Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my xp computer takes about 3 minutes to boot up


  • This topic is locked This topic is locked
15 replies to this topic

#1 wwwjohn

wwwjohn

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 10 March 2010 - 12:21 AM

used Advanced Registry Optimizer & it said I had 1250 registry problems


I then used HijackThis & this is what I got when I scanned:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:17 AM, on 3/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

--
End of file - 2395 bytes


Is this normal for the computer to take about 3 minutes to boot up?

Thank You mellow.gif


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:49 PM

Posted 12 March 2010 - 07:47 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 wwwjohn

wwwjohn
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 18 March 2010 - 12:38 AM

tracking topic; hope it's not too late; Thank You mOle

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:49 PM

Posted 18 March 2010 - 03:52 PM

Nope, not too late.

3 minutes to boot looks much more like a bloated system than malware but we will run a series of scans and see if anything pops up.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Now a rootkit scan

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#5 wwwjohn

wwwjohn
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 19 March 2010 - 01:56 AM

I'm running Firefox as browser; when I click on the DDS.scr or the DDS.prc links, this is what I get:

MZ����������������@��������������������������������������� !L!This program cannot be run in DOS mode.

$�������PE��L�+I��������� 2�n���Z����������������@����������������������0����f�����������������������������������������������������������������������������������������������������������������������������������������������.code��������������PEC2FO������ ��.rsrc���� ��������������������� ����������������������������������������������������������$R�Pd5����d%����3PECompact2�VK ўoTN<N<T#=L34w
lTS`M6lՍ[NPHr_0)a ؾ,f)|Bţ3]ˣoKjvh-Pw4l4` \3nfwp"nseXcDgϨ|0 O�E��J\#2\bN\Mk(^EK]�m
<_@tHw,K{YwCdAEj]vWbڰ.ϓcF�(C&{;y U2)[)g*uŊ0ʫ䜁M呎s
PKڟ}Cb{/p=_IѶ_'�֐`VSJYgĹ|_KwD ;6ИoOGS̷c7K gB-6Xfv-pĝ]PmUu ;&ƲoY-00
+=C<% ...

I tried to disable my Javascript in my Firefox browser, but this did nothing. I apologize if I am working on your patience.

#6 wwwjohn

wwwjohn
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 19 March 2010 - 01:58 AM

I switched to the Internet Explorer browser; here's my # DDS.pif txt files

DDS.txt;

DDS (Ver_10-03-17.01) - NTFSx86
Run by Jay at 13:13:50.35 on Thu 03/18/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.169 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jay\Desktop\Temporary Internet Files\Content.IE5\CDAFG1YR\dds[2].pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
dRunOnce: [RunNarrator] Narrator.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jay\applic~1\mozilla\firefox\profiles\k0zqki0v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\jay\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\jay\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\jay\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\jay\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\progra~1\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\progra~1\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\progra~1\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-2 64288]
S3 kwkxusb;Kyocera Wireless USB CDMA Modem Driver;c:\windows\system32\drivers\kwusb2k.sys [2008-12-27 29952]
S4 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-3-3 1858144]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]

============== File Associations ===============

.scr=DWGTrueViewScriptFile

=============== Created Last 30 ================

2010-03-09 14:16:42 0 d-----w- c:\program files\Trend Micro
2010-03-08 14:03:03 0 d-----w- c:\program files\jv16 PowerTools 2007
2010-03-04 19:39:54 3072 -c--a-w- c:\windows\system32\dllcache\systray.exe
2010-03-04 19:39:54 3072 ----a-w- c:\windows\system32\systray.exe
2010-03-04 19:39:54 15360 ----a-w- c:\windows\system32\taskman.exe
2010-03-03 10:48:49 0 d-----w- c:\program files\a-squared Free
2010-03-02 16:45:42 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-02 16:18:17 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-02 16:18:09 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-02 16:16:10 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-01 12:36:23 0 d-----w- c:\program files\Auslogics
2010-03-01 12:11:11 0 d-----w- c:\program files\RamBooster 2.0

