I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies. Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use. Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together. Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
1. Starting with v 1.27.26 (This version no. will differ), CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option ORdownload the toolbar-free or Slim versions instead of the Standard Build. 2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 24 hours" 3. Then select the items you wish to clean up. In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.
In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
4. Click the "Run Cleaner" button. 5. A pop up box will appear advising this process will permanently delete files from your system. 6. Click "OK" and it will scan and clean your system. 7. Click "exit" when done.
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to ALLOW the changes.Instructions available HERE
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from HERE and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Step 3
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
Download Security Check by screen317 from HERE or HERE. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Memory Processes Infected: (No malicious items detected)
Memory Modules Infected: (No malicious items detected)
Registry Keys Infected: (No malicious items detected)
Registry Values Infected: (No malicious items detected)
Registry Data Items Infected: (No malicious items detected)
Folders Infected: (No malicious items detected)
Files Infected: (No malicious items detected)
ComboFix 10-07-15.01 - Peter Holmes 07/15/2010 22:12:37.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1648 [GMT -4:00] Running from: c:\documents and settings\Peter Holmes\Desktop\ComboFix.exe .
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) .
c:\documents and settings\Peter Holmes\GoToAssistDownloadHelper.exe c:\program files\\setup.exe c:\program files\autorun.inf c:\program files\Setup.exe c:\windows\Downloaded Program Files\ODCTOOLS c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab c:\windows\system32\Data c:\windows\system32\Thumbs.db
. ((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 ))))))))))))))))))))))))))))))) .
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=c:\windows\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet T Series Startup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP OfficeJet T Series Startup.lnk backup=c:\windows\pss\HP OfficeJet T Series Startup.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pagis Schedule Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pagis Schedule Monitor.lnk backup=c:\windows\pss\Pagis Schedule Monitor.lnkCommon Startup
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - A255CFBFE7494CDF06493AD0C329611F
Results of screen317's Security Check version 0.99.4 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Microsoft Security Essentials ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner Java(TM) 6 Update 21 Out of date Java installed! Adobe Flash Player Adobe Reader 9.3.3 ```````````````````````````````` Process Check: objlist.exe by Laurent ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning)
Run an online virus scan with Kaspersky from HERE. This scan is very thorough and may take several hours to run, please allow it to complete. 1. At the main page. Press on " Accept". After reading the contents. 2. At the next window Select Update. Allow the Database to update. Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run. 3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete. 4. Select Scan Report. 5. If any threats were found they will appear in the report 6. Select "Save error report as" Then in the file name just type in kaspersky Under "save as type" select text .txt Save it to your Desktop. Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.
I am having a problem with Kapersky. I attempted to "print screen" but I could not. I am reveiving a message while Kapersky is Updating . . .
"Update has failed The program could not be started. Please close the window of Kapersky Online Scanner 7.0 ans start the program again from the website of Kapersky Lab."
"Successful updating of Kapersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet Connection. Please make sure tht the Internet connection is established. [ERROR: Invalid file signature]"
I was able to get the log from Combofix:
ComboFix 10-07-15.03 - Peter Holmes 07/16/2010 9:20.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1614 [GMT -4:00] Running from: c:\documents and settings\Peter Holmes\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Peter Holmes\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} .
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) .
c:\program files\Viewpoint c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0306003B.dll c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0306003B.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0306003B.dll c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_Win.mtj c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll c:\program files\Viewpoint\Viewpoint Media Player\VMPUpdateCount.ini
. ((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 ))))))))))))))))))))))))))))))) .
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=c:\windows\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet T Series Startup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP OfficeJet T Series Startup.lnk backup=c:\windows\pss\HP OfficeJet T Series Startup.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pagis Schedule Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pagis Schedule Monitor.lnk backup=c:\windows\pss\Pagis Schedule Monitor.lnkCommon Startup
I guess 3rd time is a charm. After I sent that last message I attempted to download and upgrade Kapersky again and it appears to be working. It is scanning my computer now. Sorry - I didn't want you to spend time researching or responding to my last message if it was not necessary.
Attached is the report from the Kaspersky scan and my previous post today has the Combofix scan report.
Peter
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, July 16, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, July 16, 2010 11:23:07 Records in database: 4226369
Sorry these were sent seperately - I had trouble copying and pasting the Jotti file -
Peter
File alsetup.exe received on 2010.07.17 02:37:41 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/42 (0%) Loading server information... Your file is queued in position: 1. Estimated start time is between 46 and 66 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:
Filename: alsetup.exe Status: Scan finished. 0 out of 20 scanners reported malware. Scan taken on: Wed 20 May 2009 04:07:07 (CET) Permalink
-------------------------------------------------------------------------------- Additional info File size: 75462 bytes Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5: 5b212a1aed22d845a869c3e17d6f8413 SHA1: 34de90c15b00c9ebe6aa624a158151c0302a9084 Packer (Drweb): BINARYRES
Scanners 2009-05-19 Found nothing No result available 2009-05-19 Found nothing 2009-05-19 Found nothing 2009-05-19 Found nothing 2009-05-19 Found nothing 2009-05-19 Found nothing 2009-05-19 Found nothing 2009-05-20 Found nothing 2009-05-19 Found nothing 2009-05-19 Found nothing 2009-05-19 Found nothing 2009-05-20 Found nothing 2009-05-20 Found nothing 2009-05-20 Found nothing 2009-05-19 Found nothing 2009-05-19 Found nothing 2009-05-19 Found nothing 2009-05-20 Found nothing
It will be better if you open a new thread for your laptop, i`ll watch for it and assist again if you are ok with that. Mark your lead in with "as requested for kevinf80" or similar.
Please proceed as follows to clean up :-
Step 1
Remove Combofix now that we're done with it
Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will remove CF andall associate folders, also reset your system restore cache.
Step 2
Download OTC by OldTimer and save it to your Desktop.
Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Begining Cleanup Process". Please select Yes.
Restart your computer when prompted.It will also remove the OTC application.
Anything left on your Desktop can be safely removed by deleting.
Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.
Here are some tips to reduce the potential for malware infection in the future; I strongly recommend that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.
Make proper use of your antivirus and firewall
Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.
You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.
Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:
All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.
These browser add-ons will help to make your browser safer:
Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:
Available for Firefox and Internet Explorer.
Green to go, Yellow for caution, and Red to stop.
Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.
These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.
Please read this excellent article by Tony Klein So how did I get infected in the first place It reiterates some of the above advice and gives a lot of other top tips. Please keep Malwarebytes for occasional scans, remember to always update first. Keeping your hard drive De-fragmented will also go along way to keeping your system at optimum performance. The free version of Auslogic Disk Defrag available HERE will do the job nicely, that site also has an excellent tutorial. Also keep CCleaner for weekly runs to keep your system free of clutter.
Please reply and let me know if you have any other issues or are you happy for me to close out this thread.
I typically have McAfee on my computer but I uninstalled it prior to contacting you because I was unable to open and run a scan or update. I was going to reinstall it now - would you recommend McAfee or something else? I have a paid subscription till June 2011.
I also have Spybot, AdAware, Microsoft Security Essentials and a paid subscription of SpywareDoctor. Would you recommend I keep or remove any of these?
I will keep CCleaner and Security Check as advised and I do run Disk Clean up and Disk Defrag every few days.
I had firefox but had trouble with it so I went back to IE. I think it was locking up or wouldn't let me onto my schools websire or something. If I attempt to use it again should I keep IE on my computer or attempt to remove it?
As far as my laptop, I have finals for school next week so I will probably wait until after then to tackle that. This was a long process but I am very greatful for your assistance and patience. Is there anything I can do for you? I didn't know if Dell had a way for people to rate you or send a note of gratitude. Please let me know -
Your gratitude and thanks is reward enough for me. This is not my usual site, I only help occasionally when they are busy. My home site is SpywareHammer.
If your version of McAfee and SpywareDoctor is paid for then keep them. Uninstall AdAware and Spybot S&D. Just remember you cannot run two anti-virus programs together with realtime protection.
So if you do keep McAfee then Microsoft Security Essentials has to be removed.
Security for any setup is always a hot topic, every one has there own recommendation. Pesonally i`m using Kaspersky 2010 IS and I complement this with the paid for version of Malwarebytes, this setup works well and there is no conflict.
My OS is Windows 7 Professional and I have Windows Defender turned off. So for a paid for setup that is my recommendation, KIS and Malwarebytes paid for.
For a free setup I recommend Online Armour Firewall, Avast version 5 Home Edition and Malwarebytes Free, there is no realtime protection with MB free but it is an excellent tool for weekly scans.
Regarding Internet Explorer, yep keep it. Some programs need it for active X content. Kaspersky online scanner for one.
Firefox is a much safer browser and probably a lot faster too, i`d give it another go.
Since this issue appears to be resolved the topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you
kevinf80_1d0ac6
1.1K Posts
0
July 15th, 2010 16:00
Hi PHOLMES100
I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
Please proceed as follows :-
Step 1
Download and scan with CCleaner CCleaner
1. Starting with v 1.27.26 (This version no. will differ), CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 24 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
In the Applications Tab:
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.
Step 2
Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to ALLOW the changes. Instructions available HERE
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
On the Scanner tab:
Back at the main Scanner screen:
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Step 3
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
Combofix
Don`t forget Combofix must be saved to your desktop. <--Very important
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.
Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.
Examples of how to disable realtime protection available at the following link :-
Disable realtime protection
Step 4
Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
What i`d like in your reply :-
Kevin.
PHolmes100
11 Posts
0
July 15th, 2010 20:00
Kevin,
Thank you for responding in such a timely manner!
Ok, 4+ hours later I think I have everything you need . . .
Peter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4317
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/15/2010 9:24:49 PM
mbam-log-2010-07-15 (21-24-49).txt
Scan type: Quick scan
Objects scanned: 143477
Time elapsed: 8 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ComboFix 10-07-15.01 - Peter Holmes 07/15/2010 22:12:37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1648 [GMT -4:00]
Running from: c:\documents and settings\Peter Holmes\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Peter Holmes\GoToAssistDownloadHelper.exe
c:\program files\\setup.exe
c:\program files\autorun.inf
c:\program files\Setup.exe
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab
c:\windows\system32\Data
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.
