Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Freeware Forum > General Computer Support

Reply
 
Thread Tools Display Modes
Old 13. May 2012, 04:33 AM   #11 (permalink)
Senior Member
 
Join Date: Oct 2011
Posts: 187
Default

I failed too mention that i had wot downloaded with firefox, and it was working just fine, but its gone also, like i was told im not going to do anything until i answer your questions and see if you guys can help me after you get the info needed.
also, mbam was a download and its updated daily also, its not catching anything,
i also recall removing the 2 check marks so "ask" would not become my homepage, when downloading firefox.

when i downloaded it the first (and only time) it to me to the soft32 download, and its the one that worked very well for about 2 weeks, thats what scares me.

any help sure would be appreciated, thanks in advance.

it should be noted that i turned my computer off for a couple days, it was fine then. when i turned it on i found this problem, thanks for all you guys do

i am not logging in as admin, just limited access, i learned that lesson the hard way.

yes i have and use sandboxie, just wasnt sure about downloading in a sandboxed environment, boxie and i are forever attached

google toolbar (i forgot the method) but i went to add/remove programs and removed google everything. i did this some time back

Last edited by placou 1968; 13. May 2012 at 04:45 AM. Reason: additional answer
placou 1968 is offline   Reply With Quote
Old 13. May 2012, 05:45 AM   #12 (permalink)
Senior Member
 
Join Date: Oct 2011
Posts: 187
Default

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:00:05 PM, on 5/12/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Browser Defender\BDTUpdateService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Browser Defender\FGuard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KHXPLRQJ\HijackThis[2].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.semo.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Browser Defender\PCTBrowserDefender.dll
R3 - URLSearchHook: Search Results Toolbar - {e5593220-bcaf-4b30-89fe-af988d0eacaa} - C:\Program Files\searchresults\toolbar2X.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Browser Defender\PCTBrowserDefender.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\s wg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Browser Defender\PCTBrowserDefender.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\Browser Defender\FGuard.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunOnce: [PM_reg] c:\windows\regedit.exe /s c:\sysprep\Nic_pm.reg
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1320621162968
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Browser Defender\BDTUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 7338 bytes
placou 1968 is offline   Reply With Quote
Old 13. May 2012, 07:03 AM   #13 (permalink)
Editor
 
George.J's Avatar
 
Join Date: Oct 2010
Posts: 1,927
Default

Placou thanks for providing furthur info. The downloader & updater is a only a generic virus detection by certain antiviruses. (that can be included in the class of suspicious files). It's not necessary that all antiviruses classify it was malware and hence a detection.

Glad to know you were using all safe practises like WOT, Sandboxie, Limited access Windows account and an anti-malware scanner. The reason that had caused this problem is sadly your sheer carelessness. As I told there's a high chance that Ask was installed from Soft32 downloader. Probably after unchecking both the checkboxes you might have clicked "Accept" button instead of "Decline". This is how Ask forges itself to make people think that you have to "Accept" this change to install the software on the system.

For example watch this screenshot: http://www.howtodownload.org/wp-cont...layer_pic7.png .

Now for the cleanup, we would like you to perform these, for furthur help. Close all other running programs before you run these tests.
  1. Fix these with HiJackThis – mark them, close IE, click fix checked

    R3 - URLSearchHook: Search Results Toolbar - {e5593220-bcaf-4b30-89fe-af988d0eacaa} - C:\Program Files\searchresults\toolbar2X.dll (file missing)

    O4 - HKLM\..\RunOnce: [PM_reg] c:\windows\regedit.exe /s c:\sysprep\Nic_pm.reg
  1. Click START->RUN->type in %temp%-> OK->Edit->Select all-> File->Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Empty the recycle bin

    Boot and post a new hijack log.
  1. Since we have hardly any time to analyze GMER log, download and run zip archive of Kaspersky
    TDSSKiller
    , run the exe file and note if you have any rootkits on your system.
  1. Uninstall Firefox completly from your system. Use this guide
__________________
If you seek for attention, do common things in life in an uncommon way!
George.J is offline   Reply With Quote
Old 13. May 2012, 04:12 PM   #14 (permalink)
Senior Member
 
Join Date: Oct 2011
Posts: 187
Default

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:09:19 AM, on 5/13/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Browser Defender\BDTUpdateService.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Browser Defender\FGuard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.semo.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Browser Defender\PCTBrowserDefender.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\s wg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Browser Defender\PCTBrowserDefender.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\Browser Defender\FGuard.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1320621162968
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Browser Defender\BDTUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 6674 bytes
placou 1968 is offline   Reply With Quote
Old 13. May 2012, 04:45 PM   #15 (permalink)
Senior Member
 
Join Date: Oct 2011
Posts: 187
Default

the kaspersky tdsskiller is on my computer and has been for about a year, it has never found anything before, and in running it today it finds no detected problems in scanning 284 items. i dont know how to get a copy of the report saved to upload, and it wont let me copy paste...but it shows all ok.

i wasnt able to get mbam completed before this am to post with hijackthis, a full scan took about 6 hours.....and it found nothingbut its saved if i need to post it.

im still not doing anything to remove anything, (other than what you advise) im placing my trust in you guys, thanks again
placou 1968 is offline   Reply With Quote
Old 13. May 2012, 10:04 PM   #16 (permalink)
Editor
 
George.J's Avatar
 
Join Date: Oct 2010
Posts: 1,927
Default

Placou, it's not necessary that you should run full scan with MBAM. If you find any infections or suspicious objects during quick scan, only then you're required to perform full scan, as it may take hours to complete. Good to know that TDSS killer tests came out clean. I prefer GMER than TDSS killer, but in my busy schedule right now, it would be hard to find time to analyze the logs.

