nikkers1970
1 Copper

Re: code 80073EFE and browser hijacking

It's running much better. I can access Windows Update now, but am still getting redirected when I try to access hxxp://www.phoenixviewer.com It sends me to a DCS2 MMORPG Framework page, even though the address in the address bar doesn't change. It seems to be the only problem I'm still having though, as I no longer get brower redirects when trying to search or access any Windows Update or antivirus web pages.

0 Kudos
1972vet
5 Tungsten

Re: code 80073EFE and browser hijacking

Is that your result when using either browser...Firefox or Internet Explorer?I

Disabled Veteran, U.S.C.G. 1972 - 1978
[IMG]http://i72.photobucket.com/albums/i183/1972vet/mvpsigpic.jpg[/IMG]
Member: [url=http://www.uniteagainstmalware.com/]U.N.I.T.E.[/url], [url=http://asap.maddoktor2.com/]A.S.A.P.[/url]

[url=http://www.microsoft.com/windowsxp/using/setup/maintain/improveperf.mspx]Windows XP Performance and Maintenance[/url]
[url=http://windowshelp.microsoft.com/Windows/en-US/maintenance.mspx]Windows Vista Performance and Maintenance[/url]
[url=http://www.microsoft.com/atwork/maintenance/speed.aspx]Windows 7 Performance and Maintenance[/url]

0 Kudos
nikkers1970
1 Copper

Re: code 80073EFE and browser hijacking

Yes.....except i tested it again just now and I got onto the site properly. It's very strange. It's something I can live with, though, so long as I'm virus-free. I am nervous running this long without AVG though, can I put it back on?

0 Kudos
1972vet
5 Tungsten

Re: code 80073EFE and browser hijacking

Go ahead and reinstall AVG. Update it manually and install all the updates it finds. Continue with another manual update and download again anything found. Continue in that manner until the manual update no longer finds anything. When you finish, boot to safe mode and run a complete system scan. Post back the results. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
[IMG]http://i72.photobucket.com/albums/i183/1972vet/mvpsigpic.jpg[/IMG]
Member: [url=http://www.uniteagainstmalware.com/]U.N.I.T.E.[/url], [url=http://asap.maddoktor2.com/]A.S.A.P.[/url]

[url=http://www.microsoft.com/windowsxp/using/setup/maintain/improveperf.mspx]Windows XP Performance and Maintenance[/url]
[url=http://windowshelp.microsoft.com/Windows/en-US/maintenance.mspx]Windows Vista Performance and Maintenance[/url]
[url=http://www.microsoft.com/atwork/maintenance/speed.aspx]Windows 7 Performance and Maintenance[/url]

0 Kudos
nikkers1970
1 Copper

Re: code 80073EFE and browser hijacking

Unfortunately, I can't get into safe mode. My keyboard is USB and my bios doesn't recognize it outside of Windows. I don't have the other type of connection to hook up an older keyboard. It's a pain, but my keyboard is useless outside of Windows.

I'll run the rest of it though and post the log.

0 Kudos
nikkers1970
1 Copper

Re: code 80073EFE and browser hijacking

This is the only log I could find when AVG was done:

"Scan ""Whole computer scan"" completed."
"No infection was found during this scan"
"Folders selected for scanning:";"Whole computer scan"
"Scan started:";"November-19-10, 1:35:05 PM"
"Scan finished:";"November-19-10, 3:26:08 PM (1 hour(s) 51 minute(s) 2 second(s))"
"Total object scanned:";"1743774"
"User who launched the scan:";"Nikki"

If there's another more detailed log, I have no idea how to find it.

Thanks for all your help, I REALLY appreciate it!!!

0 Kudos
Highlighted
1972vet
5 Tungsten

Re: code 80073EFE and browser hijacking

Alright then...things look pretty good now. It's my bet that your intermittent access to the web site you mentioned may have just been peculiar to the particular browser. If you should have the same thing occur again with that web site, be sure you clear the browser cache and delete cookies. You can change settings in both browsers, FF and IE to empty the cache when you close the browser.

