Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSDOS icons/IE defaults to search.popclick.net


  • Please log in to reply
27 replies to this topic

#1 MagageeMay

MagageeMay

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 26 January 2012 - 12:03 PM

I know the basics about computers and nothing more. I was on Facebook a few days ago and a window popped up saying it was doing an automatic update for Internet Explorer. When it was done there were 2 new icons on the screen (maybe more, i was using my fiance's computer so i'm not sure which all were normally there). One is MSDOS email, the other is MSDOS internet. And now when you open up IE the default home page is http://search.popclick.net/ It does let you type in a new search engine to get where you want to go but it will not let me set the home page to anything else. AND i cannot get the MSDOS icons to go away. They are not in the liste of programs when you do control panel, add/remove programs. I'd like to fix this for him. He has no idea how to do more than work the programs he has installed and turn on/off the computer. Please help! Thank you!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:40 AM

Posted 26 January 2012 - 12:12 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 26 January 2012 - 02:50 PM

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 8.5
Antivirus Action Lite
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner (remove only)
Adobe Flash Player ( 10.1.102.64) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

===================================================================================

Farbar Service Scanner Version: 18-01-2012 01
Ran by User (administrator) on 26-01-2012 at 14:43:32
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AvgTdiX(86) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000560000000600000007000000
IpSec Tag value is correct.

**** End of log ****
==================================================================================

The MiniToolBOx is still running. I will continue to post as I get the results. I just wanted to post this before the data was lost since I closed the windows already.

#4 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 26 January 2012 - 04:16 PM

I forgot to thank you in my last post. So let me start by saying THANK YOU!!! The MiniToolBox is stuck on the list IP configuration part....it's still running.
Here is the Malwarebite's log:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.26.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: DAD [administrator]

1/26/2012 3:53:39 PM
mbam-log-2012-01-26 (15-53-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 163532
Time elapsed: 18 minute(s), 27 second(s)

Memory Processes Detected: 5
C:\Documents and Settings\User\Application Data\Email\avg.exe (Trojan.MSIL) -> 188 -> Delete on reboot.
C:\WINDOWS\system32\drivers\winlogon.scr (Trojan.MSIL) -> 3916 -> Delete on reboot.
C:\WINDOWS\system32\drivers\winlogon.scr (Trojan.MSIL) -> 1824 -> Delete on reboot.
C:\WINDOWS\system32\drivers\winlogon.scr (Trojan.MSIL) -> 2920 -> Delete on reboot.
C:\WINDOWS\system32\ping.com (Trojan.MSIL) -> 1852 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKLM\SYSTEM\CurrentControlSet\Services\AVResult (Trojan.MSIL) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Windows network Service (Trojan.MSIL) -> Quarantined and deleted successfully.
HKCR\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Service32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\opsmr9ibkfl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|winlogon (Trojan.MSIL) -> Data: C:\WINDOWS/system32/drivers/winlogon.scr -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|svchost (Trojan.MSIL) -> Data: C:\DOCUME~1\User\LOCALS~1\Temp\svchost.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoFolderOptions (Hijack.FolderOptions) -> Data: 1 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Service32|HelpLink (Backdoor.Agent) -> Data: "http://google.com" -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe, C:\Documents and Settings\User\svchost.exe) Good: (Userinit.exe) -> Quarantined and repaired successfully.

Folders Detected: 15
C:\Program Files\Microsoft\Service32 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Files Detected: 60
C:\Documents and Settings\User\Application Data\Email\avg.exe (Trojan.MSIL) -> Delete on reboot.
C:\WINDOWS\system32\drivers\winlogon.scr (Trojan.MSIL) -> Delete on reboot.
C:\WINDOWS\system32\ping.com (Trojan.MSIL) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\Temp\svchost.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nw.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\Email.pif (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\Internet.pif (Trojan.MSIL) -> Delete on reboot.
C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft\Service32.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft\Service32\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sys.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

(end)

#5 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 26 January 2012 - 04:19 PM

I am waiting for MiniToolBox to finish so i can post that log and restart the computer and finish following your directions. :) Thank you again!

