1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Redirecting to other webpages

Discussion in 'Malware and Virus Removal Archive' started by liesl1, 2007/02/13.

  1. 2007/02/13
    liesl1

    liesl1 Inactive Thread Starter

    Joined:
    2007/02/13
    Messages:
    6
    Likes Received:
    0
    My computer is redirecting me to other sites. It also seems to be redirecting me to A drive when I want to scan a document. Please help me with the files I need to delete.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:10:26 AM, on 2/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe
    C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TightVNC\WinVNC.exe
    C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\PENROD~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis[1].zip\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe "
    O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe "
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: RingCentral Call Controller.lnk = C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.ringcentral.com/ActiveX/RCAXSetup.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{00EF9C77-46A4-4547-AF2D-5EE128999243}: NameServer = 85.255.115.69,85.255.112.128
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8D005544-A99F-4424-9AD4-D22C630B677B}: NameServer = 85.255.115.69,85.255.112.128
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B3B98987-1D44-4E8E-8BF6-CFF154FD5197}: NameServer = 85.255.115.69,85.255.112.128
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.69 85.255.112.128
    O17 - HKLM\System\CS1\Services\Tcpip\..\{00EF9C77-46A4-4547-AF2D-5EE128999243}: NameServer = 85.255.115.69,85.255.112.128
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.69 85.255.112.128
    O17 - HKLM\System\CS2\Services\Tcpip\..\{00EF9C77-46A4-4547-AF2D-5EE128999243}: NameServer = 85.255.115.69,85.255.112.128
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.69 85.255.112.128
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
     
    liesl1,
    #1
  2. 2007/02/13
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Hello and welcome to WindowsBBS Forums.

    You may have one or two infections here. In some cases, Drive Cleaner installs a Vundo infection. We'll address what's in the log and the possibility of Vundo as well.

    Please do as instructed below in the order presented.

    :arrow: Please follow these instructions, exactly, for proper HJT installation. Please place HJT into ITS OWN PERMANANT FOLDER. It must not be installed on the desktop nor in any temp folders.

    You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Move HijackThis.exe into this folder (C:\HJT\HijackThis.exe). When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.

    Then I'd like you to do is to rename the HijackThis executable, hijackthis.exe to <anything of your choice> .exe, as long you change it's name. This may expose the Vundo infection. Some Vundo variants are coded to 'hide' from the HJT executable. by renaming HJT we circumvent that.


    Please hit the 'Ctrl' key + 'Alt' key + 'Delete' key to bring up the Task Manager and select the 'Processes' tab. Then find, high-light and select 'End Task' on the following process(es) if present:
    C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe

    C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe


    Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


    O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe "

    O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe "


    O17 - HKLM\System\CCS\Services\Tcpip\..\{00EF9C77-46A4-4547-AF2D-5EE128999243}: NameServer = 85.255.115.69,85.255.112.128

    O17 - HKLM\System\CCS\Services\Tcpip\..\{8D005544-A99F-4424-9AD4-D22C630B677B}: NameServer = 85.255.115.69,85.255.112.128

    O17 - HKLM\System\CCS\Services\Tcpip\..\{B3B98987-1D44-4E8E-8BF6-CFF154FD5197}: NameServer = 85.255.115.69,85.255.112.128

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.69 85.255.112.128

    O17 - HKLM\System\CS1\Services\Tcpip\..\{00EF9C77-46A4-4547-AF2D-5EE128999243}: NameServer = 85.255.115.69,85.255.112.128

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.69 85.255.112.128

    O17 - HKLM\System\CS2\Services\Tcpip\..\{00EF9C77-46A4-4547-AF2D-5EE128999243}: NameServer = 85.255.115.69,85.255.112.128

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.69 85.255.112.128


    Reboot post a new HJT log back into this thread please.

    Also, let me know if you are getting any pop ups, in addition to the re-directs.
     
    TeMerc,
    #2


  3. to hide this advert.

  4. 2007/02/13
    liesl1

    liesl1 Inactive Thread Starter

    Joined:
    2007/02/13
    Messages:
    6
    Likes Received:
    0
    how about now?

    I do not have any problems with pop ups. How does it look now?

    Logfile of HijackThis v1.99.1
    Scan saved at 1:01:03 PM, on 2/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TightVNC\WinVNC.exe
    C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\HJT\Temporary Directory 2 for hijackthis[1].zip\fix it.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: RingCentral Call Controller.lnk = C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.ringcentral.com/ActiveX/RCAXSetup.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
     
    liesl1,
    #3
  5. 2007/02/13
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Everything looks good. HJT still needs to be installed in its own folder tho in case you need at a later date. Temp folders get cleaned by any number of apps, and everything contained therein will be deleted.


    We have 3 more things to do, mostly maintenance and then our recommendations:

    Empty the TIF (Temporary Internet Files)
    Delete all the files in (and any subfolders of) the C:\Windows\Temp folder
    The app below will help with temp files.
    Index.dat Suite

    Also, delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

    This would also be a good time to set a new system restore point for your machine.
    Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

    Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion. It is very rare that anything significant is ever found.

    Here is a link which describes how security apps work with WIN XP machines.
    XP User Accts Security Apps Operation

    To further prevent the installation of ad/mal/spyware, DL the apps below, which are just as good the fight against ad/mal/spyware as AdAware & Spybot S&D:

    SpywareBlaster
    With SpywareBlaster v3.5.1 , just DL, install and check for updates, enable Internet Explorer protection, and your done! I don't recommend using IE restricted sites protection as it's not a very large database. Use IE-SPYADs below.

    To avoid known malware infested sites from loading in IE install IESPY ADS.
    And MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.

    And to prevent unknown applications from being inserted to start up on your machine install WinPatrol v10.0.5.

    Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.

    Links for tutorials for all the apps I mentioned can be found on my site as well.

    Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

    And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
    Calendar of Updates

    Subscribe to update alerts for all the above security apps here.

    You can also see my own ongoing security testing with all the above apps proving how securely you can safe with them installed.
    TeMerc Test Box Forum

    Happy surfing!!
    Tom :D
     
    TeMerc,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...