[Inactive] I get redirected ,unable to set homepage

[WOODSY0]

Hi, I am a new member to Spywarehammer, and eager to see what might be controlling my computer. I use a Dell 1525 with Vista Home Premium, 32 bit, SP2 installed.

I know there is something up because my browser redirects to "About Blank" despite my efforts to set google as my default home page.

This error message was displayed from my McAfee Security Software that I have a subscription with until mid 2010.

C:\Users\Jaw\AppData\Local\Microsoft\Windows\TemporaryInternet Files\Low\Content.IE5\T5VW91U\dds[1].pif

Detection Name New Malware.

There was one other same file path with a different ending after content.IE5- \5828D5ZF\dds[1].pif.

It was able to quarantine those files. Below is my HJT log:
Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:24 AM, on 1/1/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: Copyright (c) 1993-2006 Microsoft Corp.
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe
O4 - HKLM\..\Run: [HD Tune Pro] C:\PROGRA~1\HDTUNE~2\HDTUNE~1.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MilShieldSlave] "C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - HKCU\..\Run: [Core Temp] "C:\Users\JAW\Desktop\New Folder\Documents\CoreTemp32[1]\Core Temp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: MilShieldCleaner - Unknown owner - C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8896 bytes

[Hoov]

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

Now onto trying to fix your computer.


I think the first place to start is with ccleaner to remove your temporary files. Then a quick scan with Malwarebytes' Anti-Malware to check for malware. Also I would like you to run Spybot, update it and then run a full scan and immunization. No logs are needed from Spybot, just let me know that you did it.

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

• Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.[/COLOR]

In the Applications Tab:

• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.[/COLOR]

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
• Update Malwarebytes' Anti-Malware
  
• Launch Malwarebytes' Anti-Malware

• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself.
• Press the OK button to close that box and continue.
  
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
  
• Then click on the Scan button.
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


Once you have done that, please try and change the homepage. If it still does not work, reboot to safe mode and change the homepage. If it changes, turn off IE and then restart it to see if it stuck, then reboot to windows and see if it stuck there as well. Let me know.

[WOODSY0]

Hi hoov,
 Thank You for getting back to me so quickly, I didn't expect that quick of a response. I wasn't paying attention to the site.

Well, a lot has changed since You wrote me almost 10 days ago. But I still Have some type of rootkit, malware, Trojan.

What I did was I went out and purchased Windows 7 Upgrade Family pack, because I was sick of this security and performance issues I had over the course of 18 months with Vista Home Premium. I was told 7 was faster and more "secure" than Vista. I knew I was going to need help with another Clean reinstall (I did 6 in 3 weeks with Vista), updates, driver downloads, and security downloads. My solution was Windows 7- upgrade.

Well I still have something on my system despite the clean install of Windows 7 3 times in the last week with Microsoft Tech support. It seems the system runs fine for 12 to 14 hours and then gradates- hanging in explorer 8, moving very slow during statrup, crashing during gmer scans  and web page navigation.

There is more I could tell you, because i think my WEP password was hacked, I've since had it changed to WPA -personal. But i still have problems.  Your Recommendations are welcome. WOODSY0





 

[Hoov]

Tell me how you did the clean install.

[WOODSY0]

Ok, the first 2 times the custom install and then upgrade was done at the direction of a Microsoft windows 7 install tech. I put the disk in my optical drive that came with with the Upgrade windows 7 Home Premium, powered off and powered on. Beacuse hit any key to boot fromm dvd/cd drive appears for a split second, I'm able to initate the process.

It unloads some files progress displlayed by a grey white loading bar.

Then it goes to that blue screen asking my language and what not according to Windows 7 Displayed arrangement.

I then get to the partion page. and each time I did this differently according to tech support. The final time I did a delete on my C partion and also on the D partion. the two partion combined into one. and then broke apart somehow so I was able to formatt only the C drive. It had 149.0 GB free space, out of 149 gb space.
Then I began to install the O/S  onto the C drive, using the custom install option from a upgrade windows7 home premium. the rest is on a txt attachment.

