Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help Please - Infected Banner and Random Websites Popping Up

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby amateur » January 27th, 2006, 9:53 am

Hi Andy, :D

Thanks for the logs Both are clean. :D Please do the following to complete the uninstallation of AOL:

We'll need to disable Microsoft AntiSpyware temporarily so that it will not interfere with the fix.

1. Open Microsoft AntiSpyware.
2. Click on Options> Settings.
3. In the left pane, click on Real-time Protection.
4. Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
5. Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
6. After you unchecked these, click on the Save button and close Microsoft AntiSpyware.
7. Right click on the Microsoft AntiSpyware Icon on the taskbar and select Shutdown Microsoft AntiSpyware
Please re-enable it after the fix.

Scan with HijackThis and put a checkmark against she following entries:

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136735169\ee\AOLHostManager.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)


Close all other windows except HijackThis and click on "fix checked".

Using Windows Explorer, navigate and delete the following folders in bold:
C:\Program Files\America Online 9.0
C:\Program Files\AOL Toolbar
C:\Program Files\Common Files\AOL

I had asked you to do a scan with BlackLight, but never got the results. Let's do that too.

Download Blacklight Beta from here:

http://www.f-secure.com/blacklight/try.shtml
" Hit I accept. It will take you to download page.
" Download blbeta.exe and save it to the Desktop.
" Once saved... double click blbeta.exe to install the program.
" Click accept agreement and Click scan
This app too may fire off a warning from antivirus. Let the driver load.
Wait for it to finish.
" If it displays any items...don't do anything with them yet. Just hit exit (close)
" It will drop a log on Desktop that starts with fsbl....big number (where xxxxxxx represents numbers).
he application finds both bad files and legitimate ones such as "wbemtest.exe", so don't choose the rename option yet! Copy and paste the log it generated in your next reply.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA
Advertisement
Register to Remove

Unread postby andya729 » January 28th, 2006, 10:57 pm

Here's the log from Blacklight, which said it didn't find anything:
01/28/06 20:50:00 [Info]: BlackLight Engine 1.0.30 initialized
01/28/06 20:50:00 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/28/06 20:50:00 [Note]: 7019 4
01/28/06 20:50:00 [Note]: 7005 0
01/28/06 20:50:05 [Note]: 7006 0
01/28/06 20:50:05 [Note]: 7011 1800
01/28/06 20:50:05 [Note]: FSRAW library version 1.7.1014
01/28/06 20:51:29 [Note]: 7007 0

I also noticed when it started acting up again earlier today that in the lower left of IE, it referenced doubleclick.net, then went through a number of variations of the website I was trying to type in (adding extra www's and going through variants of the same address with .org, .net, .gov, etc.). I don't know if this is normal or I should be worried about it.

My other thought is that if it's possibly the firewall that's causing issues, should I uninstall ZoneAlarm and try a different one?

Let me know your thoughts and thanks again for all your help!
andya729
Regular Member
 
Posts: 36
Joined: January 2nd, 2006, 12:52 am

Unread postby amateur » January 29th, 2006, 1:13 am

Hi Andya729,

Zone alarm is a good firewall and it would not cause anything that you describe. Please don't uninstall it. It's odd that there is no sign of malware in your HijackThis log, and the BlackLight log is clean, but your description of "doubleclick" does indicate something. Here are some links for you to read.

http://www.mvps.org/winhelp2002/hosts.htm
http://www.mvps.org/winhelp2002/hosts.zip (90 kb)
http://www.mvps.org/winhelp2002/hosts.txt (358 kb)

How To: Download and Extract the HOSTS file
http://www.mvps.org/winhelp2002/hosts2.htm

HOSTS File - Frequently Asked Questions
http://www.mvps.org/winhelp2002/hostsfaq.htm

Note: the "text" version also make a good reference for determining culprit URLs .

Sign up for HOSTS file update notices
http://www.mvps.org/winhelp2002/hosts.htm#contribute

Then Replace your hosts file with one of the two options below. I recommend the first option.

Option A.
Replace your host file with the one available here. This one adds a huge list of sites to your host file to help prevent infection. Instructions are provided at that site.