2010-07-15 23:24 . 2010-07-15 23:24 -------- d-----w- c:\program files\CCleaner
2010-07-15 22:51 . 2010-07-15 22:51 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-15 22:39 . 2010-07-15 22:39 -------- d-----w- c:\documents and settings\Peter Holmes\Application Data\Malwarebytes
2010-07-15 22:38 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-15 22:38 . 2010-07-15 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-15 22:38 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-15 22:38 . 2010-07-15 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-15 20:30 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-15 20:30 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-15 12:01 . 2010-07-15 12:01 -------- d-----w- c:\program files\Trend Micro
2010-07-15 03:00 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-15 02:54 . 2010-07-15 02:55 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-15 02:51 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-06 16:48 . 2010-07-06 16:48 -------- d-----w- c:\documents and settings\Peter Holmes\Local Settings\Application Data\Threat Expert
2010-07-06 15:36 . 2010-06-08 02:16 763832 ----a-w- c:\windows\BDTSupport.dll
2010-07-06 15:36 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-06 15:36 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-07-06 15:36 . 2010-06-08 00:21 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-07-06 15:36 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-06 15:36 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-06 15:31 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-06 15:31 . 2010-07-06 15:51 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-06 15:31 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-06 15:31 . 2010-07-06 15:51 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-06 15:31 . 2010-07-06 22:33 -------- d-----w- c:\program files\Spyware Doctor
2010-07-06 15:31 . 2010-07-06 15:36 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-06 15:31 . 2010-07-06 15:31 -------- d-----w- c:\documents and settings\Peter Holmes\Application Data\PC Tools
2010-07-06 15:31 . 2010-07-06 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-06 15:31 . 2010-07-16 02:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-01 01:33 . 2010-07-01 01:38 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-28 19:17 . 2010-07-01 00:24 -------- d-----w- c:\windows\system32\NtmsData
2010-06-28 01:44 . 2010-07-15 17:21 -------- d-----w- c:\program files\McAfee Online Backup
2010-06-27 16:03 . 2010-06-27 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-06-27 15:50 . 2010-06-27 15:50 -------- d-----w- c:\program files\Citrix
2010-06-27 15:50 . 2010-06-27 15:50 -------- d-----w- c:\documents and settings\Peter Holmes\Local Settings\Application Data\Citrix
2010-06-27 14:50 . 2010-07-15 13:16 300384 ----a-w- c:\documents and settings\Peter Holmes\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-06-27 14:49 . 2010-06-27 14:49 -------- d-----w- c:\documents and settings\Peter Holmes\Application Data\McAfee
2010-06-22 12:29 . 2010-06-22 12:29 -------- d-----w- c:\windows\Crystal
2010-06-22 12:29 . 2010-06-22 12:29 -------- d-----w- c:\program files\Report Designer Component
2010-06-22 12:29 . 2010-06-22 12:29 -------- d-----w- c:\program files\Seagate Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 21:56 . 2008-06-10 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-15 21:56 . 2008-06-10 00:26 -------- d-----w- c:\program files\McAfee
2010-07-15 21:47 . 2007-07-12 23:25 -------- d-----w- c:\documents and settings\Peter Holmes\Application Data\U3
2010-07-15 21:31 . 2004-01-14 15:12 -------- d-----w- c:\program files\Java
2010-07-15 21:31 . 2004-01-14 15:12 -------- d-----w- c:\program files\Common Files\Java
2010-07-15 14:14 . 2004-02-20 23:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-07 12:58 . 2010-02-16 00:54 116624 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-07 03:16 . 2008-11-24 00:11 256 -c--a-w- c:\windows\system32\pool.bin
2010-07-06 22:28 . 2007-09-15 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO
2010-07-06 22:27 . 2005-09-17 15:21 -------- d-----w- c:\program files\Yahoo!
2010-07-06 22:11 . 2010-02-16 00:49 -------- d-----w- c:\program files\Print Workshop 2010
2010-07-06 22:07 . 2007-01-03 01:21 -------- d-----w- c:\program files\Google
2010-07-06 21:53 . 2005-09-30 01:58 -------- d-----w- c:\program files\Web Publish
2010-07-06 21:52 . 2004-01-14 15:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 21:48 . 2004-01-14 15:18 -------- d-----w- c:\program files\Dell
2010-07-06 21:45 . 2004-02-07 00:52 -------- d-----w- c:\program files\Lavasoft
2010-07-06 21:45 . 2008-01-09 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-06 00:51 . 2007-11-04 20:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-28 01:31 . 2004-08-24 02:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-28 01:31 . 2004-08-24 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-22 08:36 . 2010-05-04 12:31 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 14:31 . 2002-08-29 11:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-05-25 04:05 . 2010-05-25 04:05 503808 ----a-w- c:\documents and settings\Peter Holmes\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24b3fab7-n\msvcp71.dll
2010-05-25 04:05 . 2010-05-25 04:05 499712 ----a-w- c:\documents and settings\Peter Holmes\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24b3fab7-n\jmc.dll
2010-05-25 04:05 . 2010-05-25 04:05 348160 ----a-w- c:\documents and settings\Peter Holmes\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24b3fab7-n\msvcr71.dll
2010-05-25 04:05 . 2010-05-25 04:05 61440 ----a-w- c:\documents and settings\Peter Holmes\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4696d872-n\decora-sse.dll
2010-05-25 04:05 . 2010-05-25 04:05 12800 ----a-w- c:\documents and settings\Peter Holmes\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4696d872-n\decora-d3d.dll
2010-05-06 10:41 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2002-08-29 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2001-10-24 18:03 . 2001-10-24 18:03 81924 -c--a-w- c:\program files\US Readme.htm
2001-10-24 18:03 . 2001-10-24 18:03 81924 -c--a-w- c:\program files\readme.htm
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 20:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 20:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 20:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-27 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CleanSweep Smart Sweep-Internet Sweep.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CleanSweep Smart Sweep-Internet Sweep.lnk
backup=c:\windows\pss\CleanSweep Smart Sweep-Internet Sweep.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet T Series Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP OfficeJet T Series Startup.lnk
backup=c:\windows\pss\HP OfficeJet T Series Startup.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pagis Schedule Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pagis Schedule Monitor.lnk
backup=c:\windows\pss\Pagis Schedule Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2001 Delivery Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks 2001 Delivery Agent.lnk
