71E8290]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----.
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
    Run by Susan at 10:54:16 on 2011-12-05
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.436 [GMT 0:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\SiteRanker\SiteRankTray.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MESSEN~1\Msmsgs.exe
    C:\Program Files\Logitech\Vid\vid.exe
    C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
    C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
    C:\Program Files\Logitech\LWS\LU\LULnchr.exe
    C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\System32\ping.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://alk.tiehallinto.fi/alk/english/kelikamerat/kelikamerat_5.html
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = hxxp://uk.yahoo.com/fsc/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com
    uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
    BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
    BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110522183238.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    uRun: [MSMSGS] "c:\progra~1\messen~1\Msmsgs.exe" /background
    uRun: [Tyeqokoxev] rundll32.exe "c:\windows\hevdme40.dll",Startup
    uRun: [Logitech Vid] "c:\program files\logitech\vid\Vid.exe" -bootmode
    uRun: [Logitech Vid HD] "c:\program files\logitech\vid\vid.exe" -bootmode
    uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe http://www.symantec.com/techsupp/se...0000045.00000119&c=00000082.00000049.000000b9
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [SMSERIAL] sm56hlpr.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [SiteRanker] "c:\program files\siteranker\SiteRankTray.exe"
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\susan\startm~1\programs\startup\back2zip.lnk - c:\program files\back2zip\Back2zip.exe
    StartupFolder: c:\docume~1\susan\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    uPolicies-system: EnableProfileQuota = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\ypager.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    LSP: mswsock.dll
    DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{EA070ED0-2906-4E69-B68A-B58F72349046} : DhcpNameServer = 192.168.1.254
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: fdewuqe - c:\documents and settings\networkservice\local settings\application data\fdewuqe.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\susan\application data\mozilla\firefox\profiles\bs7mtv0w.default\
    FF - prefs.js: browser.startup.homepage - hxxp://alk.tiehallinto.fi/alk/english/kelikamerat/kelikamerat_5.html
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\siteranker\firefox\components\siterank.dll
    FF - plugin: c:\documents and settings\susan\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-25 387480]
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-2-27 34880]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-2-20 29056]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-25 84200]
    R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-20 54752]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 271480]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 271480]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-25 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-25 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-25 141792]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-25 56064]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-25 153280]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-25 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 88736]
    S2 0124951317495313mcinstcleanup;McAfee Application Installer Cleanup (0124951317495313);c:\windows\temp\012495~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\012495~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-6-26 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-25 52320]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-25 84488]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-12-9 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-12-9 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-12-9 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-12-9 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-12-9 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-12-9 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-12-9 109864]
    S3 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 10:55:44.23 ===============

    Edit: Duplicate DDS.txt log deleted by Bobbye
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    There are two different logs from the DDS scan. You left the log named DDS.txt twice, so I deleted the duplicate.

    Please search the system for the other log, Attach.txt and paste it into your next reply. 'Attach' is only a name, not an instruction. You don't need to zip it either.
    =============================================
    We have many entries to remove, but I'd like to ask if this is your intentional homepage:
    This appears to be Finnish Transport Agency | Travel and traffic information> Tiehallinto.

    Do you have any processes on the system that are in a language other than English? There are some process I haven't been able to ID yet.
    ===========================================
    We are going to let Combofix help do the work first:
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ==================================
    Let's do an online virus scan also:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ====================================
    Please include logs for Attach.txt from DDS, Combofix and Eset in your next reply.
    -------------------------
    You have to be very careful to look for any pre-checked processes on a download screen. You have entries for the AskBar which is a common one we remove.
     
  5. confused99

    confused99 TS Rookie Topic Starter

    Hi Bobbye.

    The home page is intentional as my wife enjoys looking at the webcams and weather in Lapland (the North of Finland) where you can watch moose (we call them elk in Europe) cross the road and where we have enjoyed the occasional skiing vacation. (Has it ever snowed in Florida??)

    My apologies for duplicating the dds log. It was not intententional. I have included the attach file this time along with the combofix and also the eset log as requested.

