having trouble, log included

i started having trouble with firefox,{ firefox couldn't find page } then ie started going bad.. kaspersky found win32.hupigon.dckd and removed it.. but i see 2 entries about a proxy or something that cant be deleted in hjt. R1 AND R1


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:45, on 8/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B8292E5-964F-4187-8A65-68045FF6DB07}: NameServer = 216.45.34.2 216.45.33.130
O20 - AppInit_DLLs: c:\progra~1\kaspersky lab\kaspersky internet security 7.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 2138 bytes

 

Hi mesa101,

Your Log looks really clean except for the redirected start pages.

Have you tried resetting your home page in IE and Firefox?

You should have been able to fix the R1 lines..

Maybe something is hiding. Do the following:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Please post contents of that file in your next reply.


Download ComboFix from Here to your Desktop.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall.



2OG

 

also web pages freeze and my connection drops..{dsl}

mbam log below''


Malwarebytes' Anti-Malware 1.24
Database version: 1026
Windows 5.1.2600 Service Pack 3

2:49:49 8/5/2008
mbam-log-8-5-2008 (02-49-49).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 70619
Time elapsed: 28 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

i forgot combofix

ComboFix 08-08-04.01 - Owner 2008-08-04 17:56:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1073 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-04 16:58 . 2008-08-04 16:58 <DIR> d-------- C:\Program Files\Panda Security
2008-08-04 16:58 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-03 22:36 . 2008-08-03 22:37 1,316 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-03 22:35 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-03 22:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-03 22:35 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-03 22:35 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-03 22:35 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-03 22:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-03 22:35 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-03 22:35 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-03 20:14 . 2008-08-03 20:15 <DIR> d-------- C:\Program Files\DVDFab 5
2008-08-02 10:14 . 2008-08-02 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-01 09:27 . 2008-08-01 09:27 99,648 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-07-31 00:27 . 2008-07-31 00:27 36,770 --a------ C:\WINDOWS\system32\tcpipbak.reg
2008-07-31 00:27 . 2005-10-20 10:30 32,768 --a------ C:\WINDOWS\system32\ServiceRepair.exe
2008-07-31 00:27 . 2006-03-13 09:41 674 --a------ C:\WINDOWS\ie-ads-uninst.reg
2008-07-31 00:27 . 2008-07-31 00:27 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-07-31 00:27 . 2008-07-31 00:27 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-07-26 20:41 . 2008-07-26 20:41 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-26 20:41 . 2008-08-04 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-26 20:41 . 2008-08-04 18:00 4,127,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-26 20:41 . 2008-07-26 20:54 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-26 20:41 . 2008-07-26 20:54 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-26 20:41 . 2008-08-04 17:59 60,448 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-26 20:41 . 2008-08-04 17:59 56,300 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-26 20:41 . 2008-08-04 17:59 6,692 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-23 15:36 . 2008-07-23 15:35 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-23 10:45 . 2008-07-23 10:45 100,809,072 --a------ C:\Image.bin
2008-07-21 08:11 . 2008-07-21 08:11 24,392 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2008-07-20 14:49 . 2008-07-28 16:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\IObit
2008-07-20 14:49 . 2008-04-17 16:19 90,668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-07-19 18:11 . 2008-08-03 20:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Samsung
2008-07-18 22:46 . 2008-07-18 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-17 18:09 . 2008-07-17 18:09 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-17 00:19 . 2007-07-11 11:11 888,832 --a------ C:\WINDOWS\system32\securenet.dll
2008-07-08 22:02 . 2008-07-08 22:02 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-08 22:02 . 2008-07-08 22:02 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-08 22:02 . 2008-07-08 22:02 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-08 22:02 . 2008-07-08 22:02 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-08 21:58 . 2008-07-08 21:58 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-08 21:50 . 2008-07-08 21:50 <DIR> d-------- C:\WINDOWS\EHome
2008-07-08 21:39 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 20:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-08-04 00:15 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-04 00:15 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2008-08-04 00:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 20:56 --------- d-----w C:\Program Files\PeerGuardian2
2008-08-03 20:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\FrostWire
2008-07-27 00:54 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-25 06:15 --------- d-----w C:\Program Files\FrostWire
2008-07-23 14:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\ImgBurn
2008-07-22 03:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-20 18:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\VideoReDo-TVSuite
2008-07-20 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
2008-07-20 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-07-20 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
2008-07-15 21:18 --------- d-----w C:\Program Files\Java
2008-07-14 21:54 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-14 21:36 --------- d-----w C:\Program Files\Ahead
2008-07-03 22:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Template
2008-07-03 22:50 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-07-01 02:55 --------- d-----w C:\Program Files\LG Software Innovations
2008-06-29 01:08 --------- d-----w C:\Program Files\QuickTime
2008-06-29 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-28 20:10 827 ----a-w C:\Program Files\Common Files\ConvertXtoDvd 3.lnk
2008-06-27 00:56 --------- d-----w C:\Program Files\Shockwave.com
2008-06-26 11:06 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 18:24 --------- d-----w C:\Program Files\CCleaner
2008-06-17 12:45 --------- d-----w C:\Documents and Settings\Administrator.YOUR-D9B2E5A77E\Application Data\iolo
2008-06-17 00:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-06-17 00:20 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-06-07 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-11 15:58 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-05 03:15 1,566 ----a-w C:\Program Files\Common Files\VideoReDo TVSuite.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"nolowdiskspaceckecks"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-02-08 18:36 227856 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
.
Contents of the 'Scheduled Tasks' folder

2008-07-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9k3ywl8t.default\
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 18:00:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-04 18:04:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-04 22:04:39

Pre-Run: 187,393,605,632 bytes free
Post-Run: 187,384,614,912 bytes free

162 --- E O F --- 2008-07-09 21:31:26

 

HJT Log??

 

sorry 2og....it's 3:30 am


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:47, on 8/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B8292E5-964F-4187-8A65-68045FF6DB07}: NameServer = 216.45.34.2 216.45.33.130
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 2865 bytes

 

Did you try to fix the R1's with HJT??

 

yes they come right back after deletion

 

Looks like you’re using a proxy server of some sort..

Copy and paste these addresses in your browser and go to the site. Do you recognize it as something you use??

216.45.34.2

216.45.33.130

www.plimus.com

www.regnow.com


Let me know…

2OG

 

the first 2 ip's are my ip providers mail login which i dont use..i use outlook... and the plimus and regnow i dont recognize,,thats the one that look suspect

 

I see that you set your home page in your browser..

Did you run HJT with Administrator Privileges?? I think you must in Vista in order to delete anything..

 

im running xp... i also see a entry for ad-aware in my ad remove programs that i cant delete.

 

Oops, my bad. I’ve been working with vista too much the last few days and I forget, but I’m old, give me a break ; )

It very well could be a system file gone south.
If you have an XP disc or a recovery disk that came with your computer have it at hand because this next command may ask for it, or not..

Goto -> Start -> Run and type or copy/past this in the box: sfc /scannow
Click OK

This will scan your disk for bad or corrupt system files and repair them.

See if that works and let me know…

 

i dont know what that did but it seemed to work...imsurfing like mad now...thanks 2og until we meet again..lol

 

You’re very welcome, mesa101, Just remember…..

The oldgeek can get the bugs out.


Oops..

 

i hear you man..and i believe in your extermination methods too.