==================== Find3M ====================

2010-03-04 19:39:53 15360 ----a-w- c:\windows\taskman.exe
2010-02-09 10:58:07 8330 -c--a-w- c:\docume~1\jay\applic~1\wklnhst.dat
2010-01-07 15:23:27 4 ----a-w- c:\docume~1\jay\applic~1\avdrn.dat
2009-10-31 21:32:46 539 ----a-w- c:\program files\Shortcut to ComboFix.lnk
2009-10-25 02:30:30 1686272 ----a-w- c:\program files\MoveMediaPlayerWin_071503000010.exe
2009-10-17 01:42:40 1658 ----a-w- c:\program files\mobile PhoneTools.lnk
2009-09-28 06:42:59 21136104 ----a-w- c:\program files\DivXInstaller.exe
2009-09-28 06:35:34 329877 ----a-w- c:\program files\CamStudioCodec14.exe
2009-09-28 06:30:49 697 ----a-w- c:\program files\CamStudio.lnk
2009-09-28 06:30:12 1364995 ----a-w- c:\program files\CamStudio20.exe
2009-09-28 06:27:59 34510 ----a-w- c:\program files\CamStudioCodec14.zip
2009-09-10 06:50:35 1925024 ----a-w- c:\program files\install_flash_player.exe
2009-09-02 06:33:32 1765 ----a-w- c:\program files\DWG TrueView 2010.lnk
2009-09-02 06:28:08 1827 ----a-w- c:\program files\Autodesk Design Review.lnk
2009-09-02 06:03:11 287032 ----a-w- c:\program files\AutodeskDesignRevSetup.exe
2009-07-11 23:32:19 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-06-26 05:51:59 25740144 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2009-06-09 10:44:41 3967642 ----a-w- c:\program files\ffdshow_beta6_rev2527_20081219.exe
2009-06-09 10:25:25 82643 ----a-w- c:\program files\FLV_Extract.zip
2009-06-09 10:16:46 2214776 ----a-w- c:\program files\ffdshow-20041012-sse.exe
2009-06-09 09:28:58 1379946 ----a-w- c:\program files\VirtualDub-1.8.8.zip
2009-06-01 03:31:10 164 -c--a-w- c:\program files\flv2mp3.bat
2009-05-31 23:24:19 16742799 ----a-w- c:\program files\vlc-0.9.9-win32.exe
2009-05-31 22:38:56 64000 ----a-w- c:\program files\sndrec32.exe
2009-04-12 00:08:09 1878 -c--a-w- c:\program files\Skype.lnk
2009-04-12 00:05:05 20475688 ----a-w- c:\program files\SkypeSetupFull.exe
2009-03-07 02:53:23 16896 -csha-w- c:\program files\Thumbs.db
2009-02-13 22:18:48 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-02-11 01:52:29 3899392 ----a-w- c:\program files\mstudioZ.exe
2009-02-03 23:53:56 3825508 ----a-w- c:\program files\FileZilla_3.2.0-rc2_win32-setup.exe
2008-11-13 02:18:30 4865408 ----a-w- c:\program files\Silverlight.2.0.exe
2008-11-12 19:10:55 487600 ----a-w- c:\program files\GoogleVoiceAndVideoSetup.exe
2008-10-31 02:11:40 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2008-09-01 20:21:14 14966160 ----a-w- c:\program files\spybotsd160.exe