    I really appreciate your help… Since doing this, the laptop has quietened down quite a lot though I see a threat in the eset log. The first eset run locked up at 99% so I restarted and the second run discovered the rootkit.

    How would you like me to proceed?

    With thanks

    Confused…..







    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 27/12/2006 15:14:28
    System Uptime: 05/12/2011 10:03:26 (0 hours ago)
    .
    Motherboard: FUJITSU SIEMENS | | AMILO Pi 1505
    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | U2E1 | 1600/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 76.633 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0.7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Astro Gemini Screensaver Manager 1.2
    Avanquest update
    BBC iPlayer Desktop
    Bing Bar
    Bonjour
    BT NetProtect Plus
    CameraHelperMsi
    CCleaner (remove only)
    Coupon Printer
    cr_ss_05_07B Screen Saver
    Crawler Wallpaper
    EasyWeather
    erLT
    Eusing Free Registry Cleaner
    Facebook Plug-In
    FrostWire 4.13.5
    GearDrvs
    Google Earth
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Junk Mail filter update
    kittyandbird_3136686 Screen Saver
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Logitech Audio Echo Cancellation Component
    Logitech Vid
    Logitech Video Enumerator
    Logitech Webcam Software
    Logitech® Camera Driver
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Premium
    Microsoft PhotoDraw 2000
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MobileMe Control Panel
    Motorola SM56 Data Fax Modem
    Mozilla Firefox 8.0 (x86 en-GB)
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Nero BurnRights
    Nero Digital
    Nero OEM
    NeroVision Express Content
    O2Micro Flash Memory Card Windows Driver V2.04
    Pdf995
    PowerDVD
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Safari
    Screensavers.com Content
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB2586448)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Shareaza version 2.2.5.0
    SiteRanker
    Skype™ 3.5
    Software Update for Web Folders
    Thoosje Quick Xp Optimizer Installer V2
    UMVPLStandalone
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Messenger 5.1
    Windows Messenger 5.1 MUI Pack
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB919803
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    Winter 3D Screensaver 1.0
    Yahoo! Detect
    Yahoo! Messenger with BT Communicator
    .
    ==== Event Viewer Messages From Past Week ========
    .
    04/12/2011 19:51:25, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid PCIIde SiSRaid2 viamraid
    03/12/2011 18:00:49, error: Service Control Manager [7034] - The AMService service terminated unexpectedly. It has done this 1 time(s).
    03/12/2011 14:58:30, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    .
    ==== End Of File ===========================







