Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ynlalra & bad links on yahoo/google


  • This topic is locked This topic is locked
6 replies to this topic

#1 jhasting

jhasting

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 14 January 2010 - 11:06 PM


DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 22:33:11.71 on Thu 01/14/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3710.2968 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HP_Administrator\My Documents\onsite tools\Superantispyware\SUPERANTISPYWARE.EXE
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\documents and settings\hp_administrator\my documents\onsite tools\superantispyware\SUPERANTISPYWARE.EXE
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [bxotroqr] c:\windows\system32\config\systemprofile\local settings\application data\mwxqhq\kyagsysguard.exe
dRun: [toeyffmu] c:\windows\system32\config\systemprofile\local settings\application data\kvhwhp\amhusysguard.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Filter: text/html - {a0565882-5c65-4753-9979-5b9b89a95615} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\documents and settings\hp_administrator\my documents\onsite tools\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\hp_administrator\my documents\onsite tools\superantispyware\SASDIFSV.SYS [2009-4-26 8944]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\hp_administrator\my documents\onsite tools\superantispyware\SASKUTIL.SYS [2009-4-26 55024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-26 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-26 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-26 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-26 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-26 35272]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-8-16 709248]
R3 SASENUM;SASENUM;c:\documents and settings\hp_administrator\my documents\onsite tools\superantispyware\SASENUM.SYS [2009-4-26 4096]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-4-27 17149]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-26 606736]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-26 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-26 40552]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\wpn111.sys --> c:\windows\system32\drivers\WPN111.sys [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-01-15 03:11:11 0 d-----w- c:\docume~1\hp_adm~1\applic~1\SUPERAntiSpyware.com
2010-01-15 03:11:11 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-15 02:55:35 0 d-----w- c:\program files\Enigma Software Group
2010-01-13 00:35:57 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 22:09:53 0 d-----w- c:\windows\kb
2010-01-04 04:01:43 767488 ----a-w- c:\windows\system32\drivers\ynlalra.sys
2010-01-04 04:01:30 1 ----a-w- C:\s
2009-12-20 23:12:37 0 d-----w- c:\docume~1\hp_adm~1\applic~1\HPQ
2009-12-18 03:01:55 664 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2010-01-13 01:12:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-13 01:12:59 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2005-12-03 02:22:16 32 --sha-w- c:\windows\sminst\HPCD.SYS

============= FINISH: 22:35:33.85 ===============



>>>>>Thanks in advance for any help

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:49 AM

Posted 20 January 2010 - 04:24 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 jhasting

jhasting
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 20 January 2010 - 09:05 PM

THanks, I ran the OTL, but it only produced the OTL.txt, I ran 3 times after re-booting, but did not get the extra.txt. OTL.txt is attached:


OTL logfile created on: 1/20/2010 8:57:21 PM - Run 3
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 458.50 Gb Total Space | 95.61 Gb Free Space | 20.85% Space Free | Partition Type: NTFS
Drive D: | 7.24 Gb Total Space | 0.42 Gb Free Space | 5.78% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 149.04 Gb Total Space | 51.24 Gb Free Space | 34.38% Space Free | Partition Type: NTFS

Computer Name: YOUR-55E5F9E3D2
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/20 20:40:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/01/14 22:34:53 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\HP_Administrator\My Documents\onsite tools\Superantispyware\SUPERANTISPYWARE.EXE
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/17 22:56:03 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/11 18:46:04 | 01,348,144 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2009/03/10 13:57:18 | 01,553,920 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/01/30 16:52:48 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/28 11:24:36 | 00,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2007/09/06 13:53:40 | 00,169,264 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2007/07/16 10:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2005/10/18 18:15:24 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2005/08/18 09:20:28 | 14,820,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/08/10 09:33:06 | 00,061,440 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/08/10 00:29:00 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/08/03 01:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/07/25 08:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/05/12 08:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005/05/10 19:50:42 | 00,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
PRC - [2005/02/26 00:34:02 | 00,245,760 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe


========== Modules (SafeList) ==========

MOD - [2010/01/20 20:40:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2009/03/10 13:56:51 | 00,198,144 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2005/10/18 18:15:19 | 00,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/30 16:52:48 | 00,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/09/28 11:24:36 | 00,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/07/16 10:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/08/10 00:29:00 | 00,380,928 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/07/25 08:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2004/10/22 12:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/07/15 10:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Driver Services (SafeList) ==========

DRV - [2010/01/14 22:34:53 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\HP_Administrator\My Documents\onsite tools\Superantispyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/01/14 22:34:53 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\HP_Administrator\My Documents\onsite tools\Superantispyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/08 20:06:44 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/08 20:06:37 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/16 11:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/04/27 18:43:33 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/03/12 09:27:20 | 00,709,248 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/12/12 17:05:20 | 00,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 17:05:18 | 00,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/16 10:57:12 | 00,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/05/03 12:37:08 | 00,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/01/31 12:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 14:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Running] -- C:\Documents and Settings\HP_Administrator\My Documents\onsite tools\Superantispyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/08/18 17:35:04 | 03,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/08/10 00:35:00 | 01,273,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/28 20:07:58 | 00,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/07/04 02:30:34 | 00,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 15:16:26 | 01,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/25 11:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/04/14 23:12:12 | 00,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/08 14:43:28 | 00,021,744 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/03/08 14:43:26 | 00,051,120 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/03/08 14:43:26 | 00,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/01/26 08:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/10/14 18:30:46 | 00,155,648 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/03 04:23:20 | 00,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/05 17:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/07/24 11:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1



IE - HKU\S-1-5-21-512975210-3504559120-73946892-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-21-512975210-3504559120-73946892-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-21-512975210-3504559120-73946892-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-512975210-3504559120-73946892-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-512975210-3504559120-73946892-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-512975210-3504559120-73946892-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
IE - HKU\S-1-5-21-512975210-3504559120-73946892-1008\S-1-5-21-512975210-3504559120-73946892-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/20 19:45:07 | 00,000,000 | ---D | M]