[Hoov]

OK, I just wanted to make sure that at least one time you deleted the partitions. The only thing that can live thru that is a rootkit on the Master Boot Record (as far as I know). So we start with the big guns, I was going to have you run something, but I need to check on it first.

[Hoov]

Sorry, I had to make sure it worked on windows 7, and it didn't, so we have to go with a different big gun.

Download Sophos Anti-Rootkit & save it to your desktop after filling out the questionaire and reading the EULA.

Note: You will need to enter your name, e-mail address and location in order to access the download page.

• Double-click sarsfx.exe to extract the files.
  
• Click the Accept button at the EULA, then Install to the default directory
  
• At the next prompt, click Yes to start the program
  
• Make sure the following are checked:
• Running processes
• Windows Registry
• Local Hard Drives
• Click the "Start Scan" button.
  
• Allow the program to scan your computer - please be patient as it may take some time
• Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  
• In the main window, you will see each of the entries found by the scan (if any)
• If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
• Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
• If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
• To clean up these entries click on the Clean up checked items button
  
• If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
• Once you have cleaned the selected files, when prompted, please re-boot your computer.
• After reboot, a dialog box displays the files you selected for removal and the action taken.
• Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
• When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
• Please post the contents of this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.

Note: If the scan is performed while the computer is in use, false positives may appear in the scan results. This is caused by files or registry entries being deleted, including temporary files being deleted automatically.

[WOODSY0]

[/glow][/pre][/pre]

[WOODSY0]

[/li]
[li][/li]
[/list][/glow][/pre][/pre]

[/li]
[li][/li]
[/list][/glow][/pre][/pre]

[WOODSY0]

Hoov

there is no sarsfx.exe at the link you provided. thers is however this new approach from what I read to use this sar_15_sfx.
Does that make any difference? I'm not discovering much than 4 files and I will provide them. It's Knowledge base is saying that if I have an infected Domain Controller  on Windows NT/@ooo/XP/2003/computer I need to use a Sophos Anti Virus scan.

My question is since I was able to run gmer the other day, why can't we use that know.

I did have differing versions of NT/ 20003 server/ 2005/ and 2008, at some point over the last 2 plus years.

Will I lose integrity with the gmer scan?

It probably won't run gmer now the system is cluttered compared to Wednesday. And the other drawback is you must use the rootkiit and virus scanner in Cmd Prompt.

Let me know please?
Thanks Woodsy0

[WOODSY0]

Ok I wa able to download the anti- virus software, not as you instructed, but as the Sophos ant Rootki Page directed. it seems that they run in conjunction with each other Hoov.  I'd rather follow your direction, but last scan yielded only 4 entries, this time i netted 8. here are the details:
1.
Area:   Local hard drives
Description:   Unknown hidden file
Location:   C:\Windows\winsxs\x86_prnep00d.inf_31bf3856ad364e35_6.1.7600.16385_none_5220f1c4427c5171\I386\EP0NRE8H.DLL
Removable:   Yes (but clean up not recommended for this file)
Notes:   (no more detail available)
2.
Area:   Local hard drives
Description:   Unknown hidden file
Location:   C:\Users\LarryBowa\AppData\Local\Citrix\GoToAssist\GoToAssist_chat2way_service_516_en.exe
Removable:   Yes (but clean up not recommended for this file)
Notes:   (no more detail available)
3.
Area:   Local hard drives
Description:   Unknown hidden file
Location:   C:\Users\LarryBowa\Desktop\dds.scr
Removable:   Yes (but clean up not recommended for this file)
Notes:   (no more detail available)
4.
Area:   Local hard drives
Description:   Unknown hidden file
Location:   C:\Users\LarryBowa\Desktop\RootRepeal.exe
Removable:   Yes (but clean up not recommended for this file)
Notes:   (no more detail available)
5.
Area:   Local hard drives
Description:   Unknown hidden file
Location:   C:\Program Files\NOS\bin\getPlus_Helper.dll
Removable:   Yes (but clean up not recommended for this file)
Notes:   (no more detail available)
6.
Area:   Local hard drives
Description:   Unknown hidden file
Location:   C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
Removable:   Yes (but clean up not recommended for this file)
Notes:   (no more detail available)
7.
Area:   Local hard drives
Description:   Unknown hidden file
Location:   C:\Windows\Downloaded Program Files\gp.ocx
Removable:   Yes (but clean up not recommended for this file)
Notes:   (no more detail available)
8.
Area:   Local hard drives
Description:   Unknown hidden file
Location:   C:\Users\LarryBowa\Desktop\TFC.exe
Removable:   Yes (but clean up not recommended for this file)
Notes:   (no more detail available)