2008-08-31 19:16:17 48367896 ----a-w- c:\program files\avg_free_stf_en_8_138a1332.exe
2008-03-22 21:36:40 6194126 ----a-w- c:\program files\fprsetup.exe
2008-02-11 23:56:00 9723880 ----a-w- c:\program files\spybotsd152.exe
2008-02-03 23:10:11 4547272 ----a-w- c:\program files\ComMass.zip
2007-10-19 21:23:14 6021344 ----a-w- c:\program files\Firefox Setup 2.0.0.8.exe
2007-10-12 21:01:04 206584 ----a-w- c:\program files\zaSetup_en.exe
2007-09-20 21:32:21 1737968 ----a-w- c:\program files\Paint.NET.3.10.exe
2007-09-19 21:31:01 1844 -c--a-w- c:\program files\SmartFTP Client.lnk
2007-09-19 21:25:51 4534056 ----a-w- c:\program files\SFTPMSI.exe
2007-08-12 00:36:22 1578378 -c--a-w- c:\program files\diskdefrag_install.exe
2007-08-12 00:09:28 2720456 -c--a-w- c:\program files\ccsetup141.exe
2007-08-11 23:49:23 641881 -c--a-w- c:\program files\windirstat1_1_2_setup.exe
2007-08-11 23:21:10 567047 -c--a-w- c:\program files\Sequoia1_3Install.exe
2007-08-11 22:57:11 223368 -c--a-w- c:\program files\CrucialScan.exe
2007-08-11 03:12:10 2803440 -c--a-w- c:\program files\Shockwave_Installer_Slim.exe
2007-08-09 05:06:36 71 -c--a-w- c:\program files\msconfig.txt
2007-08-08 02:51:42 90 -c--a-w- c:\program files\regedit trick.txt
2007-07-07 00:09:51 317 -c--a-w- c:\program files\common problems of winsock installed on computer causing slow download speed.txt
2007-06-26 07:01:45 3192 -c--a-w- c:\program files\wtc.txt
2007-06-22 23:46:01 26814018 -c--a-w- c:\program files\SUPERsetup200722.exe
2007-06-22 01:39:43 20006472 -c--a-w- c:\program files\QuickTimeInstaller.exe
2007-06-20 04:34:14 2711372 -c--a-w- c:\program files\jv16pt_setup_hb.exe
2007-06-17 06:58:39 2556214 -c--a-w- c:\program files\klcodec320b.exe
2007-06-17 06:43:23 3655608 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-06-17 06:43:16 25990432 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2007-06-16 08:22:33 2585872 -c--a-w- c:\program files\WindowsInstaller-KB893803-v2-x86.exe
2007-06-16 08:21:11 59392 -c--a-w- c:\program files\windows installer 3.1 EULA.doc
2007-06-16 08:18:39 1486720 -c--a-w- c:\program files\GenuineCheck.exe
2007-06-16 08:17:43 883584 -c--a-w- c:\program files\WGAPluginInstall.exe
2007-06-16 08:07:45 9956884 -c--a-w- c:\program files\VeohSetup-3.2.1.1073.exe
2007-06-15 23:50:52 5611131 -c--a-w- c:\program files\ashampoo_movieshrinkburn211_se.exe
2007-06-02 04:08:56 2062665 -c--a-w- c:\program files\spywareguardsetup.exe
2007-06-01 22:16:04 2566736 -c--a-w- c:\program files\spywareblastersetup351.exe
2007-05-23 07:34:30 115282 -c--a-w- c:\program files\GEMB Late Payment Explanation.jpg
