Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.DNSChange, Trojan.Agent, Spyware.Online G


  • This topic is locked This topic is locked
14 replies to this topic

#1 robedwards11

robedwards11

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 10 August 2009 - 08:23 AM

Hi, I have XP and use Malwarebytes Anti-Malware, Super AntiSpyware and Avast Antivirus. My computers been slow for a while now and after updating the program, SEveral trojans came up in Malwarebytes but when I delete them, the computer goes impossibly slow, taking 10 mins to open a program etc. One of these files is called 'kswuyoo' and is in the ARPCache (Add/Remove program cache, not the other ARP cache). When I delete it the same thing happens. I have a HJT log but can't see anything suspiscious on it (I'm no expert though). Any help on this would be greatly appreciated. Below is DDS file:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Rob at 14:17:13.84 on 10/08/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.191.43 [GMT 1:00]

AV: avast! antivirus 4.8.1335 [VPS 090809-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rob\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Internet Explorer Provided By Sky Broadband
mSearch Page =
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: NOW!Imaging: {9aa2f14f-e956-44b8-8694-a5b615cdf341} - c:\program files\onspeed\components\NOWImaging.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [MCtrlA5-0.exe] c:\program files\pixalert\pixalert @home 2.0\MCtrlA5-0.exe
mRun: [PcEye] c:\program files\pceye2000\pceye.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
LSP: lsp32.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233852712296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-8-8 15172]
R0 viaide1;viaide1;c:\windows\system32\drivers\viaidexp.sys [2005-10-7 6144]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-22 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-6-22 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-6-22 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-6-22 352920]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-1-11 120472]
S3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [2009-1-6 8960]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-1-4 17152]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-08-10 13:27 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-10 12:32 <DIR> --d----- c:\program files\Realtek AC97
2009-08-10 12:28 <DIR> --d----- c:\docume~1\rob\applic~1\SUPERAntiSpyware.com
2009-08-10 12:28 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-10 12:28 <DIR> --d----- c:\program files\PlayAllDVD
2009-08-10 12:24 <DIR> --d----- c:\program files\REGSHAVE
2009-08-10 12:18 <DIR> --d----- c:\program files\Travian-Demo
2009-08-10 12:18 <DIR> --d----- c:\program files\TravianMultiplyEN
2009-08-10 01:26 <DIR> --d----- c:\program files\ARPCache
2009-08-09 19:51 <DIR> --d----- c:\program files\AML Products
2009-08-09 15:31 <DIR> --d----- c:\docume~1\rob\applic~1\SUPERAntiSpyware(3).com
2009-08-09 12:05 <DIR> --d----- c:\docume~1\rob\applic~1\SUPERAntiSpyware(2).com
2009-08-09 11:11 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-09 10:07 <DIR> --d----- C:\ab7e074a53d3e3c3e5aaf2b6
2009-08-09 10:06 <DIR> --d----- C:\8fad4e94ddc0c968fef37121775d950a
2009-08-08 18:44 <DIR> --d----- c:\program files\Realtek AC97(2)
2009-08-08 18:14 <DIR> --d----- c:\program files\RadarSyncPZ
2009-08-08 18:04 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-08-08 12:01 <DIR> --d----- c:\program files\CASIO
2009-08-08 12:01 15,172 a------- c:\windows\system32\drivers\PzWDM.sys
2009-08-07 01:30 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-08-07 01:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-08-07 01:28 <DIR> --d----- c:\docume~1\rob\applic~1\GetRightToGo

==================== Find3M ====================

2009-06-26 17:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 17:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2008-11-03 17:20 30 a------- c:\documents and settings\rob\jagex_runescape_preferences.dat
2008-08-27 22:18 2,048 a------- c:\program files\qvagbylg.txt
2006-12-20 10:48 10,833,920 a------- c:\program files\Moog Modular V 2 EFX.dll
2006-12-20 10:43 10,833,920 a------- c:\program files\Moog Modular V 2.dll
2008-04-28 00:45 6,792 a--sh--- c:\windows\system32\DcKQYJjl.ini2

============= FINISH: 14:18:29.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:59 AM

Posted 14 August 2009 - 11:39 AM

Hello robedwards11,

Please refrain from making any changes to your system] (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Please download Java Version 6 Update 15
  • Click the "Free Java Download" button.
  • Click "Free Java Download" again
  • Save the file jxpiinstall.exe to your desktop
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java™ 6 Update 13
    Java™ 6 Update 3
    Java™ 6 Update 5
    Java™ 6 Update 7

  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jxpiinstall.exe to install the newest version.
****************


I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection.

