Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeat startup error & google search redirects


  • Please log in to reply
18 replies to this topic

#1 geov767211

geov767211

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:chicago
  • Local time:05:34 PM

Posted 15 May 2009 - 08:08 PM

Hi. I am trying to straighten out a problem on my 70 yr old mother's computer. Hope someone can help.

She went to some web site to play bunco. Avast! warned her that the site was infected and directed her away from it (she told me this). But I think something may have gotten through...

This is a WinXP Home Ed eMachine Celeron 1.6Ghz with 1.99G RAM w/a 70G HD.

Every time I restart WinXP, I get a startup error stating "Could not find C:\PROGRA~1\INSTAL~1\{41020~1}\setup.exe. Also, when she uses google, and clicks on a google result, she gets a different web page than that listed as the result.

I found the registry entry for this command in HLM-SOFTWARE-MICROSOFT-WINDOWS-Current Version-RunOnce.

I have deleted it several times, but it comes back at every reboot. I also turned off System Restore the last 3 times I deleted it, and it still returned.

When I went into DOS, the dir INSTAL~1 was hidden. I used attrib to unhide it. It had about 6 subdirs, including {41020~1}, with similar names (made up of alphanumeric characters only and curly brackets). Each one had the same contents, a data.cab, a setup.exe, a *.hdr file, a *.bin file, and some other smaller files. I deleted each subdir and all their contents, then deleted the INSTAL~1 dir, too.

The INSTAL~1 dir is now gone -- at least, if I try to attrib -h INSTAL~1, I get "File not found" in DOS and it is not visible in Windows Explorer (where I have "Show hidden files and folders" checked as well).

However, even after 3 reboots with System Restore turned off, the HLM-SOFTWARE-MICROSOFT-WINDOWS-Current Version-RunOnce-C:\PROGRA~1\INSTAL~1\{41020~1}\setup.exe keeps returning.

I ran HiJackThis v2.0.2 and this is what I got:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58, on 2009-05-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TweakNow RegCleaner Std\RegCleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\cmd.exe

{MOD EDIT: Removed improperly located HJT log~~boopme}

It's been several years since I was a heavy PC user solving my own problems (and others'), and I became a Mac user in the meantime. (Please stop throwing things.) So I'm not sure how to proceed, I just know I don't want to screw up the computer by removing stuff that shouldn't be removed. My mother does use Yahoo! AT&T DSL, so I'm not sure whether or not the Yahoo browser buttons should be deleted or are spyware.

The only thing that jumps out at me is "O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll"

I thought having Avast! on her PC would help protect my mom from her naive trust of web sites, but something must have slipped through.

Any ideas?

Big thanks in advance for any and all help.

VG

2016 ETA: When I search the registry for "c:\windows\system32\nwprovau.dll" nothing turns up, it's not found.
I'm running Malwarebytes' Anti-Malware as I write this. Will post a log when finished. I hope the quick scan is sufficient -- if not, please let me know and I'll run the Malwarebytes full scan.

Edited by boopme, 15 May 2009 - 09:06 PM.


BC AdBot (Login to Remove)

 


#2 geov767211

geov767211
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:chicago
  • Local time:05:34 PM

Posted 15 May 2009 - 08:20 PM

All right, I ran Malwarebytes AM and here's the result:
Malwarebytes' Anti-Malware 1.35
Database version: 1911
Windows 5.1.2600 Service Pack 3

2009-05-15 20:19:01
mbam-log-2009-05-15 (20-18-52).txt

Scan type: Quick Scan
Objects scanned: 79758
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:34 PM

Posted 15 May 2009 - 09:15 PM

Hello and welcome. A couple things. first HJT logs are only allowed posted in the HJT forum ,so I pulled it. If needed we will go there. Next You should read this item on that dll.What is NWPROVAU.DLL

Now to be sure your clean. 1) Did you click the Remove selected button after that Mbam (Malwarebytes ) scan? 2) Mbam needs an update and rerun.
Rerun MBAM like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Edited by boopme, 15 May 2009 - 09:51 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 geov767211

geov767211
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:chicago
  • Local time:05:34 PM

Posted 15 May 2009 - 09:49 PM

All right, I updated Malwarebytes & am running a new full scan.

#5 geov767211

geov767211
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:chicago
  • Local time:05:34 PM

Posted 15 May 2009 - 10:13 PM

Ok, I updated Malwarebytes AM, and here is the log. I guess that DLL isn't really a problem... but I still can't figure out why the browser redirects Google results.

Malwarebytes' Anti-Malware 1.36
Database version: 2139
Windows 5.1.2600 Service Pack 3

2009-05-15 22:11:56
mbam-log-2009-05-15 (22-11-56).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 157413
Time elapsed: 23 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:34 PM

Posted 15 May 2009 - 10:38 PM

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 geov767211

geov767211
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:chicago
  • Local time:05:34 PM

Posted 18 May 2009 - 01:26 PM

Okay, DLed & ran GooredFix. Here is the log. Thank you so much for your help with this.

GooredFix v1.92 by jpshortstuff
Log created at 13:25 on 18/05/2009 running Option #1 (Owner)
Firefox version 3.0.8 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{AF610C52-A9FF-419F-B83C-E477727B75AD}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:34 PM

Posted 18 May 2009 - 10:37 PM

Hello,let's do Part #2 --- Remove Google Gored

Please double-click Goored.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).


