TechSpot

Attn: Bobbye TR/DROP.TDss.way detected by Avira - part 2

By Buzz
Jan 21, 2011
  1. ref: http://www.techspot.com/vb/topic159399.html

    Hi Bobbye...

    Got my machine back. XP is working fine - the same like as before it froze, when I was watching You Tube on my 32" LCD TV monitor (as well as my computer 23" monitor).

    The Thai techo guy said (in his very limited english) the mother board packed it in ... said it could've been something to do with our up & down power supply that we get here on the island, and something shorted (although I do use a UPS - this last one only about 6 months old) ... anyway, he only charged me $65 for a new mother-board & installation !

    Got home and powered her up, but my monitor was blank ('no signal') ... mmmm ... then I thought to check if my desktop was showing up on my LCD TV - sure enough it was - so, it must of been the RBG cable dual adapter I have been using that 'shorted' - anyway, disconnected the adapter and just ran the standard single RGB cable to my monitor and was back, thank god/buddha !!!

    Want to run the 8 steps again - but just wondering if/how to delete combofix completely first ?

    ..................................................

    Did not have to reformat the C drive - all programs/data the same.
    (except i notice in program files, a few of the program folders have been modified - maybe updated by the Thai techo - as of Jan 21st (the day it was repaired)

    .................................................

    Also, I just naturally thought they would replace the motherboard with the same exact make and model (ISUS P4V8X-X), but I'm not sure if that's what I got or not - where do I check in XP ?

    cheers,
    Buzz
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Well that's good news! Sorry to had to pay, but if he did that right and you stop shorting the system out, You will be better for it!

    I don't know a thing about motherboards! Not my area. But I think it's spelled (ASUS P4V8X-X). But I did find this:http://www.ehow.com/how_4474358_find-motherboards-model-name.html
    See if that will tell you.
    ===========================================
    Let remove all of the program and start over:
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    If there are still any of the rootkit or other scan on the system, uninstall them and delete the logs.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
    ===========================================
    Since you are noticing some changes already, run new scans: We had you clean- it was just that youtube video that brought you down, right?

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    Hi Bobbye ...

    new motherboard feels great - yes, u r correct Asus not Isus ... I'll confirm the model type from that website you advised later on ... tks.

    Have created a new system restore point and deleted older ones ... when re-starting comp now i keep getting a "Windows File Protection" warning about some windows files have been chg'd etc... insert windows xp SP2 disc and ... but i have been ignoring it ...

    Yeah, we were pretty clean before the YouTube short out ... only think you'd found some Hotspot Shield rogue files ... I still don't mind to gid rid of the program completely - i thought it was used for protection on-line when checking my on-line banking etc... but, i'm not sure if it does that - hotspot seems to indicate a wi-fi hotspot shield which I don't need for my PC.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5573

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 7.0.5730.13

    23-Jan-11 3:58:17 AM
    mbam-log-2011-01-23 (03-58-17).txt

    Scan type: Quick scan
    Objects scanned: 150301
    Time elapsed: 3 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0



    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-23 04:04:39
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 WDC_WD3200AAJS-22B4A0 rev.01.03A01
    Running: plb4ffs0.exe; Driver: C:\DOCUME~1\Buzzzzz\LOCALS~1\Temp\kgpyikog.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    ---- EOF - GMER 1.0.15 ----



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 21-Jan-11 5:22:42 PM
    System Uptime: 23-Jan-11 3:46:18 AM (1 hours ago)

    Motherboard: ASRock | | G31M-S.
    Processor: Intel Pentium III Xeon processor | CPUSocket | 2493/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 250 GiB total, 160.253 GiB free.
    D: is FIXED (NTFS) - 48 GiB total, 32.442 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP3: 23-Jan-11 3:36:45 AM - Jan23rd2011new motherboard