#6 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 26 January 2012 - 04:30 PM

Also, (sorry for all the separate posts - clearly I'm new to this stuff too! :wink: ) I'm wondering if the MiniToolBox is stuck on the IP thing b/c of the secure router that we have. I work from home for an insurance company. The Cisco router is their equipment. I'm not sure if they have it blocked from pulling the IP configuration or not.... If there is something different i need to do with that, let me know. Thank you.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:40 AM

Posted 26 January 2012 - 04:58 PM

Restart computer and try MiniToolbox again.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 26 January 2012 - 07:51 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by User (administrator) on 26-01-2012 at 19:50:58
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:33921
========================= Hosts content: =================================
http://conduit.com http://popclicks.ourtoolbar.com/


========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : DAD

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : cmts.nbh.ptd.net



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : cmts.nbh.ptd.net

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-1B-B9-82-29-A4

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.11.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.11.1

DHCP Server . . . . . . . . . . . : 192.168.11.1

DNS Servers . . . . . . . . . . . : 192.168.11.1

Lease Obtained. . . . . . . . . . : Thursday, January 26, 2012 7:45:45 PM

Lease Expires . . . . . . . . . . : Friday, January 27, 2012 7:45:45 PM

Server: UnKnown
Address: 192.168.11.1

Name: google.com
Addresses: 74.125.115.106, 74.125.115.147, 74.125.115.99, 74.125.115.103
74.125.115.104, 74.125.115.105



Pinging google.com [74.125.115.106] with 32 bytes of data:



Reply from 74.125.115.106: bytes=32 time=32ms TTL=56

Reply from 74.125.115.106: bytes=32 time=27ms TTL=56



Ping statistics for 74.125.115.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 32ms, Average = 29ms

Server: UnKnown
Address: 192.168.11.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=102ms TTL=56

Reply from 72.30.2.43: bytes=32 time=117ms TTL=55



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 102ms, Maximum = 117ms, Average = 109ms

Server: UnKnown
Address: 192.168.11.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1b b9 82 29 a4 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.11.1 192.168.11.102 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.11.102 192.168.11.102 20
192.168.11.0 255.255.255.0 192.168.11.102 192.168.11.102 20
192.168.11.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.11.255 255.255.255.255 192.168.11.102 192.168.11.102 20
224.0.0.0 240.0.0.0 192.168.11.102 192.168.11.102 20
255.255.255.255 255.255.255.255 192.168.11.102 192.168.11.102 1
Default Gateway: 192.168.11.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ================================

Could not start eventlog service, could not read events.

The Event Log service could not be started.

A system error has occurred.

System error 126 has occurred.

The specified module could not be found.


=========================== Installed Programs ============================

Acrobat.com (Version: 1.7.186)
Adobe AIR (Version: 1.5.2.8900)
Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 9.4.7 (Version: 9.4.7)
Adobe Shockwave Player 11.5 (Version: 11.5)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
Antivirus Action Lite
Apple Application Support (Version: 1.0)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.1.116)
AVG 8.5
Bonjour (Version: 1.0.106)
CCleaner (remove only)
Data Fax SoftModem with SmartCP
doPDF 6.2 printer
Free File Opener (Version: 2011.8.0.0)
Intel AppUp(SM) center (Version: 29342)
iTunes (Version: 9.0.1.8)
LeapFrog Connect (Version: 2.9.1.11093)
LeapFrog My Pals Plugin (Version: 2.8.7.11034)
Lexmark Printable Web (Version: 1.0.0.0)
Lexmark Pro800-Pro900 Series
Lexmark Toolbar (Version: 4.13.37.0)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Word Viewer 2003 (Version: 11.0.6506.0)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MyInvoices & Estimates Deluxe (Version: 10.0.0.2)
NVIDIA Drivers
QuickTime (Version: 7.64.17.73)
Realtek High Definition Audio Driver
Shopping4Causes Shopping Plugin
System Requirements Lab
TouchCopy 09 (Version: 9.21)
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0338)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0218)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0190)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1000)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0428)
TurboTax 2008 wpaiper (Version: 008.000.0113)
TurboTax 2008 wrapper (Version: 008.000.0065)
TurboTax 2009
TurboTax 2009 WinPerFedFormset (Version: 009.000.2163)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0238)
TurboTax 2009 wpaiper (Version: 009.000.0778)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wpaiper (Version: 010.000.1247)
TurboTax 2010 wrapper (Version: 010.000.0157)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Install Manager