backup=c:\windows\pss\QuickBooks 2001 Delivery Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Peter Holmes^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Peter Holmes\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-10-27 17:44 50528 ----a-w- c:\program files\AOL 9.1\aol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\acs\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04 114741 -c--a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 16:27 28672 -c--a-w- c:\windows\SYSTEM32\DSentry.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2006-10-30 16:01 392832 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1199844543\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2001-09-24 14:39 98304 -c--a-w- c:\program files\Common Files\Logitech\QCDriver\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-09-01 18:04 221184 -c--a-w- c:\windows\SYSTEM32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-09-19 21:34 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2006-01-17 17:03 53248 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 18:53 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-05 06:41 8523776 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-05 06:41 81920 -c--a-w- c:\windows\SYSTEM32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-05 06:41 1626112 -c--a-w- c:\windows\SYSTEM32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-12-04 17:34 406016 -c--a-w- c:\windows\SYSTEM32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-04-23 16:43 228088 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spontania Video Collaboration]
2007-10-18 11:03 905324 ----a-w- c:\program files\Spontania Video Collaboration\SpontaniaVideoCollaboration.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
2005-05-20 21:50 100056 -c--a-w- c:\progra~1\SYMNET~1\SNDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 -c----w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XeroxScannerDaemon]
2001-08-18 03:37 27648 -c--a-w- c:\program files\XEROX\NWWIA\XrxFTPLt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LVPrcSrv"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"NProtectService"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"gusvc"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"PCLEPCI"=2 (0x2)
"LVCOMSer"=2 (0x2)
"iPod Service"=3 (0x3)
"HP Port Resolver"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"0009061218522864mcinstcleanup"=2 (0x2)
"xmlprov"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WMDM PMSP Service"=2 (0x2)
"winmgmt"=2 (0x2)
"VSS"=3 (0x3)
"usnjsvc"=3 (0x3)
"TapiSrv"=2 (0x2)
"SNDSrvc"=3 (0x3)
"NVSvc"=2 (0x2)
"NetSvc"=3 (0x3)
"AOL ACS"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"MBackMonitor"=3 (0x3)
"Bonjour Service"=2 (0x2)
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"ICDSPTSV"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"MsMpSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\XEROX\\NWWIA\\XrxFTPLt.exe"=
"c:\\WINDOWS\\SYSTEM32\\spcauth.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\Hpqdirec.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Spontania Video Collaboration\\dialcomwcs.exe"=
"c:\\Program Files\\Spontania Video Collaboration\\SpontaniaVideoCollaboration.exe"=
"c:\\Program Files\\Common Files\\AOL\\1199844543\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9220:TCP"= 9220:TCP:HP
"9500:TCP"= 9500:TCP:HP
"9290:TCP"= 9290:TCP:HP
"161:UDP"= 161:UDP:HP
"427:UDP"= 427:UDP:HP
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [7/6/2010 11:31 AM 218592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/6/2010 11:36 AM 112592]
R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\SYSTEM32\DRIVERS\bender.sys [7/9/2003 2:35 PM 203264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 ICDUSB3;ICDUSB3;c:\windows\SYSTEM32\DRIVERS\ICDUSB3.sys [6/2/2009 10:52 AM 11264]
S3 RioS50;RioS50 driver;c:\windows\SYSTEM32\DRIVERS\RioS50.sys [2/8/2004 9:48 AM 12658]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/6/2010 11:31 AM 366840]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/8/2007 8:03 PM 24652]
.
Contents of the 'Scheduled Tasks' folder
2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
2010-06-21 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2002-08-29 00:12]
2010-07-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
Trusted Zone: highlands.edu\www
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: usg.edu\highlands.view
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-ccRegVfy - c:\program files\Common Files\Symantec Shared\ccRegVfy.exe
MSConfigStartUp-ControlCentreTray - c:\program files\Xerox\ControlCentre 2.0\XWCTray.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-InstantAccess - c:\progra~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\INSTAN~1.EXE
MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
MSConfigStartUp-LogitechCameraAssistant - c:\program files\Logitech\Video\CameraAssistant.exe
MSConfigStartUp-LogitechCameraService(E) - c:\windows\system32\ElkCtrl.exe
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-LogitechSoftwareUpdate - c:\program files\Logitech\Video\ManifestEngine.exe
MSConfigStartUp-LogitechVideo[inspector] - c:\program files\Logitech\Video\InstallHelper.exe
MSConfigStartUp-MediaFace Integration - c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-PCLEPCI - d:\progra~1\Pinnacle\PPE\ppe.exe
MSConfigStartUp-PCMService - c:\program files\Dell\Media Experience\PCMService.exe
MSConfigStartUp-PlaxoUpdate - c:\program files\Plaxo\2.12.1.1\PlaxoHelper.exe
MSConfigStartUp-QD FastAndSafe - c:\program files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe
MSConfigStartUp-RegisterDropHandler - c:\progra~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\REGIST~1.EXE
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_02\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-Adobe Acrobat 5.0 - c:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-15 22:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4234436266-845335878-553430548-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-07-15 22:22:32
ComboFix-quarantined-files.txt 2010-07-16 02:22
Pre-Run: 41,362,485,248 bytes free
Post-Run: 41,696,948,224 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - A255CFBFE7494CDF06493AD0C329611F
Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 21
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.3.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
kevinf80_1d0ac6
1.1K Posts
0
July 16th, 2010 03:00
Please continue as follows :-
Step 1
From Add/Remove Programs via your control panel locate and uninstall anything with the name Viewpoint in its title.
Step 2
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text inbetween the dotted lines below into it:
---------------------------------------------------------------------------------------------------------------------------------------------
KillAll::
Driver::
Viewpoint Manager Service
Folder::
c:\program files\Viewpoint
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
---------------------------------------------------------------------------------------------------------------------------------------------
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
How to Disable realtime protection this link is not exhaustive.
Step 3
Run an online virus scan with Kaspersky from HERE. This scan is very thorough and may take several hours to run, please allow it to complete.
1. At the main page. Press on " Accept". After reading the contents.
2. At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.
The following animation may help.
Kaspersky Gif
What i`d like in your reply :-
Kevin
PHolmes100
11 Posts
0
July 16th, 2010 09:00
Kevin,
I am having a problem with Kapersky. I attempted to "print screen" but I could not. I am reveiving a message while Kapersky is Updating . . .
"Update has failed The program could not be started. Please close the window of Kapersky Online Scanner 7.0 ans start the program again from the website of Kapersky Lab."