    ==== Installed Programs ======================


    µTorrent
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    Adobe Shockwave Player 11
    Agere Systems PCI-SV92PP Soft Modem
    Altysoft Free Video Converter 2.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Applian FLV Player
    Avira AntiVir Personal - Free Antivirus
    Bonjour
    C-motech Connection Manager(CCU650)
    Canon MP Navigator EX 3.0
    Canon MP250 series MP Drivers
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CCleaner (remove only)
    ClearType Tuning Control Panel Applet
    CopyTrans Suite Remove Only
    Everything 1.2.1.371
    ffdshow [rev 735] [2007-01-02]
    Foxit PDF Editor
    Foxit Reader
    GoodSync
    Google Chrome
    Google Earth
    Google SketchUp 8
    Google SketchUp Pro 7
    Google Update Helper
    GoogleDesktop
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotspot Shield 1.56
    Image Resizer Powertoy for Windows XP
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    K-Lite Mega Codec Pack 4.1.6
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Money Plus
    Microsoft Money Shared Libraries
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MIKSOFT Mobile Media Converter
    MobileMe Control Panel
    Mozilla Firefox (3.6.13)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Drivers
    Picasa 3
    QuickTime
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Skype™ 4.0
    Smart Defrag
    Software Update for Web Folders
    SopCast 3.2.9
    Spybot - Search & Destroy
    SUPERAntiSpyware Free Edition
    Switch Sound File Converter
    Thai2English
    The KMPlayer (remove only)
    unikode for Thai
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC 9.0 Runtime
    Veetle TV 0.9.18
    WebFldrs XP
    Windows Media Player Firefox Plugin
    WinX DVD Author 5.5.8
    ZoneAlarm
    ZoneAlarm Toolbar

    ==== Event Viewer Messages From Past Week ========

    23-Jan-11 3:45:07 AM, error: Service Control Manager [7034] - The NMSAccessU service terminated unexpectedly. It has done this 1 time(s).
    23-Jan-11 3:45:07 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    23-Jan-11 3:45:07 AM, error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    23-Jan-11 3:45:07 AM, error: Service Control Manager [7031] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    23-Jan-11 3:45:07 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    23-Jan-11 3:22:16 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: General access denied error
    22-Jan-11 6:43:23 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0025228F65F7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    22-Jan-11 5:27:48 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    21-Jan-11 5:23:41 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
    21-Jan-11 5:19:27 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
    16-Jan-11 12:11:20 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    16-Jan-11 12:11:14 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0021853BFF19 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================



    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Buzzzzz at 4:09:06.98 on 23-Jan-11
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3318.2739 [GMT 7:00]

    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Firewall *Enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Buzzzzz\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = local;*.local
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\documents and settings\buzzzzz\application data\mozilla\firefox\profiles\jjg4pz97.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.78.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    uRun: [Google Update] "c:\documents and settings\buzzzzz\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\buzzzzz\applic~1\mozilla\firefox\profiles\jjg4pz97.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://start.bramjnet.com/vb/
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\buzzzzz\application data\mozilla\firefox\profiles\jjg4pz97.default\extensions\cfxhelper@triton\components\dwmxpcom.dll
    FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
    FF - plugin: c:\documents and settings\buzzzzz\application data\mozilla\firefox\profiles\jjg4pz97.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\buzzzzz\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\checkpoint\zaforcefield\TrustChecker
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    FF - Ext: AvantGarde Skylight: {d62e0de0-401b-11dd-ae16-0800200c9a66} - %profile%\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}
    FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
    FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com
    FF - Ext: AvantGarde Nightlife: {3fb63340-652a-11dd-ad8b-0800200c9a66} - %profile%\extensions\{3fb63340-652a-11dd-ad8b-0800200c9a66}
    FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: Chromifox Companion: cfxHelper@Triton - %profile%\extensions\cfxHelper@Triton
    FF - Ext: Chromifox Extreme: cfxe@Triton - %profile%\extensions\cfxe@Triton
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Virtus Search Opt-in: extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-16 11608]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-12-5 532224]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-16 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-16 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-16 61960]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-5-26 26352]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-5-26 493032]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [2009-2-9 58352]
    R3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [2009-2-9 8304]
    R3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [2009-2-9 93904]
    R3 cmo_serd;Data Modem @ CDMA Second DS Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [2009-2-9 73696]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-21 133104]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]