O1 HOSTS File: ([2010/01/14 21:55:55 | 00,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKU\S-1-5-21-512975210-3504559120-73946892-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-512975210-3504559120-73946892-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-512975210-3504559120-73946892-1008\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKU\.DEFAULT..\Run: [bxotroqr] C:\WINDOWS\System32\config\systemprofile\Local Settings\Application Data\mwxqhq\kyagsysguard.exe File not found
O4 - HKU\.DEFAULT..\Run: [toeyffmu] C:\WINDOWS\System32\config\systemprofile\Local Settings\Application Data\kvhwhp\amhusysguard.exe File not found
O4 - HKU\S-1-5-18..\Run: [bxotroqr] C:\WINDOWS\System32\config\systemprofile\Local Settings\Application Data\mwxqhq\kyagsysguard.exe File not found
O4 - HKU\S-1-5-18..\Run: [toeyffmu] C:\WINDOWS\System32\config\systemprofile\Local Settings\Application Data\kvhwhp\amhusysguard.exe File not found
O4 - HKU\S-1-5-21-512975210-3504559120-73946892-1008..\Run: [SUPERAntiSpyware] C:\Documents and Settings\HP_Administrator\My Documents\onsite tools\Superantispyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-512975210-3504559120-73946892-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Documents and Settings\HP_Administrator\My Documents\onsite tools\Superantispyware\SASWINLO.DLL - C:\Documents and Settings\HP_Administrator\My Documents\onsite tools\Superantispyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/18 18:10:58 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 20:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 12:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{100645b7-32d1-11de-9dbc-0013d4ca7017}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/20 20:40:15 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/01/15 19:40:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\141F2872D2F94A8995D3E222D1CBCC56.TMP
[2010/01/14 22:11:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
[2010/01/14 22:11:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/14 21:55:35 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/01/12 19:35:57 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/10 17:09:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\kb
[2010/01/09 22:22:27 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/09 22:22:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/09 22:22:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/09 14:47:42 | 00,000,000 | ---D | C] -- C:\rsit
[2009/12/28 13:13:47 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My DVDs
[2009/12/28 12:04:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\WMTools Downloaded Files
[2009/10/23 18:23:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/15 18:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/09/05 15:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/07/02 11:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/04/27 19:09:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\HP
[2005/10/18 17:11:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/10/18 17:11:39 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/10/18 17:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/05/12 08:36:48 | 00,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/20 21:00:50 | 00,767,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\ynlalra.sys
[2010/01/20 21:00:33 | 00,441,690 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/20 21:00:33 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/20 21:00:33 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/20 20:56:24 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/01/20 20:56:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/20 20:56:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/20 20:56:07 | 38,907,24864 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/20 20:54:58 | 00,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/01/20 20:52:51 | 00,014,353 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/20 20:47:27 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/01/20 20:47:27 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/01/20 20:42:52 | 00,000,175 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\h0wardtsternblog143 Hi-Pithch Mike Goes To Disney Land.url
[2010/01/20 20:40:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/01/20 20:39:06 | 00,000,315 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Search Results.url
[2010/01/19 21:51:30 | 00,001,774 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Default.rdp
[2010/01/19 20:06:00 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/19 19:25:20 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/16 21:39:01 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/14 23:06:47 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/12 19:48:20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/09 16:23:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/03 23:02:26 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/01/03 23:01:30 | 00,000,001 | ---- | M] () -- C:\s
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/20 20:42:52 | 00,000,175 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\h0wardtsternblog143 Hi-Pithch Mike Goes To Disney Land.url
[2010/01/14 23:06:28 | 00,000,315 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Search Results.url
[2010/01/03 23:01:43 | 00,767,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ynlalra.sys
[2010/01/03 23:01:30 | 00,000,001 | ---- | C] () -- C:\s
[2009/06/27 12:20:50 | 00,000,079 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/06/13 11:35:48 | 00,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/13 11:35:48 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/28 22:34:04 | 00,000,196 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2009/04/28 20:05:09 | 00,030,961 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/04/28 20:05:09 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/04/27 18:57:27 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/04/27 18:43:30 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/04/27 18:43:30 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/04/26 22:17:46 | 00,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2009/04/26 21:25:54 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/16 10:58:10 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 10:58:00 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/10/18 18:40:55 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/18 18:14:39 | 00,014,290 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/10/18 18:14:31 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/10/18 18:07:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/18 18:02:15 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/10/18 18:02:15 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/10/18 18:02:15 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/10/18 18:02:15 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/10/18 18:02:15 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/10/18 18:02:15 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/10/18 17:55:54 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/10/18 17:40:56 | 00,003,798 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/18 17:40:04 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/10/18 17:37:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/10/18 17:20:39 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/10/18 17:13:36 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/10/18 17:13:36 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/10/18 17:13:13 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/08/21 11:47:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 23:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 01:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/05/10 01:52:32 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/07/27 00:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/07 00:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:49 AM

Posted 20 January 2010 - 09:16 PM

Hi,

please run a scan with gmer as well:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 jhasting

jhasting
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 21 January 2010 - 10:16 AM

I ran GMER and I saw the ynlalra was detected and printed in red, but shortly after my PC powered down (virus detection & firewall were disabled, was not on internet and had no other programs running). The PC would no longer boot, I would start in and enter the debug screen and everything looked OK, but then it gave a blue screen when the boot continued. I just re-installed the OS, when I get malewarebytes back on the PC today, I'll check to see if ynlalra is still there and open another post. Thanks for your help, can you close this post?

What software do you recommend for anti-virus & anti-spyware? I've been using McAfee as the virus scanner & firewall and then MalewareBytes & super-anit-spyware to find what it misses. The OS is XP. Is there a better product?

Thanks again

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:49 AM

Posted 22 January 2010 - 11:11 AM

Hi,

I think it is a good move to add Malwarebytes and Superantispyware to complement your anti virus program.

A couple of further tips which may be of help areRead those last few lines, in order to keep your pc safe and clean:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti:

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:49 AM

Posted 29 January 2010 - 06:07 PM

Since the topic is resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users