Seems like Ask had kissed goodbye from your system. Did you just say that you tried to remove Google toolbar. I guess it's not yet gone from your system.

Fix these items:
  • O8 - Extra context menu item: &Google Search - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsearch.html
  • O8 - Extra context menu item: &Translate English Word - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmwordtrans.html
  • O8 - Extra context menu item: Backward Links - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  • O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmcache.html
  • O8 - Extra context menu item: Similar Pages - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsimilar.html
  • O8 - Extra context menu item: Translate Page into English - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmtrans.html

Are you using Chrome, Google Earth or other google related applications? If you do not wish to use the Google update service (I have disabled it because it stalls my pc sometimes) then you can delete these entries:
  • O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program
    Files\Google\Update\GoogleUpdate.exe
  • O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. -
    C:\Program Files\Google\Update\GoogleUpdate.exe
  • O23 - Service: Google Software Updater (gusvc) - Google - C:\Program
    Files\Google\Common\Google Updater\GoogleUpdaterService.exe

You should be clean by now. Did you uninstall Firefox using the guide instructions I posted earlier. If so, you can download and install Firefox from Softpedia.
__________________
If you seek for attention, do common things in life in an uncommon way!

Last edited by George.J; 13. May 2012 at 10:17 PM.
George.J is offline   Reply With Quote
Old 14. May 2012, 09:11 PM   #17 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,275
Default

Quote:
Originally Posted by placou 1968 View Post
I recently downloaded mozilla and used the browser for about 2 weeks, (default set) worked just fine
What do you mean by default set?

Quote:
Originally Posted by placou 1968 View Post
i had been getting trojan and malware messages in hitman on the set up download, but not until after it was installed
Did you scan with Hitman after you had downloaded the Firefox setup from Soft32, or after you had installed Firefox?

If you had scanned with Hitman after downloading the Firefox setup from Soft32, but before installing it... you should not have gone ahead with the installation.

Remember that any amount of security software will not prevent you from an infection, if you are not careful yourself, and do not follow safe practices.. or ignore alerts from the security software.

Ultimately, the safety of the PC depends on the user who uses the security software.

Quote:
Originally Posted by placou 1968 View Post
now i have a new browser with "ask" as my search engine/homepage, it has never been my homepage, I have had the same homepage since 1997
http://i.imgur.com/fp0Ec.png?1
http://i.imgur.com/XenR7.png
Most probably, Ask has been installed as search engine/homepage, because you missed it while installing a software on your computer.. or, you got confused by the options presented while installation... as some of these can be tricky.

You should always be careful while installing software on your computer, and the process should be done slowly, paying attention to each and every screen.. because nowadays many software, even the free ones, are bundled with extra software. Often, some of them can present confusing screens, to lure the user into installing the bundled software.

Was Ask presented to you while installing Firefox via the Soft32 downloader? If not, it must have been installed with any other software that you installed recently.

I would also like to ask, why did you decided to download Firefox from Soft32? How did you even come across Soft32?

Because I tried searching for the terms "Firefox", "Mozilla Firefox" on Google, and Soft32 does not come up in the results for 2-3 pages. So, how come you downloaded from Soft32?

You should take care as to where you download any software from. First preference should always be given to the home site of the software. That's where you will find the latest version of the software.

Sometimes, the official download of a software from their site will lead to a download site. That's fine. Most of them are reputable download sites. Still, even reputed sites like Download.com have started to offer their own downloader. So, Download.com should be avoided.

If you have to download from another download site, then make sure you download from a reputed one. George.J in his post has mentioned these reputed sites. These were also mentioned in another thread earlier by myself, although without any links.

I am perplexed as to why you decided to download from Soft32.

You say that Firefox is not there. However, in the second screenshot that you posted, shortcut of Firefox is visible on the desktop. Or, was that screenshot taken before the problem? Is that the case?

I notice that the icon of Firefox appears to be changed, and is black, which is not the original icon of Firefox. Had you changed that? Or, it got changed somehow, and you haven't noticed it?

So, what's the case... is Firefox shortcut icon still on desktop?

If that black Firefox icon is there, clicking on it starts Firefox?

Quote:
Originally Posted by placou 1968 View Post
I also noticed some shortcuts dont work, and under their properties they have been given different (target/paths?)
Can you post about some of the shortcuts that do not work? Please post their name, and also post their target path which appears to be changed. That can give an idea to the problem.