In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove one of these.
AVAST Antivirus or McAfee Antivirus

****************



Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

****************

Please post the last Malwarebytes log so I can see what it found.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire MBAM report in your next reply.

Edited by SifuMike, 14 August 2009 - 11:49 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 robedwards11

robedwards11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 14 August 2009 - 02:35 PM

Thanks for your reply. I've updated Java as you said but can't find mcafee on my computer, I wasn't aware I had it. When I searched for 'McAfee' it came up with a list of files in the temp folder and a reference to it in the Sky Broadband folder. I didn't delete any of the files as I wasn't sure what to do.

Security Check results:
Results of screen317's Security Check version 0.98.7
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Antivirus


avast! updated!
``````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 15
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe


``````````````````````````````
DNS Vulnerability Check:

GREAT! (Very random)

`````````End of Log```````````



MBAM Log:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

09/08/2009 13:14:06
mbam-log-2009-08-09 (13-14-06).txt

Scan type: Quick Scan
Objects scanned: 102183
Time elapsed: 12 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kswuyoo (Trojan.Agent.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Rob\Start Menu\Programs\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Rob\Start Menu\Programs\PlayAllDVD\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\PlayAllDVD\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Moog Modular V 2 EFX.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Moog Modular V 2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:59 AM

Posted 14 August 2009 - 03:06 PM

Hi robedwards11,

That must be a remenent of McAfee antivirus. It is very hard to remove completely.

Follow these directions to remove it completely.

How to uninstall supported McAfee consumer products using the McAfee Consumer Products Removal tool (MCPR.exe)

Summary: This document explains how to remove McAfee Consumer products using the McAfee Consumer Products Removal tool. This option should only be used as an alternative if you cannot remove your McAfee product through the normal Add/Remove Programs.

Affected Products:
McAfee Security Center
McAfee VirusScan
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SpamKiller
McAfee Wireless Network Security
McAfee SiteAdvisor
McAfee Data Backup
McAfee Network Manager
McAfee Easy Network
McAfee AntiSpyware
Affected Operating Systems:
Microsoft Windows 2000 Professional
Microsoft Windows XP Professional
Microsoft Windows XP Home
Microsoft Windows Vista

NOTE: This tool is not compatible with Microsoft Windows 98 or ME.

Description
Running the McAfee Consumer Product Removal tool (MCPR.exe) removes all 2005, 2006, and 2007 versions of McAfee consumer products.

Solution
Download and run the McAfee Removal tool
NOTE: Always be sure to uninstall your McAfee product through Add/Remove Programs, first. The following steps should only be taken if uninstalling through Add/Remove Programs has failed.

Download the removal tool from http://download.mcafee.com/products/licens...atches/MCPR.exe.
Click Save and save the file to any folder on the computer.
Navigate to the folder where the file is saved.
Make sure all McAfee application windows are closed.
Double-click MCPR.exe and the removal tool will start automatically.
Note: Windows Vista users must right-click and select Run as Administrator.
Once the removal tool is finished, you will be prompted to restart your computer. If you choose to restart later, your McAfee product will not be fully removed until you do.
Wait for the computer to restart.

All McAfee products are now removed from your computer.

*****************



We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your AVAST Antivirus before running ComboFix, as they will prevent it from running.

AVAST will cause BSOD unless you disable it like this:
Posted Image


Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Edited by SifuMike, 14 August 2009 - 03:07 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 robedwards11

robedwards11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 14 August 2009 - 05:38 PM

Hello again, thanks for your ongoing help. I've done both of those, here's the combofix log:

ComboFix 09-08-10.06 - Rob 14/08/2009 23:08.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.191.82 [GMT 1:00]
Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090814-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
c:\windows\Installer\148a339.msp
c:\windows\Installer\148a33a.msp
c:\windows\Installer\148a33b.msp
c:\windows\Installer\148a33c.msp
c:\windows\Installer\148a33d.msp
c:\windows\Installer\148a33e.msp
c:\windows\Installer\148a33f.msp
c:\windows\Installer\148a340.msp