Option B.
Download the Hoster from here
Press "Restore Original Hosts" and press "OK". Exit Program.

Next, I would like you to do the following:

Download Bobbi Flekman's RegSearch from
http://www.bleepingcomputer.com/files/regsearch.php

Create a folder for RegSearch on the C: drive called C:\RegSearch. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it RegSearch. Extract all the files from the zip archive into that folder.

Open the RegSearch folder and double-click the icon for RegSearch.exe to launch the program.
Copy / Paste the following line into the Search Box:

doubleclick

then hit Ok

After completion Notepad will be opened with all the found instances of the string. The resulting file is saved in the same location as RegSearch.exe.

If you have trouble with the above program, download this alternative tool :

Please download the Registry Search Tool from here: http://www.billsway.com/vbspage/

Unzip it to a convienant location such as your Desktop. Make sure that your Antivirus / OS allows the use of the .vbs scripts. If prompted, make sure to allow the script.

Double click regsearch.vbs
Copy / Paste the following line into the Search Box:

doubleclick

then hit Ok

It may take a while to run. It will tell you when it's done and offer you to look at the file.
Say Yes and when it opens copy/paste the content in your reply.
______________________________
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby andya729 » January 29th, 2006, 1:39 am

Thanks again for all your help -- not sure what' I'd be doing without you!

Here's the regfile:
REGEDIT4

; Registry Search by Bobbi Flekman © 2005
; Version: 1.0.2.4

; Results at 1/28/2006 11:36:31 PM for strings:
; 'doubleclick'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.co.uk]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"DoubleClickHeight"="#USR:Control Panel\\Mouse"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"DoubleClickSpeed"="#USR:Control Panel\\Mouse"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"DoubleClickWidth"="#USR:Control Panel\\Mouse"

[HKEY_USERS\.DEFAULT\Control Panel\Mouse]
"DoubleClickHeight"="4"

[HKEY_USERS\.DEFAULT\Control Panel\Mouse]
"DoubleClickSpeed"="500"

[HKEY_USERS\.DEFAULT\Control Panel\Mouse]
"DoubleClickWidth"="4"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net]

[HKEY_USERS\S-1-5-19\Control Panel\Mouse]
"DoubleClickHeight"="4"

[HKEY_USERS\S-1-5-19\Control Panel\Mouse]
"DoubleClickSpeed"="500"

[HKEY_USERS\S-1-5-19\Control Panel\Mouse]
"DoubleClickWidth"="4"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.com]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net]

[HKEY_USERS\S-1-5-20\Control Panel\Mouse]
"DoubleClickHeight"="4"

[HKEY_USERS\S-1-5-20\Control Panel\Mouse]
"DoubleClickSpeed"="500"

[HKEY_USERS\S-1-5-20\Control Panel\Mouse]
"DoubleClickWidth"="4"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.com]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net]

[HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Control Panel\Mouse]
"DoubleClickHeight"="4"

[HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Control Panel\Mouse]
"DoubleClickSpeed"="500"

[HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Control Panel\Mouse]
"DoubleClickWidth"="4"

[HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.co.uk]

[HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.com]

[HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net]

[HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.be]

[HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.co.uk]

[HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.com]

[HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.de]

[HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.ne.jp]

[HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.net]

[HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.nl]

[HKEY_USERS\S-1-5-18\Control Panel\Mouse]
"DoubleClickHeight"="4"

[HKEY_USERS\S-1-5-18\Control Panel\Mouse]
"DoubleClickSpeed"="500"

[HKEY_USERS\S-1-5-18\Control Panel\Mouse]
"DoubleClickWidth"="4"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net]

; End Of The Log...
andya729
Regular Member
 
Posts: 36
Joined: January 2nd, 2006, 12:52 am

Unread postby andya729 » January 29th, 2006, 11:00 pm

Sorry - realized later I probably should have included another HJT log.