    ComboFix 11-12-05.04 - Susan 05/12/2011 21:36:26.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.616 [GMT 0:00]
    Running from: c:\documents and settings\Susan\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Susan\GoToAssistDownloadHelper.exe
    c:\documents and settings\Susan\Local Settings\Application Data\{F3946084-F827-47CF-8405-5E66AC3422E2}
    c:\documents and settings\Susan\Local Settings\Application Data\{F3946084-F827-47CF-8405-5E66AC3422E2}\chrome.manifest
    c:\documents and settings\Susan\Local Settings\Application Data\{F3946084-F827-47CF-8405-5E66AC3422E2}\chrome\content\overlay.xul
    c:\documents and settings\Susan\Local Settings\Application Data\{F3946084-F827-47CF-8405-5E66AC3422E2}\install.rdf
    c:\windows\$NtUninstallKB1242$\1378244348\@
    c:\windows\$NtUninstallKB1242$\1378244348\bckfg.tmp
    c:\windows\$NtUninstallKB1242$\1378244348\cfg.ini
    c:\windows\$NtUninstallKB1242$\1378244348\Desktop.ini
    c:\windows\$NtUninstallKB1242$\1378244348\keywords
    c:\windows\$NtUninstallKB1242$\1378244348\kwrd.dll
    c:\windows\$NtUninstallKB1242$\1378244348\L\phsfinjv
    c:\windows\$NtUninstallKB1242$\1378244348\U\00000001.@
    c:\windows\$NtUninstallKB1242$\1378244348\U\00000002.@
    c:\windows\$NtUninstallKB1242$\1378244348\U\00000004.@
    c:\windows\$NtUninstallKB1242$\1378244348\U\80000000.@
    c:\windows\$NtUninstallKB1242$\1378244348\U\80000004.@
    c:\windows\$NtUninstallKB1242$\1378244348\U\80000032.@
    c:\windows\$NtUninstallKB1242$\82374754
    c:\windows\4ff345dfbh521
    c:\windows\bwUnin-7.2.0.157-8876480SL.exe
    c:\windows\kb913800.exe
    c:\windows\system32\regobj.dll
    c:\windows\$NtUninstallKB1242$ . . . . Failed to delete
    .
    c:\windows\system32\proquota.exe was missing
    Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-05 21:54 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
    2011-12-05 21:54 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
    2011-12-05 18:53 . 2011-10-18 14:29 28760 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-15 13:16 . 2010-08-25 01:07 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-10-15 13:16 . 2010-08-25 01:07 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-10-15 13:16 . 2010-08-25 01:07 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-10-15 13:16 . 2010-08-25 01:07 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-10-15 13:16 . 2010-08-25 01:07 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-10-15 13:16 . 2010-08-25 01:07 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-10-15 13:16 . 2010-08-25 01:07 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-10-15 13:16 . 2010-08-25 01:07 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-10-15 13:16 . 2010-08-25 01:07 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-10-15 13:16 . 2010-08-25 01:07 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-10-10 14:22 . 2006-09-22 05:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2006-09-22 07:47 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 10:41 . 2006-09-22 07:47 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 10:41 . 2006-09-22 07:47 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-11-11 14:51 . 2011-05-06 19:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-14 13:01 . 2011-02-18 17:17 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-03-15 66912]
    .
    [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
    2008-03-15 21:31 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
    2010-12-10 10:18 349624 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
    "Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
    "Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
    "SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
    "SiteRanker"="c:\program files\SiteRanker\SiteRankTray.exe" [2011-09-12 320000]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Admin\Start Menu\Programs\Startup\
    Back2zip.lnk - c:\program files\Back2zip\Back2zip.exe [2006-12-29 535552]
    .
    c:\documents and settings\Susan\Start Menu\Programs\Startup\
    Back2zip.lnk - c:\program files\Back2zip\Back2zip.exe [2006-12-29 535552]
    BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-2-18 142336]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\Msmsgs.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
    "c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
    .
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27/02/2006 14:00 34880]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20/02/2006 15:01 29056]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [25/08/2010 01:07 89792]
    R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15/06/2011 16:33 249648]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [25/08/2010 01:06 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [25/08/2010 01:06 214904]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [25/08/2010 01:07 160608]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [25/08/2010 01:07 150856]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16/09/2010 13:06 80896]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [25/08/2010 01:07 57600]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [25/08/2010 01:07 338176]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [25/08/2010 01:07 83856]
    S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [07/07/2011 18:31 195336]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [26/06/2011 10:40 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 17:01 21248]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [25/08/2010 01:07 83856]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [25/08/2010 01:07 87656]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [09/12/2009 19:27 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [09/12/2009 19:27 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [09/12/2009 19:27 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [09/12/2009 19:27 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [09/12/2009 19:27 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [09/12/2009 19:27 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [09/12/2009 19:27 109864]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://alk.tiehallinto.fi/alk/english/kelikamerat/kelikamerat_5.html
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = hxxp://uk.yahoo.com/fsc/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\bs7mtv0w.default\
    FF - prefs.js: browser.startup.homepage - hxxp://alk.tiehallinto.fi/alk/english/kelikamerat/kelikamerat_5.html
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Tyeqokoxev - c:\windows\hevdme40.dll
    Notify-fdewuqe - c:\documents and settings\NetworkService\Local Settings\Application Data\fdewuqe.dll
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-05 21:59
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(4140)
    c:\windows\system32\WININET.dll
    c:\windows\system32\logishrd\LVPrcInj01.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\o2flash.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\sm56hlpr.exe
    c:\windows\system32\dllhost.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Logitech\LWS\LU\LULnchr.exe
    c:\program files\Logitech\LWS\LU\LogitechUpdate.exe
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-05 22:12:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-05 22:12
    .
    Pre-Run: 81,861,517,312 bytes free
    Post-Run: 82,145,923,072 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 4A23030A28688A70CC22E9DD5ED1C2BA



