System Slow To Boot And Freezes Sometimes

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

System Slow To Boot And Freezes Sometimes, Not sure if I have an infection

Options

motormom View Member Profile	Aug 9 2008, 10:26 PM Post #1
New Member Group: Members Posts: 11 Joined: 9-August 08 Member No.: 228,719	Hi I'm new to this forum and I would appreciate any help you can give me. I have a lot of "stuff" that is running in the background that is slowing my computer and I suspect that there may be some spyware in there. First, I could not download the Deckard system scanner but I do have the latest verion of Hijackthis which I used to scan the computer and that Log is below. My operating system is MS Windows XP service pack 2 and I have 22 pages of stuff that is autorun. Let me know if there is other info you need to help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:02:01 PM, on 8/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Iomega\Iomega HotBurn Pro\Autolaunch.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Common Files\Sonic Shared\CineTray.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Mouse\Mouse Control\Panel.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file) O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega\Iomega HotBurn Pro\Autolaunch.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = Sonic Shared\CineTray.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Mouse Control Center.lnk = C:\Program Files\Mouse\Mouse Control\Panel.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175716320553 O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7926 bytes Thanks in advance for your help.

don77 View Member Profile	Aug 23 2008, 09:48 PM Post #2
Forum Regular Group: HJT Team Posts: 3,212 Joined: 12-July 04 From: Boston Mass Member No.: 1,374	Hello and welcome to BC We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. Thanks and again sorry for the delay. First Seeing its been a number of days since your original scanning with HJT could you please run HJT now and post a fresh HJT log back to this topic please. Next Start HijackThis Click on the Config button Click on the Misc Tools button Click on the Open Uninstall Manager button. You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please, Next Please do a scan with Kaspersky Online Scanner Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs.[list] The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. In recap please post back the requested info from above Fresh HJT log Uninstall List Log from the Kaspersky scan

motormom View Member Profile	Aug 27 2008, 11:17 AM Post #3
New Member Group: Members Posts: 11 Joined: 9-August 08 Member No.: 228,719	Thank you for your help. Below is the lists you requested. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:17:43 PM, on 8/26/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Iomega\Iomega HotBurn Pro\Autolaunch.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Common Files\Sonic Shared\CineTray.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\Mouse\Mouse Control\Panel.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file) O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega\Iomega HotBurn Pro\Autolaunch.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo 960 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S5.tmp" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = Sonic Shared\CineTray.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Mouse Control Center.lnk = C:\Program Files\Mouse\Mouse Control\Panel.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175716320553 O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8499 bytes Uninstall list 2Wire Wireless Client Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Acrobat Reader 3.02 Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit 2 Adobe Flash Player ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe PhotoDeluxe 2.0 Adobe Photoshop 7.0 Adobe Photoshop CS3 Adobe Photoshop CS3 Adobe Reader 8.1.2 Adobe Setup Adobe Setup Adobe Shockwave Player Adobe Stock Photos CS3 Adobe Type Manager 4.0 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Adobe® Photoshop® Album Starter Edition 3.0 AMD AGP Driver AnswerWorks 4.0 Runtime - English Apple Mobile Device Support Apple Software Update ArcSoft Software Suite Art Explosion Scrapbook Factory ArtRage 2 ATI Control Panel ATI Display Driver ATI DVD Decoder 2.2.0.0 ATI HYDRAVISION ATI Multimedia Center 8.5.0.0 Audit Support Center 1.0 Burger Shop (remove only) Clean My Registry v4.3 DAO EPSON EPIC EPSON Printer Software FoneSync HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) InterActual Player Iomega Automatic Backup Iomega DVD Wizard Iomega HotBurn Pro J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java™ 6 Update 2 Java™ 6 Update 7 Java™ SE Runtime Environment 6 Update 1 Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB928367) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft DirectX SDK (April 2006) Microsoft Encarta Encyclopedia Standard 2001 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2001 Microsoft National Language Support Downlevel APIs Microsoft Office Excel 2003 Microsoft Office PowerPoint Viewer 2003 Microsoft Office Publisher 2003 Microsoft Picture It! Publishing 2001 Microsoft Streets and Trips 2001 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Word 2000 SR-1 Microsoft Works 2001 Setup Launcher Microsoft Works 7.0 Microsoft Works Suite Add-in for Microsoft Word Mouse Control MSN Music Assistant Need For Speed III Netflix Movie Viewer Nikon View 6 NOD32 Antivirus System OpenOffice.org Installer 1.0 PDF Settings Plustek Scanner Installation PrimoPDF Publisher WordArt Compatibility Add-In QuickTime RealPlayer Rosetta Stone 2.1.4.1A Savings Bond Wizard SBC Yahoo! DSL Home Networking Installer Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) SereneScreen Marine Aquarium 2 Shockwave Sonic CinePlayer Sonic Express Labeler Sonic MyDVD Sonic Update Manager Spelling Dictionaries Support For Adobe Reader 8 Spybot - Search & Destroy 1.4 SpyHunter TurboTax Deluxe 2003 TurboTax Deluxe 2004 TurboTax Deluxe 2005 TurboTax Deluxe 2007 TurboTax Deluxe Deduction Maximizer 2006 TurboTax ItsDeductible 2005 TurboTax ItsDeductible 2006 Ulead DVD MovieFactory 5 TBYB Uniblue RegistryBooster 2 Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) URGE USB Scanner USDA-ARS SR20 for PalmOS ViewSonic Monitor Drivers Virtual Earth 3D (Beta) Wacom Tablet Driver WexTech AnswerWorks Windows Genuine Advantage v1.3.0254.0 Windows Imaging Component Windows Live OneCare safety scanner Windows Media Encoder 9 Series Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver WinZip KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, August 27, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, August 27, 2008 02:43:45 Records in database: 1149792 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Scan statistics Files scanned 139827 Threat name 0 Infected objects 0 Suspicious objects 0 Duration of the scan 02:53:20 No malware has been detected. The scan area is clean. The selected area was scanned. It was good to see that Kaspersky found no malware. I guess that it is a bunch of spyware slow my computer. Thanks again