    =============== Created Last 30 ================

    2011-01-21 10:51:35 68096 ----a-w- c:\windows\agrsmdel.exe
    2011-01-21 10:51:35 1149888 ----a-w- c:\windows\system32\drivers\AGRSM.sys
    2011-01-21 10:45:54 73728 ----a-r- c:\windows\system32\RtNicProp32.dll
    2011-01-21 10:45:54 120064 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
    2011-01-21 10:45:06 34816 ----a-w- c:\windows\system32\RtkCoInstXP.dll
    2011-01-21 10:45:06 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
    2011-01-21 10:45:04 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
    2011-01-21 10:43:54 920088 ----a-r- c:\windows\system32\igxpun.exe
    2011-01-21 10:43:54 319456 ----a-r- c:\windows\system32\difxapi.dll
    2011-01-21 10:42:23 53248 ----a-r- c:\windows\system32\CSVer.dll
    2011-01-21 10:42:07 -------- d-----w- C:\Intel
    2011-01-21 10:21:59 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
    2011-01-21 10:20:58 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
    2011-01-21 10:17:24 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2011-01-21 10:17:24 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
    2011-01-21 10:16:46 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
    2011-01-21 10:16:46 32768 ----a-w- c:\program files\internet explorer\connection wizard\icwdl.dll
    2011-01-21 10:16:45 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
    2011-01-21 10:16:45 86016 ----a-w- c:\program files\internet explorer\connection wizard\icwconn2.exe
    2011-01-21 10:16:45 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
    2011-01-21 10:16:45 214528 ----a-w- c:\program files\internet explorer\connection wizard\icwconn1.exe
    2011-01-21 10:16:45 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
    2011-01-21 10:16:45 20480 ----a-w- c:\program files\internet explorer\connection wizard\inetwiz.exe
    2011-01-21 10:02:59 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-01-21 10:02:59 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-01-21 10:02:59 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2011-01-21 10:02:59 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-01-15 11:50:59 -------- d-sha-r- C:\cmdcons
    2011-01-15 08:12:33 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-01-15 08:12:33 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-15 08:12:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
    2011-01-15 08:12:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\avg9
    2011-01-15 08:12:06 -------- d-----w- c:\program files\Firefox
    2011-01-15 08:12:06 -------- d-----w- c:\docume~1\buzzzzz\locals~1\applic~1\AVG Security Toolbar
    2011-01-15 08:12:06 -------- d-----w- C:\$AVG
    2011-01-13 19:56:24 -------- d---a-w- C:\cmdcons(2)
    2011-01-08 10:48:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-08 10:48:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-08 10:48:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-25 20:26:38 -------- d-----w- c:\windows\system32\NtmsData

    ==================== Find3M ====================

    2010-11-12 11:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-12 09:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

    ============= FINISH: 4:10:01.89 ===============


    cheers and thanks again,
    Buzz

    PS: my 5 month old Min-Pin 1kg puppy is powering - even with another cast on her leg - 2 weeks for a check-up ...
     
  4. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    duplicate of post #3 - deleted
     
  5. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    Hi Bobbye ... any news ?
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    [​IMG]

    Sorry Buzz- I misplaced the thread! Hope the puppy is getting along.
    Please go ahead and run the following:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ===================================
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    Puppy can help if neded!
     
  7. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    Here you go Bobbye ...

    My 'pup' is almost there - check-up on Sunday ... getting big now ~ 2.2lbs last weigh-in !

    Thanks,
    Buzz

    Eset log:

    C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
    Operating memory a variant of Win32/HotSpotShield application


    Combo log:

    ComboFix 11-01-28.01 - Buzzzzz 29-Jan-11 2:55.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3318.2710 [GMT 7:00]
    Running from: c:\documents and settings\Buzzzzz\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-28 )))))))))))))))))))))))))))))))
    .