"Successful updating of Kapersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet Connection. Please make sure tht the Internet connection is established. [ERROR: Invalid file signature]"
I was able to get the log from Combofix:
ComboFix 10-07-15.03 - Peter Holmes 07/16/2010 9:20.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1614 [GMT -4:00]
Running from: c:\documents and settings\Peter Holmes\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Peter Holmes\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0306003B.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0306003B.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0306003B.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_Win.mtj
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\VMPUpdateCount.ini
.
((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.
2010-07-15 23:24 . 2010-07-15 23:24 -------- d-----w- c:\program files\CCleaner
2010-07-15 22:51 . 2010-07-15 22:51 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-15 22:39 . 2010-07-15 22:39 -------- d-----w- c:\documents and settings\Peter Holmes\Application Data\Malwarebytes
2010-07-15 22:38 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-15 22:38 . 2010-07-15 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-15 22:38 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-15 22:38 . 2010-07-15 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-15 20:30 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-15 20:30 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-15 12:01 . 2010-07-15 12:01 -------- d-----w- c:\program files\Trend Micro
2010-07-15 03:00 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-15 02:54 . 2010-07-15 02:55 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-15 02:51 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-06 16:48 . 2010-07-06 16:48 -------- d-----w- c:\documents and settings\Peter Holmes\Local Settings\Application Data\Threat Expert
2010-07-06 15:36 . 2010-06-08 02:16 763832 ----a-w- c:\windows\BDTSupport.dll
2010-07-06 15:36 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-06 15:36 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-07-06 15:36 . 2010-06-08 00:21 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-07-06 15:36 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-06 15:36 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-06 15:31 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-06 15:31 . 2010-07-06 15:51 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-06 15:31 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-06 15:31 . 2010-07-06 15:51 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-06 15:31 . 2010-07-06 22:33 -------- d-----w- c:\program files\Spyware Doctor
2010-07-06 15:31 . 2010-07-06 15:36 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-06 15:31 . 2010-07-06 15:31 -------- d-----w- c:\documents and settings\Peter Holmes\Application Data\PC Tools
2010-07-06 15:31 . 2010-07-06 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-06 15:31 . 2010-07-16 13:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-01 01:33 . 2010-07-01 01:38 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-28 19:17 . 2010-07-01 00:24 -------- d-----w- c:\windows\system32\NtmsData
2010-06-28 01:44 . 2010-07-15 17:21 -------- d-----w- c:\program files\McAfee Online Backup
2010-06-27 16:03 . 2010-06-27 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-06-27 15:50 . 2010-06-27 15:50 -------- d-----w- c:\program files\Citrix
2010-06-27 15:50 . 2010-06-27 15:50 -------- d-----w- c:\documents and settings\Peter Holmes\Local Settings\Application Data\Citrix
2010-06-27 14:49 . 2010-06-27 14:49 -------- d-----w- c:\documents and settings\Peter Holmes\Application Data\McAfee
2010-06-22 12:29 . 2010-06-22 12:29 -------- d-----w- c:\windows\Crystal
2010-06-22 12:29 . 2010-06-22 12:29 -------- d-----w- c:\program files\Report Designer Component
2010-06-22 12:29 . 2010-06-22 12:29 -------- d-----w- c:\program files\Seagate Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 13:09 . 2007-01-26 22:55 -------- d-----w- c:\documents and settings\Peter Holmes\Application Data\Viewpoint
2010-07-16 13:08 . 2004-01-16 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-07-15 21:56 . 2008-06-10 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-15 21:56 . 2008-06-10 00:26 -------- d-----w- c:\program files\McAfee
2010-07-15 21:47 . 2007-07-12 23:25 -------- d-----w- c:\documents and settings\Peter Holmes\Application Data\U3
2010-07-15 21:31 . 2004-01-14 15:12 -------- d-----w- c:\program files\Java
2010-07-15 21:31 . 2004-01-14 15:12 -------- d-----w- c:\program files\Common Files\Java
2010-07-15 14:14 . 2004-02-20 23:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-15 13:16 . 2010-06-27 14:50 300384 ----a-w- c:\documents and settings\Peter Holmes\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-07-07 12:58 . 2010-02-16 00:54 116624 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-07 03:16 . 2008-11-24 00:11 256 -c--a-w- c:\windows\system32\pool.bin
2010-07-06 22:28 . 2007-09-15 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO
2010-07-06 22:27 . 2005-09-17 15:21 -------- d-----w- c:\program files\Yahoo!