Starbuck View Member Profile	Aug 28 2008, 02:00 PM Post #4
'r Brudiwr Group: HJT Team Posts: 2,595 Joined: 10-April 05 From: South Wales, UK Member No.: 16,608	Hi motormom There's nothing obviously bad going on here... ( but we will double check) just a bit of general cleaning, i think. Step 1 Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following if they exist: J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java™ 6 Update 2 Java™ SE Runtime Environment 6 Update 1 They are all old versions that should have been removed each time the latest version is installed. DO NOT remove Java™ 6 Update 7 Reboot the system when completed. Step 2 Run Hijackthis again, click scan, and Put a checkmark next to each of these items. O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file) O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - Optional These lines are not bad, but they are not necessary to run at startup. If you need them you can start them manually. Ticking the following lines may save you valuable resources. O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega\Iomega HotBurn Pro\Autolaunch.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" Then close all other windows, browsers etc--you should only see HijackThis on your Desktop--and click the Fix Checked button. Reboot your computer to complete the process. Step 3 * Clean your Cache and Cookies in IE: Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tab Click the "Delete Cookies" button Next to it, Click the "Delete Files" button When prompted, place a check in: "Delete all offline content", click OK * Clean your Cache and Cookies in Firefox (In case you also have Firefox installed): Go to Tools > Options. Click Privacy in the menu on the left side of the Options window. Click the Clear button located to the right of each option (History, Cookies, Cache). Click OK to close the Options window Alternatively, you can clear all information stored while browsing by clicking Clear All. A confirmation dialog box will be shown before clearing the information. * Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked. Press OK to remove them. Step 4 Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. In your next reply, please submit: MBAM scan result and a new Hjt log. Thanks. --------------------

motormom View Member Profile	Aug 29 2008, 11:09 AM Post #5
New Member Group: Members Posts: 11 Joined: 9-August 08 Member No.: 228,719	Thanks Starbuck! I followed your instructions and now here's the reports you requested: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:57:43 AM, on 8/29/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Common Files\Sonic Shared\CineTray.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mouse\Mouse Control\Panel.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo 960 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S5.tmp" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = Sonic Shared\CineTray.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Mouse Control Center.lnk = C:\Program Files\Mouse\Mouse Control\Panel.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175716320553 O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7748 bytes Malwarebytes' Anti-Malware 1.25 Database version: 1093 Windows 5.1.2600 Service Pack 3 3:58:59 PM 8/28/2008 mbam-log-08-28-2008 (15-58-59).txt Scan type: Quick Scan Objects scanned: 54187 Time elapsed: 7 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Wilda\Application Data\WinAntiSpyware 2006 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilda\Application Data\WinAntiSpyware 2006\Logs (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Wilda\Application Data\WinAntiSpyware 2006\Logs\update.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. Thanks

