Could you do the following:

Run IE and firefox with all addons disabled… Do you still get the alerts ?

Will do in the morning. Not only have I had a headache for the last several days, but we’ ve had storms on and of today, do I’ve d/c our internet, so I’m responding to you right now from my Droid…
I will do as you ask, however, I thought I had tried that already.
Btw, I’m East Coast, USA, just for “morning” reference…
~E

No we have not run FF in safe mode yet ;D

Sorry I did not respond in the morning as I previously said I would… Had an appointment that could not be avoided. Maybe these new meds will bring my BP back down ( was 182/110!!-no wonder i had such a terrible headache, although I’m sure this annoying computer problem has not helped! )

Anyway… Ran both IE and FF in safe mode, still get the threat detected alarms. I manually went in to both FF and IE and also made sure that each add-on was disabled before opening them back up only to get the alarm. Both will open the yahoo homepage, but will send up and alarm when anything is typed into the search field. Neither browser likes the igoogle home page and will not even load it. Neither browser will do searches using any of the popular search engines ( google, yahoo, bing), but I can access webpages if typed CORRECTLY an COMPLETELY into the address bar, if that makes sense. Avast still send up the alarm, but will actually open a webpage when the address is typed into the address field.
Ex: If Ityped “avast” into the search field, I get an alarm, and a page not loaded message…
If I typed “forum.avast.com” in the address field, I get an alarm, but the page will load…

Sure that doesn’t help, but thought I’d tell you anyway…

Elizabeth

So it is Igoogle - what happens if you deselect Igoogle as your home page

Lets see where your dns sends you

Please download SINO by Artellos.
[*]Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
[*]Then please check the following checkboxes:

System Info Services Boot Check Tasklist Startup Items Event Log Ipconfig Ping Netstat Hosts file Shares Routing Table

[*]Once checked, hit the [b]Run Scan![/b] button and wait for the program to finish the scan. [*]A notepad window will pop up. Please copy all of the content into your next reply. Note: If you try to interact with the program once it’s started scanning it might appear to hang. The scan however will continue.

I am so sorry it had been a few days since I last responded. I actually spent Mother’s Day in the hospital bc of my blood pressure. Hopefully we have things worked out… with me, at least if not the computer.

So, you asked what happens when I deselect igoogle as the home page. Well. I get a simple Mozilla homepage with a big Google search bar in the middle. However, anything typed into that bar sends up a “Threat Detected” alarm. The yahoo home page will load, as well, but you can not “search” for anything without an alarm being sent up and the page being blocked from view. However, I can type a URL address into the address field, and if typed correctly I actually will get to the page, but I still get an alarm. See my last post for an example.
I am attaching the SINO file you requested.
Thanks for continuing to work with me on this!
Elizabeth

OK time for the really big boy, as all the network connections look to be good

When you generate the Analysis zip folder could you upload it to a file sharing site like Mediafire please and I will collect it from there. The forum does not allow attachment of zip files

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right

http://dl.dropbox.com/u/73555776/Kas%20front.JPG

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

http://dl.dropbox.com/u/73555776/Kas%20Scan%20area.JPG

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

http://dl.dropbox.com/u/73555776/kas%20manual.JPG

On completion click the link to locate the zip file to upload and attach to your next post

http://dl.dropbox.com/u/73555776/Kas%20Zip.JPG

OK here is the txt file, and I’ll have to figure out how to upload the zip, and I’ll get back with you once that’s done

Thanks,
Elizabeth

And here is a link to the zip in my Dropbox:
hXXps://www.dropbox.com/s/ps09untl8kky510/avptool_sysinfo.zip

I modified link to make it inactive. LMK if you have any trouble.
Elizabeth

Let me know if this kills it

[*]Re-run AVPTool
[*]Select the Manual Disinfection tab and press Script execution

http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/avpmanual.gif

[*]Where it states Insert text script in the following box copy the below script and press Run script
Copy from Begin until End

http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/avpscript.gif

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 QuarantineFile('30197298.sys','');
 DeleteService('30197298');
 StopService('30197298');
 QuarantineFile('89263039.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\30197298.sys','');
 DeleteFile('C:\WINDOWS\system32\DRIVERS\30197298.sys');
 BC_DeleteFile('C:\WINDOWS\system32\DRIVERS\30197298.sys');
 DeleteFile('89263039.sys');
 BC_DeleteFile('89263039.sys');
 BC_DeleteSvc('30197298');
 DeleteFile('30197298.sys');
 BC_DeleteFile('30197298.sys');
 DeleteFile('C:\Documents and Settings\david102\Local Settings\Temp\_uninst_40728990.bat');
 BC_DeleteFile('C:\Documents and Settings\david102\Local Settings\Temp\_uninst_40728990.bat');
 DeleteFile('C:\Documents and Settings\david102\Local Settings\Temp\_uninst_89263039.bat');
 BC_DeleteFile('C:\Documents and Settings\david102\Local Settings\Temp\_uninst_89263039.bat');
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

[]Your system will reboot on completion, if it does not please do so yourself
[]On completion please run another analysis scan and attach the zip file

hXXps://www.dropbox.com/s/ps09untl8kky510/avptool_sysinfo.zip

Thanks! It seems to have fixed the problem. I really do appreciate all your help!

Elizabeth

Well that was a new one for me and took some finding… But me and my tools can search most everywhere

I notice you still have a fair few Norton drivers on your system, it may be advisable to remove them unless you use Norton Ghost

How is it running now ?

Seems to be running fine, now. No more alarms. I uninstalled Norton prior to installing Avast, so I’m not sure why the drivers are still there.

Are there any suggestions I might get for preventing such an infection in the future?

Thanks, again, for all your hard work on this.

Elizabeth

I would recommend that you run the Norton removal tool to remove the last few bits : https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=us&docid=20080710133834EN&product=home&version=1&pvid=f-home

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix
[*]Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
[*]In the Run box, type in ComboFix /Uninstall
(Notice the space between the “x” and “/”)
then click OK

http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg

[]Follow the prompts on the screen
[]A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.

http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif
Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
[] Go to this site and click Do I have Java
[] It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe

??? Combofix won’t uninstall…
It’s right there on the desktop, but when I typed in the Combofix/Uninstall in the run box, it says Windows can not find the file name, blah blah, make sure you typed in the correct name, etc.

I’ve double checked my spelling three times XD . Is there anything else I might have done wrong?

Nevermind… I missed the space.

Sometimes, when all else fails, use copy and paste. ;D