2007-05-16 09:57:53 654920 -c--a-w- c:\program files\mtinst.exe
2007-05-13 07:30:28 909104 -c--a-w- c:\program files\RegSupremePro_setup.exe
2007-05-13 06:58:24 131 -c--a-w- c:\program files\pc rescue.txt
2007-05-12 09:37:26 40 -c--a-w- c:\program files\xp medic info.txt
2007-05-12 09:33:58 1199857 ----a-w- c:\program files\XPMedic_Setup.zip
2007-05-07 21:59:01 2951 -c--a-w- c:\program files\winmail.dat
2007-04-24 20:02:08 416 -c--a-w- c:\program files\important running processes.txt
2007-04-20 01:57:31 21822168 -c--a-w- c:\program files\AdbeRdr80_en_US.exe
2007-04-20 01:30:15 15505200 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2007-04-11 04:07:59 181 -c--a-w- c:\program files\disable unused network card installed on my computer.txt
2007-04-10 02:22:43 3623 -c--a-w- c:\program files\executable files and associatedWithWhat.txt
2007-04-09 04:23:10 443 -c--a-w- c:\program files\McafeeSystemTrayTaskBarRemoval.txt
2007-04-07 07:22:25 1404 -c--a-w- c:\program files\executable files and associatedWithWhatWinME.txt
2007-04-06 00:57:42 758 -c--a-w- c:\program files\Canon MP460 User Registration.LNK
2007-04-06 00:43:40 774 -c--a-w- c:\program files\My Printer.lnk
2007-04-06 00:43:29 816 -c--a-w- c:\program files\Easy-PhotoPrint.lnk
2007-04-06 00:40:59 1701 -c--a-w- c:\program files\MP Navigator 3.0.lnk
2007-04-06 00:40:40 1869 -c--a-w- c:\program files\MP460 On-screen Manual.lnk
2007-04-06 00:19:51 46 -c--a-w- c:\program files\PIXMA MP460PrinterScannerSerialNumber.txt
2007-03-29 05:14:04 41431040 -c--a-w- c:\program files\F5D7001_1212.exe
2007-03-29 04:53:20 649216 -c--a-w- c:\program files\F5D7001-7011v13xx.exe
2007-03-29 04:37:28 24333824 -c--a-w- c:\program files\F5D7000_V3.exe
2007-03-28 06:21:14 104 -c--a-w- c:\program files\Belkin Wireless Card Info.txt
2007-03-27 20:29:52 159 -c--a-w- c:\program files\TRENDnet info.txt
2007-03-08 04:05:35 25755448 -c--a-w- c:\program files\wmp11-windowsxp-x86-enu(2).exe
2007-03-02 20:07:39 591400 -c--a-w- c:\program files\DMSetup-Serial.exe
2007-02-10 01:08:47 1735936 -c--a-w- c:\program files\foxitreader_setup.exe
2007-02-07 07:54:29 2855080 -c--a-w- c:\program files\aawsepersonal.exe
2007-02-07 05:08:45 5971432 -c--a-w- c:\program files\Firefox Setup 2.0.0.1.exe
2006-12-20 02:05:10 17207032 -c--a-w- c:\program files\avg75free_428a818.exe
2006-12-20 02:00:13 32923352 -c--a-w- c:\program files\avg75f_425a814.exe
2006-11-29 02:38:50 13111472 -c--a-w- c:\program files\sspsetup1_.exe
2007-05-13 07:31:46 5 -csha-w- c:\windows\system32\eeabe9_d.dll