You can delete these now:
DDS.scr
DDS.txt
Attach.txt
TDSSKiller and related logs


Next, please click start-->run...then copy and paste the Bold text below into the run box and click "OK":
 
ComboFix /Uninstall
 
Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically.

To assist in the prevention of malicious software intrusion and infections:
 
Please remember to keep antivirus software on board and always use it's real time protection feature. Run a complete system scan at least once a week...preferably in Safe mode
 
If your antivirus program is a licensed version that is about to expire, you can consider using one of these available free on the public domain:
 
Microsoft Security Essentials
AntiVir Personal Edition Classic
Avast! 4 Home Edition
 
Those of us in the online safety/security community have tried and tested these programs to determine their abilities. Having in mind, nothing is ever a guarantee regarding computer security, these programs nevertheless, combined with the rest of these recommendations are certain to have an impact in helping to keep your system running free and clear. I personally have been completely satisfied from having tested and used each one of those at one time or another. 
 
Windows Vista and Windows 7 have a software firewall built in and activated by default. And, just as with Windows XP, it's not quite the best defense, although it is a little better than it's predecessor. 
 
Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.
 
You should always have at least (but not more than ) one of these types of third party firewalls running on board:
Sunbelt Personal Firewall
 
Zone Alarm Beware This download includes the Ask Toolbar...The ZoneAlarm Spy Blocker toolbar is powered by "Ask.com". The "Ask" search engine will cause "targeted" ads to be presented to you based upon the content of the web pages you visit, any personally identifiable information you have provided to "Ask.com", or keywords appearing in your search queries. Many security experts consider this type of behavior offensive...Windows 2k/XP/Vista
 
Outpost Free
 
Comodo...I highly recommend this firewall, but it may just be best suited for advanced users. 
 
Stay updated with the most recent Windows patches using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.
 
Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.
 
If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.
 
Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from  your browser" option during installation setup or else just download the Slim version (no toolbar...last download link at the bottom of that page)...
 
Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:
Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. 
 
Don't forget to check your system's "defragmenter" settings. With Windows Vista, you have the option to set this as a scheduled event. It is best to have your system's "defrag" function scheduled for at least once a week.
 
So how did I get infected in the first place?
Regards, and Happy Surfing!

Disabled Veteran, U.S.C.G. 1972 - 1978
[IMG]http://i72.photobucket.com/albums/i183/1972vet/mvpsigpic.jpg[/IMG]
Member: [url=http://www.uniteagainstmalware.com/]U.N.I.T.E.[/url], [url=http://asap.maddoktor2.com/]A.S.A.P.[/url]

[url=http://www.microsoft.com/windowsxp/using/setup/maintain/improveperf.mspx]Windows XP Performance and Maintenance[/url]
[url=http://windowshelp.microsoft.com/Windows/en-US/maintenance.mspx]Windows Vista Performance and Maintenance[/url]
[url=http://www.microsoft.com/atwork/maintenance/speed.aspx]Windows 7 Performance and Maintenance[/url]

0 Kudos
nikkers1970
1 Copper

Re: code 80073EFE and browser hijacking

Thanks again. Got those files deleted, set a clean System Restore point. What a great service you do here, thanks!

0 Kudos
1972vet
5 Tungsten

Re: code 80073EFE and browser hijacking

You are quite welcome indeed. So glad we could help!

Disabled Veteran, U.S.C.G. 1972 - 1978
[IMG]http://i72.photobucket.com/albums/i183/1972vet/mvpsigpic.jpg[/IMG]
Member: [url=http://www.uniteagainstmalware.com/]U.N.I.T.E.[/url], [url=http://asap.maddoktor2.com/]A.S.A.P.[/url]

[url=http://www.microsoft.com/windowsxp/using/setup/maintain/improveperf.mspx]Windows XP Performance and Maintenance[/url]
[url=http://windowshelp.microsoft.com/Windows/en-US/maintenance.mspx]Windows Vista Performance and Maintenance[/url]
[url=http://www.microsoft.com/atwork/maintenance/speed.aspx]Windows 7 Performance and Maintenance[/url]

0 Kudos