c:\windows\Installer\148a341.msp
c:\windows\Installer\1503a33.msp
c:\windows\Installer\1503a34.msp
c:\windows\Installer\1503a35.msp
c:\windows\Installer\1503a36.msp
c:\windows\Installer\1503a37.msp
c:\windows\Installer\1503a38.msp
c:\windows\Installer\1503a39.msp
c:\windows\Installer\1503a3a.msp
c:\windows\Installer\1503a3b.msp
c:\windows\Installer\1503a3c.msp
c:\windows\Installer\152c17e.msp
c:\windows\Installer\152c188.msp
c:\windows\Installer\152c193.msp
c:\windows\Installer\18775b.msp
c:\windows\Installer\18775c.msp
c:\windows\Installer\18775d.msp
c:\windows\Installer\18775e.msp
c:\windows\Installer\18775f.msp
c:\windows\Installer\187760.msp
c:\windows\Installer\187761.msp
c:\windows\Installer\187762.msp
c:\windows\Installer\187763.msp
c:\windows\Installer\187764.msp
c:\windows\Installer\1c5e37.msp
c:\windows\Installer\1c5e41.msp
c:\windows\Installer\1c5e4c.msp
c:\windows\Installer\272daa.msp
c:\windows\Installer\272dab.msp
c:\windows\Installer\272dac.msp
c:\windows\Installer\272dad.msp
c:\windows\Installer\272dae.msp
c:\windows\Installer\272daf.msp
c:\windows\Installer\272db0.msp
c:\windows\Installer\272db1.msp
c:\windows\Installer\272db2.msp
c:\windows\Installer\272db3.msp
c:\windows\Installer\2dc974.msp
c:\windows\Installer\c11b1.msp
c:\windows\Installer\c11b2.msp
c:\windows\Installer\c11b3.msp
c:\windows\Installer\c11b4.msp
c:\windows\Installer\c11b5.msp
c:\windows\Installer\c11b6.msp
c:\windows\Installer\c11b7.msp
c:\windows\Installer\c11b8.msp
c:\windows\Installer\c11b9.msp
c:\windows\Installer\WinRMSrv.msi
c:\windows\system32\anwhtsdf.ini
c:\windows\system32\DcKQYJjl.ini2
c:\windows\system32\Drivers\zsbge.sys
c:\windows\system32\mftnnmab.ini
c:\windows\system32\xibfntmq.ini


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_msqpdxserv.sys
-------\Service_msqpdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-14 19:19 . 2009-08-14 19:19 152576 ----a-w- c:\documents and settings\Rob\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-12 20:18 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 20:10 . 2008-04-13 17:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-08-11 20:10 . 2008-04-13 17:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-10 13:38 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-10 13:38 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-10 13:38 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-10 13:38 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-10 13:38 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-10 13:38 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-10 13:38 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-10 13:38 . 2009-08-10 13:40 -------- d-----w- C:\3ffbd141ce7166cbf60cd672c0a53757
2009-08-10 12:27 . 2009-08-10 12:27 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-10 11:32 . 2009-08-10 11:32 -------- d-----w- c:\program files\Realtek AC97
2009-08-10 11:28 . 2009-08-10 11:28 -------- d-----w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware.com
2009-08-10 11:28 . 2009-08-10 11:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-10 11:28 . 2009-08-10 11:28 -------- d-----w- c:\program files\PlayAllDVD
2009-08-10 11:24 . 2009-08-10 11:25 -------- d-----w- c:\program files\FinePixViewer
2009-08-10 11:24 . 2009-08-10 11:24 -------- d-----w- c:\documents and settings\Rob\Application Data\InstallShield
2009-08-10 11:24 . 2009-08-10 11:24 -------- d-----w- c:\program files\REGSHAVE
2009-08-10 11:18 . 2009-08-10 11:18 -------- d-----w- c:\program files\Travian-Demo
2009-08-10 11:18 . 2009-08-10 11:18 -------- d-----w- c:\program files\TravianMultiplyEN
2009-08-10 00:26 . 2009-08-10 11:18 -------- d-----w- c:\program files\ARPCache
2009-08-09 18:51 . 2009-08-09 18:51 -------- d-----w- c:\program files\AML Products
2009-08-09 14:31 . 2009-08-10 11:28 -------- d-----w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware(3).com
2009-08-09 11:05 . 2009-08-10 11:28 -------- d-----w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware(2).com
2009-08-09 10:11 . 2009-08-10 13:41 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-09 10:10 . 2009-08-09 10:10 -------- d-----w- c:\program files\Reference Assemblies
2009-08-09 09:07 . 2009-08-10 11:30 -------- d-----w- C:\ab7e074a53d3e3c3e5aaf2b6
2009-08-09 09:06 . 2009-08-10 11:30 -------- d-----w- C:\8fad4e94ddc0c968fef37121775d950a
2009-08-08 17:44 . 2009-08-10 11:32 -------- d-----w- c:\program files\Realtek AC97(2)
2009-08-08 17:14 . 2009-08-08 17:14 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\RadarSync
2009-08-08 17:14 . 2009-08-08 17:14 -------- d-----w- c:\program files\RadarSyncPZ
2009-08-08 17:04 . 2009-08-08 17:04 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-08-08 11:01 . 2009-08-08 11:01 -------- d-----w- c:\program files\CASIO
2009-08-08 11:01 . 2009-08-08 11:01 15172 ----a-w- c:\windows\system32\drivers\PzWDM.sys
2009-08-07 00:33 . 2009-08-07 00:33 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\PC_Drivers_Headquarters