============= FINISH: 13:14:32.82 ===============


&

Attach.txt;

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/22/2005 5:14:48 PM
System Uptime: 3/18/2010 1:07:12 PM (0 hours ago)

Motherboard: TOSHIBA | | Satellite L25
Processor: Intel® Celeron® M processor 1.40GHz | U23 | 1396/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 12.914 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E977-E325-11CE-BFC1-08002BE10318}
Description: Texas Instruments PCI-1510 CardBus Controller
Device ID: PCI\VEN_104C&DEV_AC56&SUBSYS_FF311179&REV_00\4&13826118&0&08A4
Manufacturer: Texas Instruments
Name: Texas Instruments PCI-1510 CardBus Controller
PNP Device ID: PCI\VEN_104C&DEV_AC56&SUBSYS_FF311179&REV_00\4&13826118&0&08A4
Service: pcmcia

Class GUID:
Description: PCI Modem
Device ID: PCI\VEN_1002&DEV_4378&SUBSYS_FF311179&REV_02\3&13C0B0C5&0&A6
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_1002&DEV_4378&SUBSYS_FF311179&REV_02\3&13C0B0C5&0&A6
Service:

==== System Restore Points ===================

RP1: 2/28/2010 12:51:16 PM - System Checkpoint
RP2: 3/2/2010 10:16:35 AM - System Checkpoint
RP3: 3/6/2010 6:56:21 AM - System Checkpoint
RP4: 3/7/2010 7:21:04 AM - System Checkpoint
RP5: 3/8/2010 5:17:47 AM - Advanced Registry Optimizer 2010 - Before Installation
RP6: 3/8/2010 5:19:13 AM - ADVANCED REGISTRY OPTIMIZER 2010- FIRST RUN
RP7: 3/8/2010 5:25:10 AM - Advanced Registry Optimizer 2010 Mon, Mar 08, 10 05:25
RP8: 3/9/2010 6:33:13 AM - Removed Ad-Aware Email Scanner for Outlook
RP9: 3/9/2010 10:42:16 AM - Removed Microsoft Office Standard Edition 2003
RP10: 3/9/2010 10:44:39 AM - Removed Microsoft Silverlight
RP11: 3/11/2010 3:37:58 AM - System Checkpoint
RP12: 3/12/2010 1:55:24 PM - System Checkpoint
RP13: 3/14/2010 7:36:48 AM - System Checkpoint
RP14: 3/15/2010 8:15:09 AM - System Checkpoint
RP15: 3/15/2010 10:39:40 AM - Paint.NET v3.5.4
RP16: 3/17/2010 11:12:09 AM - System Checkpoint

==== Installed Programs ======================

1500
1500_Help
1500Trb
a-squared Free 4.5
Acrobat.com
Ad-Aware
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player 11.5
AiO_Scan
AiOSoftware
Apple Software Update
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Auslogics Registry Cleaner
Autodesk Design Review 2010
C-Dilla Licence Management System
CamStudio
CamStudio Lossless Codec v1.4
Canon MP Navigator 3.0
Canon MP Navigator EX 1.0
Canon MP210 series
Canon MP210 series User Registration
Canon MP460
Canon MP460 User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
ConvertHelper 2.2
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
DivX Codec
DivX Web Player
DVD-RAM Driver
DWG TrueView 2010
ffdshow [rev 2527] [2008-12-19]
FileZilla Client 3.2.0-rc2
FLV Player
Foxit Reader
FUJIFILM USB Driver
GdiplusUpgrade
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Image Zone Express
HP PSC & OfficeJet 5.3.B
J2SE Runtime Environment 5.0 Update 11
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1
jv16 PowerTools 2007
Kyocera Wireless USB Driver
MFZ0 codec (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MicroStaff WINASPI
mobile PhoneTools
Move Media Player
Move Networks Player for Firefox
Mozilla Firefox (3.5.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NewCopy
Paint.NET v3.5.4
PIXMA Extended Survey Program
ProductContext
Quicken 2005
RamBooster
Readme
REALTEK Gigabit and Fast Ethernet NIC Driver
Scan
ScanSoft OmniPage SE 4.0
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
SequoiaView
Skype 4.0
SmartFTP Client
Sonic DLA
Sonic RecordNow!
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster v3.5.1
SpywareGuard v2.2
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
Toshiba Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Software Upgrades
Toshiba Tbiosdrv Driver
Toshiba Touchpad Utility
Toshiba Utility
TOSHIBA Zooming Utility
Ulead VideoStudio SE DVD
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Driver for Panasonic DVC
USB2.0 Capture Device
VC80CRTRedist - 8.0.50727.762
Veoh Player
Video DVD Maker v3.17.0.38
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.0
WebFldrs XP
WinDirStat 1.1.2
Windows Imaging Component
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

3/18/2010 12:52:13 PM, error: Service Control Manager [7031] - The a-squared Free Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
3/14/2010 7:14:06 AM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
3/14/2010 7:13:57 AM, error: Service Control Manager [7023] - The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: A device attached to the system is not functioning.
3/14/2010 7:12:24 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 00C09FD01B15 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
3/13/2010 8:08:42 AM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================


ger.log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-18 14:38:53
Windows 5.1.2600 Service Pack 3
Running: hsuvrfdj.exe; Driver: C:\DOCUME~1\Jay\LOCALS~1\Temp\pwliyfob.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF76A087E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF76A0BFE]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

Edited by wwwjohn, 19 March 2010 - 04:45 AM.