    ESET NEXT:

    C:\WINDOWS\system32\drivers\redbook.sys a variant of Win32/Rootkit.Kryptik.FW trojan
     
  6. confused99

    confused99 TS Rookie Topic Starter

    Hi Bobbye,

    I see you are busy...
    Have you had a chance to review my latest findings yet?
    With thanks

    Confused.....
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I am glad to help. Usually I run behind because I end up working one one thread too long! Actually, I started on your logs yesterday, but ran into some processes I couldn't ID. I will have some suggestions about some of the programs running- the system is very vulnerable to get malware.

    Let remove some of the 'bad stuff' now: Home page okay- thank you.
    ----------------------
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)
      Code:
      :Files 
      C:\WINDOWS\system32\drivers\redbook.sys
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =============================
    Note: Before you run the sript, be sure the AV and FW have been disabled:
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated*
    FW: McAfee Firewall *Enabled*
    * Resident AV is active
    Having the active while running Combofix (and Eset) can affect the scan results.

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
    Folder::
    DDS::
    uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
    BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
    BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe http://www.symantec.com/techsupp/ser...00049.000000b9
    ClearJavaCache::
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-
    [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=-
    Driver::
    Symantec Core LC
    
    Reboot::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    =============================================
    Please go to Add/Remove Program in the Control Panel: Look for AskBar or any other "Ask" antries and uninstall them.
    The use Windows Explorer> Conputer> Locl Drive (C)> Programs> do a right click> Delete on the Ask folder.

    Please paste the OTM and Comboix logs in your next reply.

    There are several entries for SiteRank Is this something you intentionally installed and use?

    Edit: (Has it ever snowed in Florida??)
    Yes, it has- twice in the years I've been here. About 10 snowflakes each time! No elk or moose roaming though:)
     
  8. confused99

    confused99 TS Rookie Topic Starter

    Hi Bobbye
    Here’s the latest chapter with both logs pasted and with answers to your questions

    Many thanks once again

    Confused


    Ask:
    In control panel trying to remove the Ask toolbar
    “The specified module could not be found”

    Asksbar folder removed.
    Siterank – no idea what that is so please feel free to dump it if necessary.





    All processes killed
    ========== FILES ==========
    C:\WINDOWS\system32\drivers\redbook.sys moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Admin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 7140 bytes
    ->FireFox cache emptied: 3352352 bytes
    ->Flash cache emptied: 653 bytes

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 499 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 56965 bytes

    User: LocalService
    ->Temp folder emptied: 32768 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 3358854 bytes
    ->Java cache emptied: 229442 bytes
    ->Flash cache emptied: 8886 bytes

    User: Susan
    ->Temp folder emptied: 728017 bytes
    ->Temporary Internet Files folder emptied: 920069 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 44082205 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 2028987 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 2675729 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49152 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 55.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 12082011_093908

    Files moved on Reboot...

    Registry entries deleted on Reboot...