It's funny 2. is in a file that had that Citrix (Desktop Sharing software drom Mcafee) that I tried to uninstall after our session. 3. Some of the other fikes are logs from dds.scr- looking for rootkits. 4. Is from Root Repeal that iwas guided to use to stoop loopbacks I believe.

Let me know Hoov
Thanx WOODSY0

[Hoov]

Do you know the manufacturer of your harddrive? If not go to the hardware manager and get a model number for your drive and I can find it.

[WOODSY0]

According to what I can see from the mannual that came with it :
Seagate   ST9160821AS 160 GB SATA.

[Hoov]

OK, from what you have described to me, you have something on your drive that is surviving a fdisk operation. So you need to run a low level format on the drive, and then reinstall windows and see if it happens again. Here are the instructions on how to do it. Read it over and let me know if it makes sense. I am assuming that installing windows is not a problem, or reinstalling your drivers and other software.

Let me know if you have any questions.

And just in case you are wondering, I am not brushing you off, its just you have already taken about the most extreme steps to get rid of this problem. The only other thing that concerns me is any backup disks you have with data on them, or disks that are not commercially burned. They could have the malware on them. So if you do this low level format, then I would ask that you run the computer for 2 days without putting any of this backup data, or home burned CD's into the computer. Just let it run windows updates, and install files you have gotten online from an unimpeachable vendor (no torrent downloads or other P2P downloaded software, nothing that has been hacked or otherwise gotten from a non legitimate source).

Are you willing to try this?

[WOODSY0]

Hi Hoov,
You bet! I'm going to investigate that link as soon as I'm done writing. The funny thing is that The jerk who hacked my home network inserted "developer tools" - an option under tools just above internet options in my drop down menu. I have some interesting txt files that are some type of tool used to write commands. across the top it goes  HTML  Css  Script  Profiler  . Then below that there is a non highlighted tree top entitled ServerInfo: BY1IDSPLGN1E01, and below it  PreprocessInfo: BTSA007:TK1ES  and then it cuts off.

Beneath that line is  a +  <html dir+"ltr">  Do you now what this might be Hoov?  I did not save and reload anything from my previous O\S Vista Home Premium. I'm pretty sure I was hacked or something and this person has taken control of a bunch of files and folders including the Administrative permissions I used to have exclusively.

I am the only one who uses my computer and router much of the year. My housemates 2 college aged children come home about 4 a year.
 
I was able to see what some of this persons favorite websites are and they include a   Microsoft TechCenter Library article  entitled "Configuring Specific Features" . In the body of that text is a subtitle that reads " Redirected Folders". Do you think Your way of low level formatting will remove the CPU consuming permissions and objects this person has corrupted?

Is there a place I can have this reported? What can I do to protect myself? I stopped using the wireless WiFi adapter and moved to a ethernet cable connection.   Alll my devices have moved to degraded status.

I really appreciate your help. I never thought for a second you were brushing me off Hoov.

Thank You
WOODSY0