Thanks again,

Logfile of HijackThis v1.99.1
Scan saved at 8:59:44 PM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5146223103
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3875980984
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37500.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
andya729
Regular Member
 
Posts: 36
Joined: January 2nd, 2006, 12:52 am

Unread postby amateur » January 30th, 2006, 11:02 am

Hi Andya729 :) ,

Thank you for the HijackThis log. It's still as clean as it can be. Were you able to install the hosts file, and did you notice any improvement?
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby andya729 » January 30th, 2006, 12:00 pm

I installed the hosts file (90% certain I did it successfully) and have had it happen once more since then.

I'm not sure how to read the regsearch file (two posts ago), but it looks like there are several entries for doubleclick with different country extensions on them - should I be worried about these or is it normal?

Thanks again,

Andy
andya729
Regular Member
 
Posts: 36
Joined: January 2nd, 2006, 12:52 am

Unread postby amateur » January 30th, 2006, 1:03 pm

Hi Andya729 :D ,
I'm not sure how to read the regsearch file (two posts ago), but it looks like there are several entries for doubleclick with different country extensions on them - should I be worried about these or is it normal?

Registry alterations are serious, I don't want to rush it. I am consulting about it. I'll get back to you as soon as I can.

It's a good sign that you've experienced "page is not available" error only once, since you installed the hosts file. It may have been a genuine case. Let's observe it a little longer.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby amateur » January 30th, 2006, 8:31 pm

Hi Andya729,

If the hosts file didn't make any difference, and you are still having problems, we can try one more thing.

Download this file from the link to your desktop.
http://www.mvps.org/winhelp2002/DelDomains.inf

It should look like a notebook tablet with a gear overlaid on it.
Right-click on the deldomains.inf file and select 'Install'

Once it is finished your Zones should be reset.

Note: Because this will remove all entries in both the Trusted Zone and the Restricted Zone, any program, tool, or settings that were previously used to set restrictions will need to be reset. For instance, if it's being used, IE-SPYADS will have to be reinstalled, and if Spybot is used, you will need to re-immunize, if you're using SpywareBlaster open it and select to "Enable all protection" again.

Please let me know how things are.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby andya729 » January 30th, 2006, 9:38 pm

The computer was unable to connect a couple times again for my wife today, so it doesn't look like it's working.

I ran the file. It pauses when I select Install, but I can't tell if it's actually run. Is there an easy to tell if it worked?
andya729
Regular Member
 
Posts: 36
Joined: January 2nd, 2006, 12:52 am

Unread postby amateur » January 30th, 2006, 10:07 pm

The computer was unable to connect a couple times again for my wife today


Can you explain that a little more please? No internet connection or while on the internet, "page is not available" error on another page?

I ran the file. It pauses when I select Install, but I can't tell if it's actually run. Is there an easy to tell if it worked?


I don't know of any easy tell. It's not a long process. So, it probably worked. Make sure that you re-enable spywareblaster, immunize Spybot and reinstall IE-spyad, if you have them.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby andya729 » January 30th, 2006, 11:47 pm

Sorry - Page is not available while on the internet.

I re-enabled spywareblaster and immunized Spybot, but I'm not sure I have IE-spyad (I also ran AdAware, Ewido, and CWShredder).

Let me know if there's something else I should be doing.

thanks,
Andy
andya729
Regular Member
 
Posts: 36
Joined: January 2nd, 2006, 12:52 am

Unread postby amateur » January 31st, 2006, 9:10 am

Hi,

Can you make a list of the pages that you are unable to go to repeatedly. It's possible that those are some sites that you shouldn't go anyway and are blocked by your security settings and programs.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby andya729 » January 31st, 2006, 9:19 am

When it first happened, there were some sites I could access and others that I couldn't. It seems now to be that when it happens, I can't access any pages.

Next time it happens I'll play around and see if there are any that I can go to. Some of the ones I've been trying are very standard sites (aol.com (my wife), yahoo.com, google.com, etc.).

Thanks,
andya729
Regular Member
 
Posts: 36
Joined: January 2nd, 2006, 12:52 am

Unread postby amateur » February 1st, 2006, 11:26 am

Hi Andya729,

Let's try one more thing to have a closer look.

Download reglook to your desktop. Unzip it!
Read here
how to unzip properly.
Open the reglook-folder and doubleclick runme.bat
Notepad will open with some txt in in (reglook.log)
Copy and paste the contents in your next reply.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 385 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware