OldGeekina

Okay thank you, I will try to get that done by the moderate AM!

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data. I learned that a few years ago (not through here) messing with Combofix. Vista and Windows 7 users: 1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator") I am running Windows XP.... if I can't clear this mess up I will be chucking it for either Windows7 or Debian Linux. Will instructions be any different than what you gave for Vista or Windows7? Thank you

A priest was also an avid golfer and it was a beautiful Sunday morning so he begged off sick and got someone to cover for mass and sermon... and snuck out to the course. St. Peter looked down, seen this and called God's attention to this. "Disgraceful, disgusting and horrid. You should level your worst at him to to make him see the error of his ways!" he urged. Instead, God gestures as he tees off, and the priest does a hole in one. St Peter about pops his cork about this, "NO NO NO, you shouldn't be REWARDING him!!!! Remember, he snuck off from Your work to go GOLFING!" But it seemed to no avail. The more St. Peter seemed to rail against it, the more God favored this priest on the fairway, eagle this, birdie that, several strokes under... and finally; the round ends. The priest has had an ASTOUNDING round, breaking the course record, and one of those lifetime games... St. Peter has about ripped out all his hair and is ready to toss his halo. "I have no idea, I just can NOT understand why you didn't call up a storm, strike him with lightning, and give him the most miserable round he could have ever dared to play?" God turns to St. Peter with a most beatific smile. "He is a priest, he was supposed to be sick... who is he going to be able to TELL?????"

This is a pretty close copy of a Bruce Cameron column he did on two hamsters .... and several years older than this. Look up the Cameron Column

My harddrive kept clicking away all the time unless I unhooked from lan. Running AVG as firewall. Did a weekly run of Superantispyware for a cookie burn; Spybot Search and Destroy, and AVG got it's turn too. (Oh, Windows XP Pro with service packs and using Mozilla Firefox for browser) Started getting notices my messages couldn't be delivered to mostly .ru addresses from postmaster at some URL with .ru ..a few a week. Started digging. THEN started having Google redirect, and with a vengeance. As in try to type in www.microsoft.com, it would start to connect (loading and the circle going around) then show up with 'your system is infected let us scan it and fix it for you' as a great majority of the time. Type in www.microsoft.com again, and.. once in awhile it offered to let me download some antivirus program, even Norton on occasion. It might take five times to get to microsoft. And trying to navigate once AT microsoft, there I could be hijacked again. googlead.sgdoubleclick.net, CPAdominator.com, 113594url.cputgt.com, PCspeedmaximizerdownload.sg.amazonaws.com ... recognize any of these? A few would fire in a row before you got to the 'let us scan your computer and fix it for you' Repeated manual cookie burns; temp file purges, tell browser history to 'forget about this site' and run software to clean stuff up until I was blue in the face. Update everything, UNPLUG from LAN and run stuff until it all said nothing found... plug in and it kept right on going. Noticed my AVG firewall was disabled for over a minute at startup so would startup with lan unplugged and that screen up, when it turned green, plug in lan. Still not getting anywhere. Uploaded Malwarebytes; it found five things in files and a Hijacker and a Trojan in the HKEY files. Let it do it's magic. Rogue installer, file: c:\Documents and Settings\(me)\mydocuments\downloads\setup.exe c:\Documents and Settings\(me)\mydocuments\downloads\setupxv.exe c:\Documents and Settings\(me)\mydocuments\downloads\setupxv[2].exe c:\systemvolumeinformation\_restore{63e7c4e9-6da2-4dd4-a055-c8lafba893be}\RP156\a0028346.exe Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WindowsNT\CurrentVersion\imagefileexecutionoptions\setup.exe Trojan Hiloti.gen c:\windows\henige.dll PUM.Hijack.Startmenu Registry Data HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\currentversion\explorer\advanced\start_showsearch [handwritten notes for above, did best I could on decipher] Went right around the merrygoround again. Loaded IE8 and let them have a crack at cleaning as well. Went right around the circle again. Paid Malwarebytes for full functionality... It is saying I'm clean, but something is still trying to call out. Wrote down several IP addresses or address blocks; looked them up in a physical IP locator and most are in Russia, a few in Switzerland, one in Pennsylvania, etc... and it still is trying to call home and Malwarebytes is blocking it, sometimes it gets in a tantrum and tolls a different one every minute for fifteen or twenty minutes. 206.161.121.100 208.94.233.34 68.169.64.131 68.169.92.41 66.230.188.67 68.169.92.54 68.169.92.39 64.15.72.154 64.15.72.104 66.230.188.67 64.111.196.118 78.140.143.83 173.236.56.93 65.79.193.14 64.15.72.46 91.200.240.32 <Switzerland address 91.212.226.6 <Server.Lu A(name) Z(name) A(name) eastern russian area 62.122.75.136 <Leksim LTD, Switzerland (very popular, comes up a lot, also from same block, .138) 94.60.205.232 <Baltic Center of Innovations/TechPROMinvest Ltd Russia Why is Malwarebytes missing what's sending this this? Oh, Combofix. I had something doing keylogger about a year ago; trying to fix it I ended up having to try combofix and ended up zorching everything. Three years of work gone off that drive, yes I did try to retrieve it. My other option is to say bleep with it, I can still get to my graphics and text files, write off some software licenses I bought and move to Windows7 Suggestions while I save files to backup media and squeeze my budget for Windows7?