2010-07-06 22:11 . 2010-02-16 00:49 -------- d-----w- c:\program files\Print Workshop 2010
2010-07-06 22:07 . 2007-01-03 01:21 -------- d-----w- c:\program files\Google
2010-07-06 21:53 . 2005-09-30 01:58 -------- d-----w- c:\program files\Web Publish
2010-07-06 21:52 . 2004-01-14 15:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 21:48 . 2004-01-14 15:18 -------- d-----w- c:\program files\Dell
2010-07-06 21:45 . 2004-02-07 00:52 -------- d-----w- c:\program files\Lavasoft
2010-07-06 21:45 . 2008-01-09 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-06 00:51 . 2007-11-04 20:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-28 01:31 . 2004-08-24 02:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-28 01:31 . 2004-08-24 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-22 08:36 . 2010-05-04 12:31 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 14:31 . 2002-08-29 11:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-05-25 04:05 . 2010-05-25 04:05 503808 ----a-w- c:\documents and settings\Peter Holmes\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24b3fab7-n\msvcp71.dll
2010-05-25 04:05 . 2010-05-25 04:05 499712 ----a-w- c:\documents and settings\Peter Holmes\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24b3fab7-n\jmc.dll
2010-05-25 04:05 . 2010-05-25 04:05 348160 ----a-w- c:\documents and settings\Peter Holmes\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24b3fab7-n\msvcr71.dll
2010-05-25 04:05 . 2010-05-25 04:05 61440 ----a-w- c:\documents and settings\Peter Holmes\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4696d872-n\decora-sse.dll
2010-05-25 04:05 . 2010-05-25 04:05 12800 ----a-w- c:\documents and settings\Peter Holmes\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4696d872-n\decora-d3d.dll
2010-05-06 10:41 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2002-08-29 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2001-10-24 18:03 . 2001-10-24 18:03 81924 -c--a-w- c:\program files\US Readme.htm
2001-10-24 18:03 . 2001-10-24 18:03 81924 -c--a-w- c:\program files\readme.htm
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 20:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 20:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 20:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CleanSweep Smart Sweep-Internet Sweep.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CleanSweep Smart Sweep-Internet Sweep.lnk
backup=c:\windows\pss\CleanSweep Smart Sweep-Internet Sweep.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet T Series Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP OfficeJet T Series Startup.lnk
backup=c:\windows\pss\HP OfficeJet T Series Startup.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pagis Schedule Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pagis Schedule Monitor.lnk
backup=c:\windows\pss\Pagis Schedule Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2001 Delivery Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks 2001 Delivery Agent.lnk
backup=c:\windows\pss\QuickBooks 2001 Delivery Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Peter Holmes^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Peter Holmes\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-10-27 17:44 50528 ----a-w- c:\program files\AOL 9.1\aol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\acs\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04 114741 -c--a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 16:27 28672 -c--a-w- c:\windows\SYSTEM32\DSentry.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2006-10-30 16:01 392832 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1199844543\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2001-09-24 14:39 98304 -c--a-w- c:\program files\Common Files\Logitech\QCDriver\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-09-01 18:04 221184 -c--a-w- c:\windows\SYSTEM32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-09-19 21:34 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2006-01-17 17:03 53248 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 18:53 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-05 06:41 8523776 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-05 06:41 81920 -c--a-w- c:\windows\SYSTEM32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-05 06:41 1626112 -c--a-w- c:\windows\SYSTEM32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-12-04 17:34 406016 -c--a-w- c:\windows\SYSTEM32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-04-23 16:43 228088 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spontania Video Collaboration]
2007-10-18 11:03 905324 ----a-w- c:\program files\Spontania Video Collaboration\SpontaniaVideoCollaboration.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
2005-05-20 21:50 100056 -c--a-w- c:\progra~1\SYMNET~1\SNDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 -c----w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XeroxScannerDaemon]
2001-08-18 03:37 27648 -c--a-w- c:\program files\XEROX\NWWIA\XrxFTPLt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LVPrcSrv"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"NProtectService"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"gusvc"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"PCLEPCI"=2 (0x2)
"LVCOMSer"=2 (0x2)
"iPod Service"=3 (0x3)
"HP Port Resolver"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"0009061218522864mcinstcleanup"=2 (0x2)
"xmlprov"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WMDM PMSP Service"=2 (0x2)
"winmgmt"=2 (0x2)
"VSS"=3 (0x3)
"usnjsvc"=3 (0x3)
"TapiSrv"=2 (0x2)
"SNDSrvc"=3 (0x3)
"NVSvc"=2 (0x2)
"NetSvc"=3 (0x3)
"AOL ACS"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"MBackMonitor"=3 (0x3)
"Bonjour Service"=2 (0x2)
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"ICDSPTSV"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"MsMpSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\XEROX\\NWWIA\\XrxFTPLt.exe"=
"c:\\WINDOWS\\SYSTEM32\\spcauth.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\Hpqdirec.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Spontania Video Collaboration\\dialcomwcs.exe"=
"c:\\Program Files\\Spontania Video Collaboration\\SpontaniaVideoCollaboration.exe"=
"c:\\Program Files\\Common Files\\AOL\\1199844543\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9220:TCP"= 9220:TCP:HP
"9500:TCP"= 9500:TCP:HP
"9290:TCP"= 9290:TCP:HP
"161:UDP"= 161:UDP:HP
"427:UDP"= 427:UDP:HP
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [7/6/2010 11:31 AM 218592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/6/2010 11:36 AM 112592]
R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\SYSTEM32\DRIVERS\bender.sys [7/9/2003 2:35 PM 203264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 ICDUSB3;ICDUSB3;c:\windows\SYSTEM32\DRIVERS\ICDUSB3.sys [6/2/2009 10:52 AM 11264]
S3 RioS50;RioS50 driver;c:\windows\SYSTEM32\DRIVERS\RioS50.sys [2/8/2004 9:48 AM 12658]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/6/2010 11:31 AM 366840]
.
Contents of the 'Scheduled Tasks' folder
2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
2010-06-21 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2002-08-29 00:12]
2010-07-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
Trusted Zone: highlands.edu\www
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: usg.edu\highlands.view
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 09:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4234436266-845335878-553430548-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2296)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\UPnPUI.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\FakeAvRenderer.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\windows\system32\HPZipm12.exe
c:\windows\System32\vssvc.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\msdtc.exe
.
**************************************************************************
.
Completion time: 2010-07-16 09:43:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-16 13:43
ComboFix2.txt 2010-07-16 02:22
Pre-Run: 41,684,447,232 bytes free
Post-Run: 41,685,663,744 bytes free
- - End Of File - - A24DA40B4A21A82C6309C46646970685
PHolmes100
11 Posts
0
July 16th, 2010 10:00
Kevin,
I guess 3rd time is a charm. After I sent that last message I attempted to download and upgrade Kapersky again and it appears to be working. It is scanning my computer now. Sorry - I didn't want you to spend time researching or responding to my last message if it was not necessary.
Peter
PHolmes100
11 Posts
0
July 16th, 2010 15:00
Kevin,
Attached is the report from the Kaspersky scan and my previous post today has the Combofix scan report.