2009-08-07 00:30 . 2009-08-07 00:30 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-08-07 00:30 . 2009-08-07 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-08-07 00:29 . 2009-08-07 00:29 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\Downloaded Installations
2009-08-07 00:28 . 2009-08-07 00:29 -------- d-----w- c:\documents and settings\Rob\Application Data\GetRightToGo
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-02 00:38 . 2009-08-02 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-02 00:38 . 2009-08-02 01:09 -------- d-----w- c:\program files\NOS
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 21:24 . 2005-10-09 04:43 -------- d-----w- c:\program files\PCEye2000
2009-08-14 19:20 . 2008-12-26 15:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-14 19:06 . 2007-10-13 21:49 -------- d-----w- c:\program files\Java
2009-08-13 00:10 . 2007-07-25 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-12 14:28 . 2007-07-24 13:02 69232 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 20:13 . 2007-08-02 13:52 -------- d-----w- c:\documents and settings\Rob\Application Data\Propellerhead Software
2009-08-10 11:31 . 2007-07-25 19:09 -------- d-----w- c:\program files\Common Files\Real
2009-08-10 11:29 . 2008-08-27 10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 11:28 . 2009-02-01 22:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-10 11:25 . 2007-07-28 17:02 -------- d-----w- c:\documents and settings\Rob\Application Data\uTorrent
2009-08-10 11:24 . 2005-10-09 04:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-10 11:24 . 2009-06-05 13:06 -------- d-----w- c:\program files\Electronic Arts
2009-08-09 19:51 . 2009-06-05 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-08-09 19:49 . 2007-07-28 10:57 -------- d-----w- c:\program files\DivX
2009-08-09 19:49 . 2007-08-06 19:23 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-09 10:11 . 2007-07-25 22:06 -------- d-----w- c:\program files\MSBuild
2009-08-08 11:29 . 2009-03-03 13:53 -------- d-----w- c:\program files\HOTALBUMMyBOX
2009-08-05 09:01 . 2005-02-14 23:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 19:51 . 2008-10-29 15:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-17 19:01 . 2005-02-14 23:48 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2005-02-14 23:49 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 22:27 . 2008-03-15 20:48 -------- d-----w- c:\program files\Arturia Moog Modular V2.2
2009-07-13 20:59 . 2009-03-25 22:02 117760 ----a-w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-29 06:17 . 2007-07-24 13:02 -------- d-----w- c:\documents and settings\Rob\Application Data\CyberLink
2009-06-26 16:50 . 2005-02-15 06:49 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2005-02-14 23:48 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 21:57 . 2009-03-03 13:10 -------- d-----w- c:\program files\QuickTime
2009-06-16 14:36 . 2005-02-14 23:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-02-14 23:48 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2005-02-15 06:49 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2005-02-14 23:48 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2005-02-15 01:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2005-02-14 23:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 13:22 . 2009-06-05 13:22 10134 ----a-r- c:\documents and settings\Rob\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-05 10:42 . 2009-04-28 22:20 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 10:42 . 2008-10-02 10:04 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2005-02-14 23:48 1291264 ----a-w- c:\windows\system32\quartz.dll
2008-08-27 21:18 . 2008-08-27 21:18 2048 ----a-w- c:\program files\qvagbylg.txt
2006-12-20 09:48 . 2008-03-15 21:04 10833920 ----a-w- c:\program files\Moog Modular V 2 EFX.dll
2006-12-20 09:43 . 2008-03-15 21:04 10833920 ----a-w- c:\program files\Moog Modular V 2.dll
2007-10-23 22:49 . 2007-07-25 19:10 60526 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-10-23 22:49 . 2007-07-25 19:10 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-10-23 22:49 . 2007-07-25 19:10 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"MCtrlA5-0.exe"="c:\program files\PixAlert\PixAlert @Home 2.0\MCtrlA5-0.exe" [2005-08-24 155648]
"PcEye"="c:\program files\PCEye2000\pceye.exe" [2004-10-28 143360]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2004-11-06 1359967]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MediaChecker.lnk
backup=c:\windows\pss\MediaChecker.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [2008-07-29 8960]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2008-02-12 17152]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2009-08-08 15172]
S0 viaide1;viaide1;c:\windows\SYSTEM32\DRIVERS\VIAIDEXP.SYS [2001-10-18 6144]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-15 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-04-17 120472]

.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