Had you installed any software in the past few days, which might have caused this problem? Or, performed any scan with a security software... and had tried to fix the problems that it had found?
That might be the reason behind the shortcuts not working, or Firefox not being there on the system.

Unless a change has been made to the system in some way, its weird that suddenly some day, you start the system, and Firefox is not there. Certainly some change has taken place somehow. Try to remember what you did or installed in the past few days.

Were you running Firefox sandboxed all these days?
__________________
Anupam
Anupam is offline   Reply With Quote
Old 14. May 2012, 09:17 PM   #18 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,275
Default

I would also recommend to you, to take some time, and read and understand these articles, and follow the safe practices provided in them. Take your own time to go through them, but do read them once.

It's not necessary to follow all the advices in the articles, but please follow whatever you can.

http://www.techsupportalert.com/safe-surfing.php

http://www.techsupportalert.com/cont...under-hour.htm

http://www.techsupportalert.com/cont...-malicious.htm

http://www.techsupportalert.com/how-...re-your-pc.php

http://www.techsupportalert.com/cont...r-infected.htm

http://www.techsupportalert.com/cont...e-online.htm-0

Don't be overwhelmed by the number of the articles above. But, read them whenever you can.

Browsing while sandboxed will keep you safe for most part.

Be careful of where you download from, what you download, and during the installation process.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 15. May 2012, 12:24 AM   #19 (permalink)
Editor
 
George.J's Avatar
 
Join Date: Oct 2010
Posts: 1,927
Default

Placou, I can also see that you have turned on your Indexing Service on Windows XP. Are you sure you really want to use this feature, if you normally do not spend a great deal of time searching for your files or for strings of texts within these files? If you don't search very often, I guess it's not a good idea to devote your system services for speeding up a service that you really do not want. Because by disabling the indexing service you'll save a great deal of processor resources and RAM on Windows XP. But if it doesn't bother you, feel free to keep the service. You may choose to disable the service, only in case you find your computer is slower and procesor usage is erratic at times, and you don't search very often.

Here's a tutorial of the symtoms and how to turn off Indexing Service from Microsoft.:
Windows XP may run slowly and you may see multiple symptoms in Windows Task Manager
__________________
If you seek for attention, do common things in life in an uncommon way!

Last edited by George.J; 15. May 2012 at 12:31 AM.
George.J is offline   Reply With Quote
Old 15. May 2012, 02:52 PM   #20 (permalink)
Senior Member
 
Join Date: Oct 2011
Posts: 187
Default

in response to Anupam, I dont know how i was directed to soft32, i noted we had discussed that in a different post a week, or two ago. I dont recall why, but i had a screen shot that showed soft32 from back then.
I have not intentionally went there, i think I typed in a seach engine, Mozilla foxfire browser (its been a while, im not sure) and i was taken to a site that was mostly orange, i think a woman and a dog were on the page, the (icon) i associate with mozilla was there and a download button.
1. I downloaded it, setup or installation of it was placed on desk top in form of an icon of a kid.
2. i began the installation , everything worked fine upon completion, i used it as i thought was proper, no knowingly bad sites..etc.
3. the icon started out as an orange round ball ?, type looking as if it was rolling indicating fast i suppose. I do know it to be the icon related to that product.
4. the other icons remain the same, but when you r. click properties i would find "for instance" target/paths were not correct it might say, c/programs/guest/documents/mozillafoxfire.exe, when you were looking at properties for say "imgur" (what i described is an example only, not specific) i knew that was a problem and i came here, not knowing what kind of problem.
5. the different icon appeared after turning on computer from a 3 day on purpose shutdown, and i had no mozilla firefox browser, just the icon that had changed, and i dont recall where the target and path were pointed, but it wasnt there.
6. i did not try the other icons to see if they worked, knew they wouldnt at time and didnt know what that would cause in computer.
7.hitman only caught it after installation was complete, i scanned the installation icon and contents with mbam, mse but hitman was the only one that caught it.
8. SPECULATION ONLY, maybe hitman uploaded the captures, made a determination and removed the items? its set to ask before doing, but i dont know if that is a constant, i dont catch much with it
9. ASK was offered at the time of download firefox

i DID hit the wrong button after unchecking the ASK toolbar questions that was provided, and right you are, i read it twice, and im able to comprehend well, but i did hit the wrong button.

The good news is...after following the instructions of "george' to the letter, and taking my time to do it as correctly as possible and when i finished, I called my ISP, (and there a company every living being in the world has heard of) under remote connection i was told this, "from the screen shots, and the cleanup you have done, you could work here, theres not a trace left that i can find, i notice we use the same tools so that helped also" thats a compliment back to "george", and I thank very much as well, but i cant take your credit.
in the address bar i typed, www.MozillaFirefox.com....it tool me to (below)
http://www.mozilla.org/en-US/firefox...rom=getfirefox
thats where i started from, all i did was hit download

Last edited by placou 1968; 15. May 2012 at 03:36 PM. Reason: add to
placou 1968 is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 02:03 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.