Rerun MBAM like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 geov767211

geov767211
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:chicago
  • Local time:05:34 PM

Posted 20 May 2009 - 04:57 AM

Okay, I ran GooredFix and chose 2. Fix. It finished and created the log. Then, just as I did a Ctrl-A to select everything in the log file, the computer just rebooted itself. When it finished booting back up (into normal, not Safe Mode), it told me "Windows has recovered from a serious error" and asked did I want to submit the bug report to MS. (I did.) I'm not really sure why that happened. Did removing the Firefox extension listed below screw the system up somehow?

Here is the log of the GooredFix option 2. Fix:

GooredFix v1.92 by jpshortstuff
Log created at 04:41 on 20/05/2009 running Option #2 (Owner)
Firefox version 3.0.8 (en-US)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{AF610C52-A9FF-419F-B83C-E477727B75AD}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"



Then, I updated MBAM and ran the quick scan as you said. Here is the log from that:

Malwarebytes' Anti-Malware 1.36
Database version: 2156
Windows 5.1.2600 Service Pack 3

2009-05-20 04:53:30
mbam-log-2009-05-20 (04-53-30).txt

Scan type: Quick Scan
Objects scanned: 95220
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:34 PM

Posted 20 May 2009 - 09:41 AM

Hi, most likely a result of the regitry adjustments.. Let's run on e more tool and be sure we are clear. Reboot your machine once more normally.


Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 geov767211

geov767211
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:chicago
  • Local time:05:34 PM

Posted 20 May 2009 - 03:48 PM

The link you sent for DrWebCureit is asking me for a ftp login username and password.

I tried "anonymous" for username and my email address for the password (like public ftp sites used to do), but those didn't work... what should I be using?

#12 geov767211

geov767211
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:chicago
  • Local time:05:34 PM

Posted 25 May 2009 - 03:27 PM

I found the Dr Web web site & downloaded the program from there. Here is the DrWeb.csv file contents:
psexec.cfexe;C:\ComboFix;Program.PsExec.171;;
RegUBP2b-Owner.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Owner\Desktop\utilities\trojan worm removal\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Owner\Desktop\utilities\trojan worm removal;Archive contains infected objects;Moved.;
VirtumundoBeGone.exe\data005;C:\Documents and Settings\Owner\Desktop\utilities\trojan worm removal\VirtumundoBeGone.exe;Tool.Prockill;;
VirtumundoBeGone.exe;C:\Documents and Settings\Owner\Desktop\utilities\trojan worm removal;Archive contains infected objects;Moved.;
freeripmp3.exe\data005;C:\Documents and Settings\viv\Desktop\audiovisual tools\freeripmp3.exe;Adware.MyWay;;
freeripmp3.exe;C:\Documents and Settings\viv\Desktop\audiovisual tools;Archive contains infected objects;Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;;
A0000039.reg;C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1;Trojan.StartPage.1505;Deleted.;
A0000040.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1\A0000040.exe;Tool.Prockill;;
A0000040.exe;C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1;Archive contains infected objects;Moved.;
A0000041.exe\data005;C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1\A0000041.exe;Tool.Prockill;;
A0000041.exe;C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1;Archive contains infected objects;Moved.;
A0000042.exe\data005;C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1\A0000042.exe;Adware.MyWay;;
A0000042.exe;C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1;Archive contains infected objects;Moved.;



Also, here are the Dr. Web statistics:

Objects:
Scanned: 239798
Infected: 2
Modifications: 0
SUspicious: 0
Adware: 2
Dialers: 0
Jokes: 0
Riskware: 1
Hacktools: 5

Actions:
Cured: 0
Deleted: 2
Renamed: 0
Moved: 6
Ignored: 0

Time:
Scan time: 10:42:53
Speed: 43 KB/s


After these had finished, I rebooted the computer.

On startup I still got the error message:

"Windows cannot find 'C:\PROGRA~1\INSTAL~1\{41020~1\setup.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

It seems like Dr. Web found some legitimate Trojans & adware/spyware, but it also seems to have interpreted some fix tools as malicious? Or are they actually malicious?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:34 PM

Posted 25 May 2009 - 10:15 PM

Ok let's do this. tell me how it's running after.
Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click HERE if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message.
Right-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.


Rerun MBAM like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 geov767211

geov767211
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:chicago
  • Local time:05:34 PM

Posted 28 May 2009 - 12:25 AM

Okay, I downloaded & ran Autoruns. Then I found the offending entry (InstallShieldSetup, no description, no publisher, File not found: c:\PROGRA~1\INSTAL~1\{41020~1\setup.exe) and deleted it. Then I ran MBAM & updated it. Then I ran MBAM quick scan. Then I rebooted.

I have now done this three times. Every time I reboot, the "Windows cannot find 'C:\PROGRA~1\INSTAL~1\{41020~1\setup.exe" error recurs.

Something must be re-adding this to the registry every time I reboot. I will try turning off System Restore the next time, then rebooting, and see if it recurs again.

On the plus side, there are no more Google redirects with errors in Firefox.

Let me once again state how much I appreciate your help with this. You've been very kind. Thank you so much.

#15 geov767211

geov767211
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:chicago
  • Local time:05:34 PM

Posted 28 May 2009 - 12:27 AM

Oh, by the way: the directory c:\PROGRA~1\INSTAL~1\{41020~1\ does not exist. Well, c:\PROGRA~1\ exists -- of course -- but the \INSTAL~1 directory is not there, even if I attrib -h INSTAL~1. So there's that, at least.


Oops! Forgot the MBAM scan log. Here it is:
Malwarebytes' Anti-Malware 1.37
Database version: 2186
Windows 5.1.2600 Service Pack 3

2009-05-28 00:19:18
mbam-log-2009-05-28 (00-19-18).txt

Scan type: Quick Scan
Objects scanned: 96677
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users