Starbuck View Member Profile	Aug 29 2008, 07:59 PM Post #6
'r Brudiwr Group: HJT Team Posts: 2,595 Joined: 10-April 05 From: South Wales, UK Member No.: 16,608	Hi motormom Let's just double check with another online scan.... as MBAM found a few things.... we can't be too careful Please run a BitDefender Online Scan Click I Agree to agree to the EULA. Allow the ActiveX control to install when prompted. Click Click here to scan to begin the scan. Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan. When the scan is finished, click on Click here to export the scan results. Save the report to your desktop so you can post it in your next reply. Note: You will need to use Internet Explorer for this scan. --------------------

motormom View Member Profile	Aug 30 2008, 12:37 PM Post #7
New Member Group: Members Posts: 11 Joined: 9-August 08 Member No.: 228,719	Hi Starbuck Wow this seems endless. Here's the BitDefender report. What next? BitDefender Online Scanner Scan report generated at: Sat, Aug 30, 2008 - 10:25:55 Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\; Statistics Time 01:03:02 Files 174377 Folders 10154 Boot Sectors 0 Archives 1041 Packed Files 18827 Results Identified Viruses 1 Infected Files 4 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 4 Engines Info Virus Definitions 1678595 Engine build AVCORE v1.7 (build 8314.19) (i386) (Aug 11 2008 17:31:32) Scan plugins 16 Archive plugins 43 Unpack plugins 7 E-mail plugins 6 System plugins 4 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;pp t;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;ch m;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>wise0041=>wise0008 Detected with: Adware.AWS.A C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>wise0041=>wise0008 Deleted C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>wise0041 Update failed C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>wise0041=>(Embedded EXE r)=>wise0008 Detected with: Adware.AWS.A C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>wise0041=>(Embedded EXE r)=>wise0008 Deleted C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>wise0041=>(Embedded EXE r) Update failed C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>wise0008 Detected with: Adware.AWS.A C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>wise0008 Deleted C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>(Embedded EXE r)=>wise0041 Update failed C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>(Embedded EXE r)=>wise0008 Detected with: Adware.AWS.A C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>(Embedded EXE r)=>wise0008 Deleted C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>(Embedded EXE r) Update failed I hope we can my computer cleaned soon,

Starbuck View Member Profile	Aug 30 2008, 02:14 PM Post #8
'r Brudiwr Group: HJT Team Posts: 2,595 Joined: 10-April 05 From: South Wales, UK Member No.: 16,608	Hi motormom Things are looking even better now. Can you post me one more Hjt log.... just so that i can double check it. Are you having any problems now? Thanks. --------------------

motormom View Member Profile	Sep 1 2008, 10:44 AM Post #9
New Member Group: Members Posts: 11 Joined: 9-August 08 Member No.: 228,719	Hi Starbuck Things are indeed looking better. My computer boots much faster now which is pretty good for her age. No freezes so far since the last scan. mbam said it found 1 virus which it did not remove. It was ID as 1678595 what ever that means. Here's the HJT log you asked for. Thank you, thank you for helping Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:29:23 AM, on 9/1/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Sonic Shared\CineTray.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Mouse\Mouse Control\Panel.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo 960 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S5.tmp" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = Sonic Shared\CineTray.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Mouse Control Center.lnk = C:\Program Files\Mouse\Mouse Control\Panel.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175716320553 O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7915 bytes

Starbuck View Member Profile	Sep 1 2008, 11:56 AM Post #10
'r Brudiwr Group: HJT Team Posts: 2,595 Joined: 10-April 05 From: South Wales, UK Member No.: 16,608	Hi motormom QUOTE mbam said it found 1 virus which it did not remove. Can you start MBAM again for me... when the main page comes up, click on the 'Logs' tab at the top and let me have the results of the last scan. They are date marked....just double click on the last scan result. It'll open in 'notepad' ... please copy and paste the result back to me. I just want to check and see what it couldn't remove. We don't want to leave anything to chance. Thanks. --------------------