    ComboFix 11-12-06.02 - Susan 08/12/2011 9:57.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.363 [GMT 0:00]
    Running from: c:\documents and settings\Susan\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Susan\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    FILE ::
    "c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_SYMANTEC_CORE_LC
    -------\Service_Symantec Core LC
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-08 09:39 . 2011-12-08 09:39 -------- d-----w- C:\_OTM
    2011-12-05 22:24 . 2011-12-05 22:24 -------- d-----w- c:\program files\ESET
    2011-12-05 21:54 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
    2011-12-05 21:54 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
    2011-12-05 18:53 . 2011-10-18 14:29 28760 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-15 13:16 . 2010-08-25 01:07 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-10-15 13:16 . 2010-08-25 01:07 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-10-15 13:16 . 2010-08-25 01:07 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-10-15 13:16 . 2010-08-25 01:07 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-10-15 13:16 . 2010-08-25 01:07 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-10-15 13:16 . 2010-08-25 01:07 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-10-15 13:16 . 2010-08-25 01:07 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-10-15 13:16 . 2010-08-25 01:07 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-10-15 13:16 . 2010-08-25 01:07 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-10-15 13:16 . 2010-08-25 01:07 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-10-10 14:22 . 2006-09-22 05:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2006-09-22 07:47 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 10:41 . 2006-09-22 07:47 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 10:41 . 2006-09-22 07:47 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-11-11 14:51 . 2011-05-06 19:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-14 13:01 . 2011-02-18 17:17 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
    "Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
    "Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
    "SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
    "SiteRanker"="c:\program files\SiteRanker\SiteRankTray.exe" [2011-09-12 320000]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Admin\Start Menu\Programs\Startup\
    Back2zip.lnk - c:\program files\Back2zip\Back2zip.exe [2006-12-29 535552]
    .
    c:\documents and settings\Susan\Start Menu\Programs\Startup\
    Back2zip.lnk - c:\program files\Back2zip\Back2zip.exe [2006-12-29 535552]
    BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-2-18 142336]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\Msmsgs.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
    "c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
    .
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27/02/2006 14:00 34880]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20/02/2006 15:01 29056]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [25/08/2010 01:07 89792]
    R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15/06/2011 16:33 249648]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [25/08/2010 01:06 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [25/08/2010 01:06 214904]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [25/08/2010 01:07 160608]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [25/08/2010 01:07 150856]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16/09/2010 13:06 80896]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [25/08/2010 01:07 57600]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [25/08/2010 01:07 338176]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [25/08/2010 01:07 83856]
    S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [07/07/2011 18:31 195336]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [26/06/2011 10:40 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 17:01 21248]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [25/08/2010 01:07 83856]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [25/08/2010 01:07 87656]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [09/12/2009 19:27 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [09/12/2009 19:27 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [09/12/2009 19:27 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [09/12/2009 19:27 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [09/12/2009 19:27 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [09/12/2009 19:27 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [09/12/2009 19:27 109864]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://alk.tiehallinto.fi/alk/english/kelikamerat/kelikamerat_5.html
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = hxxp://uk.yahoo.com/fsc/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\bs7mtv0w.default\
    FF - prefs.js: browser.startup.homepage - hxxp://alk.tiehallinto.fi/alk/english/kelikamerat/kelikamerat_5.html
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-08 10:11
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(4320)
    c:\windows\system32\WININET.dll
    c:\windows\system32\logishrd\LVPrcInj01.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\o2flash.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\sm56hlpr.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\Logitech\LWS\LU\LULnchr.exe
    c:\program files\Logitech\LWS\LU\LogitechUpdate.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-08 10:24:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-08 10:24
    ComboFix2.txt 2011-12-05 22:12
    .
    Pre-Run: 82,255,474,688 bytes free
    Post-Run: 82,146,856,960 bytes free
    .
    - - End Of File - - 01EA2C7E8D3F905CA9628284C671394E
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, system is looking pretty good- just some updating, a few removals, then 2 short scans and we should be done:

    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
    ===========================================
    Update the Adobe Reader: you have v7, current is v10.Visit this Adobe Reader site . Uninstall any earlier updates as they are vulnerabilities.
    =============================================
    Update the Macromedia Flash Player 8 to Adobe Flash Player v 11.1.102.55 : Adobe Flash Player site Uninstall the old Macromedia version.
    =============================================
    Strongly recommend removing the Eusing Free Registry Cleaner We don't recommend registry cleaners to anyone. There is aliitle to be gainee by their use and much to be lots.
    =============================================
    There are 2 file sharing programs on the system:
    FrostWire 4.13.5
    Shareaza version 2.2.5.0
    Why I suggest that they be removed:
    • Even if you are using a "safe" P2P program, it is only the program that is safe.
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.
    Please read the information on P2P Warning to help you better understand these dangers.
    ===========================================
    It appears that you were previously using Symantec/Norton Security on the System. I have removed 2 entries, but others remain. I suggest that you run
    Norton Removal Tool to be sure all entries are gone
    =============================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\program files\Microsoft\BingBar\BBSvc.EXE
    DDS::
    BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
    mRun: [SiteRanker] "c:\program files\siteranker\SiteRankTray.exe"
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    Notify: fdewuqe - c:\documents and settings\networkservice\local settings\application data\fdewuqe.dll
    ClearJavaCache::
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiteRanker"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=-
    Driver::
    BBSvc
    