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:49 PM

Posted 19 March 2010 - 08:45 PM

So far, so good. smile.gif

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then run the online scan from ESET

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

Posted Image
m0le is a proud member of UNITE

#8 wwwjohn

wwwjohn
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 20 March 2010 - 02:43 AM

Malwarebytes' Anti-Malware 1.44
Database version: 3886
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/19/2010 11:09:31 AM
mbam-log-2010-03-19 (11-09-31).txt

Scan type: Quick Scan
Objects scanned: 119998
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jay\PRO-ver355.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\DelUS.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jay\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.


& from ESET

C:\Program Files\XPMedic_Setup.zip Win32/Adware.XPMedic application deleted - quarantined

I made a mistake & then ran a Full Scan with Malwarebytes'

Malwarebytes' Anti-Malware 1.44
Database version: 3886
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/20/2010 1:23:35 AM
mbam-log-2010-03-20 (01-23-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 180992
Time elapsed: 38 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\PySol-4.20\python\DLLs\msvcrt.dll (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{F6221601-BABC-4B69-922D-F7E899FB13E9}\RP17\A0003192.exe (Rogue.Installer) -> No action taken.

Edited by wwwjohn, 20 March 2010 - 03:36 AM.


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:49 PM

Posted 20 March 2010 - 08:26 AM

Sorry wwwjohn, can you run MBAM again but make sure that everything is checked, and click Remove Selected

Please post the log when it's done. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#10 wwwjohn

wwwjohn
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 20 March 2010 - 07:09 PM

I ran mbam again & tried to mke sure everything was checked. This is what I got:

Malwarebytes' Anti-Malware 1.44
Database version: 3888
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/20/2010 5:03:53 PM
mbam-log-2010-03-20 (17-03-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 182186
Time elapsed: 36 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:49 PM

Posted 20 March 2010 - 08:30 PM

It got picked up anyway by the look of it.

The PC is clean now and I suspect your boot is still the same. Is that right?
Posted Image
m0le is a proud member of UNITE

#12 wwwjohn

wwwjohn
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 21 March 2010 - 12:14 AM

what got picked up anyway? You are right dude, my PC boots at about the same speed

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:49 PM

Posted 21 March 2010 - 07:00 AM

QUOTE(wwwjohn @ Mar 21 2010, 05:14 AM) View Post
what got picked up anyway?


The scans have removed the installer and the packed files. There was also trace files where the main files have already been removed - perhaps with another tool or security program.



QUOTE(wwwjohn @ Mar 21 2010, 05:14 AM) View Post
You are right dude, my PC boots at about the same speed


Yes, the malware found doesn't really mesh with the boot speed problem.

I recommend that you read this tutorial on the site which explains what you can do to speed up your PC. The StartupLite program may be useful for slow booting.


As far as the PC goes it looks ready to go.

You're clean. Good stuff! thumbup2.gif

Let's do some clearing up

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it wwwjohn, happy surfing!

Cheers.

m0le

Posted Image
m0le is a proud member of UNITE

#14 wwwjohn

wwwjohn
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 21 March 2010 - 04:15 PM

Thank You mOle for taking the time with me to clean up my computer. I get bombarded with such a large amount of "possible" computer "cure" solutions I get totally confused at what is truth & what is bologna. smile.gif

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:49 PM

Posted 21 March 2010 - 04:28 PM

Well, I'm biased but Bleeping Computer is a great place to come for good advice.

Glad I could help thumbup2.gif
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users