Peter
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, July 16, 2010 11:23:07
Records in database: 4226369
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Y:\
Z:\
kevinf80_1d0ac6
1.1K Posts
0
July 16th, 2010 17:00
I`m sure that file Kaspersky has flagged is OK, However lets get a second opinion as follows :-
We need to upload a file to Jotti
1. Click HERE to get to Jotti's site.
2. At the top of the Jotti window, use the Browse button to locate the following file on your system:
C:\Program Files\AOL\Installers\ASP 2.0\setup.exe
3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.
4. Please provide me with the results of the analysis.
Upload a File to Virustotal
Please visit Virustotal
In your reply let me see the logs from Jotti and VirusTotal, also how is your system responding, any specific issues.
Kevin.
PHolmes100
11 Posts
0
July 16th, 2010 20:00
Kevin,
Sorry these were sent seperately - I had trouble copying and pasting the Jotti file -
Peter
File alsetup.exe received on 2010.07.17 02:37:41 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/42 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 46 and 66 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.16 -
AhnLab-V3 2010.07.17.00 2010.07.16 -
AntiVir 8.2.4.12 2010.07.16 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.17 -
Avast 4.8.1351.0 2010.07.16 -
Avast5 5.0.332.0 2010.07.16 -
AVG 9.0.0.836 2010.07.16 -
BitDefender 7.2 2010.07.17 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.17 -
Comodo 5451 2010.07.16 -
DrWeb 5.0.2.03300 2010.07.17 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.17 -
F-Secure 9.0.15370.0 2010.07.16 -
Fortinet 4.1.143.0 2010.07.16 -
GData 21 2010.07.17 -
Ikarus T3.1.1.84.0 2010.07.16 -
Jiangmin 13.0.900 2010.07.16 -
Kaspersky 7.0.0.125 2010.07.17 -
McAfee 5.400.0.1158 2010.07.17 -
McAfee-GW-Edition 2010.1 2010.07.16 -
Microsoft 1.6004 2010.07.16 -
NOD32 5285 2010.07.16 -
Norman 6.05.11 2010.07.16 -
nProtect 2010-07-16.01 2010.07.16 -
Panda 10.0.2.7 2010.07.16 -
PCTools 7.0.3.5 2010.07.17 -
Prevx 3.0 2010.07.17 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.17 -
Sunbelt 6595 2010.07.17 -
SUPERAntiSpyware 4.40.0.1006 2010.07.17 -
Symantec 20101.1.1.7 2010.07.17 -
TheHacker 6.5.2.1.318 2010.07.16 -
TrendMicro 9.120.0.1004 2010.07.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.17 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.17 -
VirusBuster 5.0.27.0 2010.07.16 -
Additional information
File size: 75462 bytes
MD5...: 5b212a1aed22d845a869c3e17d6f8413
SHA1..: 34de90c15b00c9ebe6aa624a158151c0302a9084
SHA256: 2fe12c52c010ee99ba5ecc8de5f2518164e2ebf173a9a7bc8de965e8b3a09fb5
ssdeep: 1536:EvdZUQghlqMexWUcJbpEPG3Erd4bT12uikrNKTt3:uU5clkDJbpOBwIutrN
Kx
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3aea
timedatestamp.....: 0x42836681 (Thu May 12 14:21:53 2005)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x648a 0x6600 6.40 95a08a351a308601606d05c5e0caf3be
.rdata 0x8000 0x1c72 0x1e00 5.27 ad3480bbd2b89b35a1007f68da4f66ed
.data 0xa000 0x1c494 0x200 1.29 ac97ebca38d2d8318dca1994bee4b5de
.ndata 0x27000 0x9000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x30000 0x1000 0x800 3.54 85c9d543470bba1cbf6cc3501312a808
( 8 imports )
> COMCTL32.dll: -, ImageList_AddMasked, ImageList_Destroy, ImageList_Create
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
> KERNEL32.dll: FormatMessageA, GetLastError, GetModuleHandleA, SetErrorMode, GetExitCodeProcess, WaitForSingleObject, ExpandEnvironmentStringsA, GetEnvironmentVariableA, lstrcmpiA, CloseHandle, SetFileTime, GetFileAttributesA, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, lstrcatA, SetCurrentDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, LoadLibraryA, CreateDirectoryA, ExitProcess, GetCurrentProcess, CopyFileA, lstrcpynA, GetCommandLineA, GetWindowsDirectoryA, GetTempPathA, GetUserDefaultLangID, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, GlobalAlloc, CreateThread, CreateProcessA, GetTempFileNameA, lstrcpyA, lstrlenA, SetEndOfFile, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetSystemDirectoryA, RemoveDirectoryA, MulDiv, DeleteFileA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GlobalFree, GetPrivateProfileStringA, WriteFile, ReadFile, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, GetModuleFileNameA
> USER32.dll: PostQuitMessage, SetWindowTextA, SetTimer, DestroyWindow, CreateDialogParamA, ExitWindowsEx, CharNextA, GetSysColor, GetWindowLongA, LoadCursorA, SetCursor, CheckDlgButton, GetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcA, IsWindowVisible, LoadBitmapA, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuA, CreatePopupMenu, GetSystemMetrics, EndDialog, SetClassLongA, IsWindowEnabled, SetWindowPos, DialogBoxParamA, GetClassInfoA, CreateWindowExA, SystemParametersInfoA, RegisterClassA, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, wvsprintfA, SetForegroundWindow, ShowWindow, CharPrevA, wsprintfA, SendMessageTimeoutA, FindWindowExA, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, PeekMessageA, DispatchMessageA, InvalidateRect, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, SendMessageA
> GDI32.dll: GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SetBkColor, SelectObject
> ADVAPI32.dll: RegDeleteKeyA, RegEnumKeyA, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegCloseKey
> SHELL32.dll: ShellExecuteA, SHBrowseForFolderA, SHGetMalloc, SHGetSpecialFolderLocation, SHFileOperationA, SHGetPathFromIDListA
> ole32.dll: OleUninitialize, OleInitialize, CoCreateInstance
( 0 exports )
RDS...: NSRL Reference Data Set
-
trid..: Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
pdfid.: -
sigcheck:
publisher....: America Online, Inc.
copyright....: Copyright (c) 2005 - America Online, Inc. All Rights Reserved.
product......: AOL Loader
description..: AOL Loader
original name: n/a
internal name: n/a
file version.: 9.2.1.6
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): NSIS
PHolmes100
11 Posts
0
July 16th, 2010 20:00
Kevin,
System seems to be running fine. Now can we do my laptop? :-)
Peter
PHolmes100
11 Posts
0
July 16th, 2010 20:00
Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.