========================= Memory info: ===================================

Percentage of memory in use: 90%
Total physical RAM: 446.41 MB
Available physical RAM: 40.39 MB
Total Pagefile: 1055.18 MB
Available Pagefile: 500.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.78 GB) (Free:91.42 GB) NTFS

========================= Users: ========================================

User accounts for \\DAD

Administrator Guest HelpAssistant
SUPPORT_388945a0 User


**** End of log ****

#9 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 26 January 2012 - 08:05 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-26 19:53:28
-----------------------------
19:53:28.406 OS Version: Windows 5.1.2600 Service Pack 3
19:53:28.406 Number of processors: 1 586 0x5F02
19:53:28.406 ComputerName: DAD UserName:
19:53:29.531 Initialize success
19:56:01.843 AVAST engine defs: 12012602
19:56:07.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
19:56:07.218 Disk 0 Vendor: ST3120213AS 3.AHL Size: 114473MB BusType: 3
19:56:07.265 Disk 0 MBR read successfully
19:56:07.265 Disk 0 MBR scan
19:56:09.203 Disk 0 Windows XP default MBR code
19:56:09.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
19:56:10.828 Disk 0 scanning sectors +234420480
19:56:11.390 Disk 0 scanning C:\WINDOWS\system32\drivers
19:56:32.921 Service scanning
19:56:34.437 Modules scanning
19:56:51.625 Disk 0 trace - called modules:
19:56:51.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
19:56:51.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x842e7ab8]
19:56:51.671 3 CLASSPNP.SYS[f74d7fd7] -> nt!IofCallDriver -> \Device\00000061[0x84396ba0]
19:56:51.671 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\0000005f[0x84301030]
19:56:56.843 AVAST engine scan C:\WINDOWS
19:57:06.625 AVAST engine scan C:\WINDOWS\system32
19:59:49.468 AVAST engine scan C:\WINDOWS\system32\drivers
20:00:02.484 AVAST engine scan C:\Documents and Settings\User
20:01:53.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
20:01:53.578 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
20:02:34.625 AVAST engine scan C:\Documents and Settings\All Users
20:03:53.265 Scan finished successfully
20:04:02.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
20:04:02.000 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

I think that was everything. I am logging out for the evening. I will check on this in the morning. Thank you for all your help on this so far!!!!

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:40 AM

Posted 26 January 2012 - 08:12 PM

Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.
Follow all prompts.

Then....

Re-run MiniToolbox.

Checkmark following boxes:
  • Flush DNS
  • Reset IE Proxy Settings
Click Go and post the result.

Restart computer.

Re-run MiniToolbox.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
Click Go and post the result.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 27 January 2012 - 10:28 AM

MiniToolBox by Farbar Version: 18-01-2012
Ran by User (administrator) on 27-01-2012 at 10:28:17
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


"Reset IE Proxy Settings": IE Proxy Settings were reset.

**** End of log ****

#12 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 27 January 2012 - 10:35 AM

MiniToolBox by Farbar Version: 18-01-2012
Ran by User (administrator) on 27-01-2012 at 10:34:56
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost


**** End of log ****

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:40 AM

Posted 27 January 2012 - 03:49 PM

How is computer doing?

Did you disable system restore for whatever reason?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 28 January 2012 - 09:29 AM

I don't know what this means "Did you disable system restore for whatever reason?
". Also, when you open IE it is still defaulting to that http://search.popclick.net/ . The MSDOS icons have gone away though.

I don't know what a system restore is or now to enable or disable it. :) Sorry.

#15 MagageeMay

MagageeMay
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 28 January 2012 - 09:34 AM

Nevermind about the IE home page. I just went into tools menu and changed the default back to Yahoo (the way my fiance had it set) and it let me do that! PHEW!!! THANK GOODNESS!!!!

I do have another question. All the tests and things that we ran and saved to the desktop, do i need to keep those? (he does not like the extra icons on the desktop)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users