    Reboot::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]
    Referring to the picture above, drag CFScript into ComboFix.exe
    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ===============================
    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    --------------------
    Click on Start> Run> tyep in services.msc> enter> double click on BBSvc (Bing Bar update Service)> change the Startup type to Disabled> Stop the Service.
    Exit Services
    -------------------
    Site Ranker is a hidden, auto-start program. So you will need to show hidden folders to find and remove the entries:
    Show Hidden Folders/Files
    Using Windows Explorer:
    • Open My Computer.
      [*] Go to Tools > Folder Options.
      [*] Select the View tab.
      [*] Scroll down to Hidden files and folders.
      [*] Select Show hidden files and folders.
      [*] Uncheck (untick) Hide extensions of known file types.
      [*] Uncheck (untick) Hide protected operating system files (Recommended).
      [*] Click Yes when prompted.
      [*] Click OK.

    Navigate to the Local Drive (C)> Programs> Fine the Site Ranker folder and right click> Delete. Please check Add/Remove Programs and uninstall the program.

    Reset Hidden/System Files & Folders
    ================================
    When finished, reboot back into Normal Mode and go on to the next reply for the last 2 scans.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    When the instructions in the previous reply have been completed, please go on to the following:

    First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.
    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

    Please post these 2 logs in your next reply.
     
  11. confused99

    confused99 TS Rookie Topic Starter

    Hi Bobbye,

    It's been a long week so many thanks for all your hard work.... all very much appreciated.

    Edit- how could you possibly miss this in my Java Ra directions?
    >>>>


    Please find logs as requested.

    JavaRa 1.16 Removal Log.> Deleted by Bobbye

    ------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:05:45, on 09/12/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17103)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files\Logitech\Vid\Vid.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alk.tiehallinto.fi/alk/english/kelikamerat/kelikamerat_5.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.yahoo.com/fsc/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111205185319.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid\Vid.exe" -bootmode
    O4 - HKCU\..\Run: [Logitech Vid HD] "C:\Program Files\Logitech\Vid\vid.exe" -bootmode
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

    --
    End of file - 10145 bytes
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay- looks good. Just a couple of files in HJT to remove> if they are there:

    Please reopen HijackThis to 'do system scan only/' Check each of the following, if found:
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)[/b]

    (Note: The 018 entry if for the McAfee Site Advisor. Best to use a Site Advisor whether it's McAfee or other. If you don't want this one,try
    Web of Trust (WOT) Site Advisor.
    =======================================
    Has the redirect been resolved? How is the system running now?
     
  13. confused99

    confused99 TS Rookie Topic Starter

    Hi Bobbye,

    Everything done as requested. McAfee site advisor also installed.

    The redirect problem is resolved and the JIT Debugger has stopped shouting too.
    The laptop startup is faster and things appear faster in Foxpro.

    Should I now tidy up my desktop and remove all of the diagnostic and repair applications?

    Well done and Many thanks for all your hard work which was very much appreciated.
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You are welcome for the help! I must asked- have you learned anything while we went through this process? Are you less 'Confused'? Hopefully, those are both 'yes'!

    Let's clean up:
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
    =====================================
    More for the learning process and security of the system:
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      Clean the temporary internet files often:
      [o] Temporary File Cleaner]
      or
      [o] ATF Cleaner by Atribune
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.
    =========================================
    Have a Happy and Peaceful Holiday![​IMG]
     
  15. confused99

    confused99 TS Rookie Topic Starter

    Well Bobbye,
    I have learned a lot, I am less confused and you are one amazing person.

    Many thanks for all your help.

    With kind regards

    UNconfused!!
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Good- than I have done what I set out to do! The more you learn, the more confident you will be. Don't wait for 'lessons' to come to you> seek them out! :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...