--------------------------------------------------------------------------------
Filename: alsetup.exe
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Wed 20 May 2009 04:07:07 (CET) Permalink
--------------------------------------------------------------------------------
Additional info
File size: 75462 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 5b212a1aed22d845a869c3e17d6f8413
SHA1: 34de90c15b00c9ebe6aa624a158151c0302a9084
Packer (Drweb): BINARYRES
Scanners
2009-05-19 Found nothing No result available
2009-05-19 Found nothing 2009-05-19 Found nothing
2009-05-19 Found nothing 2009-05-19 Found nothing
2009-05-19 Found nothing 2009-05-19 Found nothing
2009-05-20 Found nothing 2009-05-19 Found nothing
2009-05-19 Found nothing 2009-05-19 Found nothing
2009-05-20 Found nothing 2009-05-20 Found nothing
2009-05-20 Found nothing 2009-05-19 Found nothing
2009-05-19 Found nothing 2009-05-19 Found nothing
2009-05-20 Found nothing
kevinf80_1d0ac6
1.1K Posts
0
July 17th, 2010 01:00
Hi Peter,
It will be better if you open a new thread for your laptop, i`ll watch for it and assist again if you are ok with that. Mark your lead in with "as requested for kevinf80" or similar.
Please proceed as follows to clean up :-
Step 1
Remove Combofix now that we're done with it
This will remove CF andall associate folders, also reset your system restore cache.
Step 2
Anything left on your Desktop can be safely removed by deleting.
Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.
Here are some tips to reduce the potential for malware infection in the future; I strongly recommend that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.
Make proper use of your antivirus and firewall
Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.
You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.
Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:
Firefox,
Opera, and
Chrome.
All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.
These browser add-ons will help to make your browser safer:
Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:
Available for Firefox and Internet Explorer.
Green to go,
Yellow for caution, and
Red to stop.
Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.
These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.
Please read this excellent article by Tony Klein So how did I get infected in the first place It reiterates some of the above advice and gives a lot of other top tips.
Please keep Malwarebytes for occasional scans, remember to always update first. Keeping your hard drive De-fragmented will also go along way to keeping your system at optimum performance. The free version of Auslogic Disk Defrag available HERE will do the job nicely, that site also has an excellent tutorial. Also keep CCleaner for weekly runs to keep your system free of clutter.
Please reply and let me know if you have any other issues or are you happy for me to close out this thread.
Kevin
PHolmes100
11 Posts
0
July 17th, 2010 08:00
Kevin,
A few quick questions -
I typically have McAfee on my computer but I uninstalled it prior to contacting you because I was unable to open and run a scan or update. I was going to reinstall it now - would you recommend McAfee or something else? I have a paid subscription till June 2011.
I also have Spybot, AdAware, Microsoft Security Essentials and a paid subscription of SpywareDoctor. Would you recommend I keep or remove any of these?
I will keep CCleaner and Security Check as advised and I do run Disk Clean up and Disk Defrag every few days.
I had firefox but had trouble with it so I went back to IE. I think it was locking up or wouldn't let me onto my schools websire or something. If I attempt to use it again should I keep IE on my computer or attempt to remove it?
As far as my laptop, I have finals for school next week so I will probably wait until after then to tackle that. This was a long process but I am very greatful for your assistance and patience. Is there anything I can do for you? I didn't know if Dell had a way for people to rate you or send a note of gratitude. Please let me know -
Again, thanks so much Kevin!
Sincerely,
Peter
kevinf80_1d0ac6
1.1K Posts
0
July 17th, 2010 11:00
Your gratitude and thanks is reward enough for me. This is not my usual site, I only help occasionally when they are busy. My home site is SpywareHammer.
If your version of McAfee and SpywareDoctor is paid for then keep them. Uninstall AdAware and Spybot S&D. Just remember you cannot run two anti-virus programs together with realtime protection.
So if you do keep McAfee then Microsoft Security Essentials has to be removed.
Security for any setup is always a hot topic, every one has there own recommendation. Pesonally i`m using Kaspersky 2010 IS and I complement this with the paid for version of Malwarebytes, this setup works well and there is no conflict.
My OS is Windows 7 Professional and I have Windows Defender turned off. So for a paid for setup that is my recommendation, KIS and Malwarebytes paid for.
For a free setup I recommend Online Armour Firewall, Avast version 5 Home Edition and Malwarebytes Free, there is no realtime protection with MB free but it is an excellent tool for weekly scans.
Online Armour Free Firewall
Online Armour Tutorial
Avast Home Edition V.5
Avast four part tutorial
Also check out these following links for freebies and advice etc
Free security programs
Anti-Virus Programs Explained
Do`s and Don`ts of Security Programs
Regarding Internet Explorer, yep keep it. Some programs need it for active X content. Kaspersky online scanner for one.
Firefox is a much safer browser and probably a lot faster too, i`d give it another go.
Good luck with your finals,
Kevin
PHolmes100
11 Posts
0
July 17th, 2010 17:00
Thanks again Kevin -
If you need to close this post I am finished and satisfied.
Peter
kevinf80_1d0ac6
1.1K Posts
0
July 18th, 2010 00:00
Since this issue appears to be resolved the topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you