motormom View Member Profile	Sep 1 2008, 08:10 PM Post #11
New Member Group: Members Posts: 11 Joined: 9-August 08 Member No.: 228,719	Sorry Starbuck, I get all these different programs mixed up. I meant that BitDefender did not remove the virus. here's Bitdefender's log that shows some updates that failed: Scanned File Status C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>wise0041=>wise0008 Detected with: Adware.AWS.A C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>wise0041=>wise0008 Deleted C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>wise0041 Update failed C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>wise0041=>(Embedded EXE r)=>wise0008 Detected with: Adware.AWS.A C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>wise0041=>(Embedded EXE r)=>wise0008 Deleted C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>wise0041=>(Embedded EXE r) Update failed C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>wise0008 Detected with: Adware.AWS.A C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>wise0008 Deleted C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>(Embedded EXE r)=>wise0041 Update failed C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>(Embedded EXE r)=>wise0008 Detected with: Adware.AWS.A C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>(Embedded EXE r)=>wise0008 Deleted C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe=>(Embedded EXE r)=>wise0041=>(Embedded EXE r) Update failed Also here is the last log from MBAM: Malwarebytes' Anti-Malware 1.25 Database version: 1093 Windows 5.1.2600 Service Pack 3 3:58:59 PM 8/28/2008 mbam-log-08-28-2008 (15-58-59).txt Scan type: Quick Scan Objects scanned: 54187 Time elapsed: 7 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Wilda\Application Data\WinAntiSpyware 2006 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Wilda\Application Data\WinAntiSpyware 2006\Logs (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Wilda\Application Data\WinAntiSpyware 2006\Logs\update.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. I guess that my deficiency in tech knowledge is showing. I glad there are folks like you to help us.

Starbuck View Member Profile	Sep 2 2008, 03:47 AM Post #12
'r Brudiwr Group: HJT Team Posts: 2,595 Joined: 10-April 05 From: South Wales, UK Member No.: 16,608	Hi motormom QUOTE I guess that my deficiency in tech knowledge is showing. You're doing fine.... we're nearly finished. Reports are looking good now. Just one little thing to check.... Let's make sure that the 'Install_AIM.exe' icon has gone. Please navigate to the following file/folder: (the one in bold) C:\Documents and Settings\Wilda\Desktop\unused icons\Install_AIM.exe If you are unsure how to do this: click on the 'Start' button... then 'My Computer' Click on the 'C' drive Click 'Documents and Settings' folder Click on 'Wilda' folder Click on 'Desktop' Click on 'Unused Icons' If 'Install_AIM.exe' is there... right click on it and then select 'delete' Is everything running ok now? This post has been edited by Starbuck: Sep 2 2008, 03:48 AM --------------------

motormom View Member Profile	Sep 2 2008, 11:19 AM Post #13
New Member Group: Members Posts: 11 Joined: 9-August 08 Member No.: 228,719	Hi Starbuck I followed your instructions and removed AIM installer icon to the recycle bin and it triggered a warning from Eset Nod 32 that it had " quarentined" c:\ recycled\ Dc2.exe????? But everything seems to be working OK otherwise. Thanks Starbuck, you've helped a lot. This post has been edited by motormom: Sep 2 2008, 11:20 AM

Starbuck View Member Profile	Sep 2 2008, 11:29 AM Post #14
'r Brudiwr Group: HJT Team Posts: 2,595 Joined: 10-April 05 From: South Wales, UK Member No.: 16,608	Hi motormom QUOTE it triggered a warning from Eset Nod 32 that it had " quarentined" c:\ recycled\ Dc2.exe????? That's good then. it's safe where it is now. Just a little finishing off now. Now you should Set a New Restore Point *to prevent possible reinfection* from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then go to Start > Run and type: Cleanmgr Click "OK". Select the drive for cleaning then click OK (usually 'C' drive) Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. I'd advise keeping the MBAM program. Update it and run it once a week and it'll help to keep you sorted. To find out how you may have been infected....read this topic: So how did i get infected? Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy. You should also scan your computer with this program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT** be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. --------------------

motormom View Member Profile	Sep 3 2008, 11:07 AM Post #15
New Member Group: Members Posts: 11 Joined: 9-August 08 Member No.: 228,719	Thank you Starbuck I have followed your instructions and now have my old computer performing in it's usual way. I will institute a schedule of updating these protective programs. I will be more vigilant in protecting my computer in the future. Thank you again from a grateful Motormom

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List \| Virus Removal Guides
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides Archive