LSP: lsp32.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\amyzyt1s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\amyzyt1s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\amyzyt1s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}\components\SDIIntegrator.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 23:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\lsp32.dll

- - - - - - - > 'explorer.exe'(3212)
c:\program files\PixAlert\PixAlert @Home 2.0\MCRHA5-0.dll
c:\program files\PixAlert\PixAlert @Home 2.0\Encrypt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-08-14 23:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-14 22:39

Pre-Run: 7,969,411,072 bytes free
Post-Run: 10,093,973,504 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINNT="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=2,3,4,5
368 --- E O F --- 2009-08-13 10:12

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:59 AM

Posted 14 August 2009 - 05:57 PM

Hi robedwards11,

Now lets look for stragglers. :thumbup2:

Please disable any running anti-virus program before running Kaspersky Online Scanner.
If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Close any open browsers

Please do a scan with Kaspersky Online Scanner

You can refer to this animation by sundavis.


Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
This scanner will only scan. It does not remove any malware it finds.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 robedwards11

robedwards11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 17 August 2009 - 03:01 PM

Hi,
sorry for the delay, I've been trying to get Kaspersky to run but it keeps freezing, I've tried leaving it on overnight etc but it always freezes at some point. The furthest its got is 75% and it had not detected anything. Is there anyting else I should do?

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:59 AM

Posted 17 August 2009 - 06:09 PM

Hi robedwards11,

Lets try an alternate online scanner. I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 robedwards11

robedwards11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 18 August 2009 - 05:16 AM

It worked! 4 threats found:


C:\Qoobox\Quarantine\C\WINDOWS\system32\anwhtsdf.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\DcKQYJjl.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\mftnnmab.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\xibfntmq.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:59 AM

Posted 18 August 2009 - 10:11 AM

Hi robedwards11,

Looks good. :thumbup2:

I think we have you clean.

How is your computer running?

We still need to do the program clean up step. :)
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 robedwards11

robedwards11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 18 August 2009 - 11:50 AM

Hello again,
It definitely seems to be running quicker on the whole, although not the internet. Could this be due to the fact I'm still using IE6? I know there's lots more up to date browsers, I've just never got round to changing as IE7 caused lots of problems a couple of years back when I tried it. But yeah it seems better thanks. So what else do I need to do?

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:59 AM

Posted 18 August 2009 - 01:26 PM

Hi robedwards11,

Old IE browsers are full of holes that malware exploit. You need to be running the latest IE browser, IE8.
You can download the latest version here
http://www.microsoft.com/windows/internet-...er/default.aspx

Also, make sure you have Windows updated to the latest version.


OK, time to do the program clean up.

Delete Security Check from your desktop.

Uninstall ComboFix, go to to Start > Run & type in ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete any of its related folders and files (Qoobox
VundoFix Backups, Avenger, _OTM3), reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Please read and follow

Simple and easy ways to keep your computer safe and secure on the Internet
as well
How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes

If you want to improve speed/system performance after malware removal, take a look here.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 robedwards11

robedwards11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 19 August 2009 - 04:08 PM

Thanks a lot for that, I've done most of the things. Just a question, what antivirus do you recommend? I have Avast, which seeems OK, though it slows things down. I'm going on holiday tomorrow so if I don't reply again, thanks for all your help!

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:59 AM

Posted 19 August 2009 - 04:55 PM

Hi robedwards11,

Your very welcome. I hope your computer continues to run smoothly :thumbup2:

Of the three free antiviruses (AVAST, AVG and Avira AntiVir), I would choose Avira AntiVir, as it is the lightest on memory.

Remember to only install ONE antivirus on your computer, as running two or more will greatly slow it and cause system problems.

Edited by SifuMike, 19 August 2009 - 04:56 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:59 AM

Posted 25 August 2009 - 10:35 PM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users