    2011-01-21 10:54 . 2004-08-04 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2011-01-21 10:51 . 2006-01-26 13:35 68096 ----a-w- c:\windows\agrsmdel.exe
    2011-01-21 10:51 . 2006-01-25 15:24 1149888 ----a-w- c:\windows\system32\drivers\AGRSM.sys
    2011-01-21 10:45 . 2009-01-22 08:25 120064 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
    2011-01-21 10:45 . 2009-01-16 14:45 73728 ----a-r- c:\windows\system32\RtNicProp32.dll
    2011-01-21 10:45 . 2008-10-27 10:12 34816 ----a-w- c:\windows\system32\RtkCoInstXP.dll
    2011-01-21 10:45 . 2006-01-04 07:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
    2011-01-21 10:45 . 2008-08-05 12:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
    2011-01-21 10:43 . 2008-09-16 06:01 920088 ----a-r- c:\windows\system32\igxpun.exe
    2011-01-21 10:43 . 2006-11-10 01:25 319456 ----a-r- c:\windows\system32\difxapi.dll
    2011-01-21 10:42 . 2011-01-21 10:42 -------- d-----w- c:\program files\Intel
    2011-01-21 10:42 . 2008-07-16 08:05 53248 ----a-r- c:\windows\system32\CSVer.dll
    2011-01-21 10:42 . 2011-01-21 10:42 -------- d-----w- C:\Intel
    2011-01-21 10:21 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
    2011-01-21 10:20 . 2004-08-04 12:00 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
    2011-01-21 10:17 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2011-01-21 10:17 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
    2011-01-21 10:16 . 2004-08-04 12:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
    2011-01-21 10:16 . 2004-08-04 12:00 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
    2011-01-21 10:16 . 2004-08-04 12:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
    2011-01-21 10:16 . 2004-08-04 12:00 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
    2011-01-21 10:16 . 2004-08-04 12:00 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
    2011-01-21 10:16 . 2004-08-04 12:00 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
    2011-01-21 10:16 . 2004-08-04 12:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
    2011-01-21 10:16 . 2004-08-04 12:00 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
    2011-01-21 10:02 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-01-21 10:02 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-01-21 10:02 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2011-01-21 10:02 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-01-15 08:12 . 2011-01-15 08:12 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-15 08:12 . 2011-01-15 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2011-01-15 08:12 . 2011-01-15 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2011-01-15 08:12 . 2011-01-15 08:12 -------- d-----w- c:\program files\Firefox
    2011-01-15 08:12 . 2011-01-15 08:12 -------- d-----w- c:\documents and settings\Buzzzzz\Local Settings\Application Data\AVG Security Toolbar
    2011-01-15 08:12 . 2011-01-15 08:12 -------- d-----w- C:\$AVG
    2011-01-08 10:48 . 2010-12-20 11:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-08 10:48 . 2011-01-08 10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-08 10:48 . 2010-12-20 11:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-24 06:15 . 2009-11-16 09:03 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-12-11 06:23 . 2009-11-16 07:50 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-11-12 11:53 . 2010-05-22 13:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-12 09:34 . 2009-03-11 08:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
    [-] 2008-04-09 . 0A874046BB7B547864811CFF0DD19724 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Buzzzzz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-24 8491008]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
    "RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 08:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 16:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-22 21:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-04-12 19:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    2001-08-23 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2005-04-07 07:40 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-11-10 17:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2010-12-20 11:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 04:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 09:07 2260480 ----a-w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    "PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "RTHDCPL"=RTHDCPL.EXE
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "Alcmtr"=ALCMTR.EXE
    "nwiz"=nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15-Sep-09 11:42 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15-Sep-09 11:42 AM 74480]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16-Nov-09 4:03 PM 135336]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [26-May-10 8:35 PM 26352]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [26-May-10 8:35 PM 493032]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21-Jul-09 11:48 PM 133104]
    S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [09-Feb-09 3:51 PM 58352]
    S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [09-Feb-09 3:51 PM 8304]
    S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [09-Feb-09 3:51 PM 93904]
    S3 cmo_serd;Data Modem @ CDMA Second DS Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [09-Feb-09 3:51 PM 73696]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04-Aug-04 7:00 PM 14336]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15-Sep-09 11:42 AM 7408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    vvdsvc REG_MULTI_SZ vvdsvc
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 16:48]

    2011-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 16:48]

    2011-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-507921405-725345543-1003Core.job
    - c:\documents and settings\Buzzzzz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-26 11:05]

    2011-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-507921405-725345543-1003UA.job
    - c:\documents and settings\Buzzzzz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-26 11:05]

    2010-10-26 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-08-23 14:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {5EA7F988-C77D-4E9F-BD95-4DFB4D060C32} = 203.113.7.130 8.8.8.8
    FF - ProfilePath - c:\documents and settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://start.bramjnet.com/vb/
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    FF - Ext: AvantGarde Skylight: {d62e0de0-401b-11dd-ae16-0800200c9a66} - %profile%\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}
    FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
    FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com
    FF - Ext: AvantGarde Nightlife: {3fb63340-652a-11dd-ad8b-0800200c9a66} - %profile%\extensions\{3fb63340-652a-11dd-ad8b-0800200c9a66}
    FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: Chromifox Companion: cfxHelper@Triton - %profile%\extensions\cfxHelper@Triton
    FF - Ext: Chromifox Extreme: cfxe@Triton - %profile%\extensions\cfxe@Triton
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Virtus Search Opt-in: extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-29 02:59
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1324)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'lsass.exe'(1380)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'explorer.exe'(4036)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    c:\windows\system32\wpdshserviceobj.dll
    c:\windows\system32\portabledevicetypes.dll
    c:\windows\system32\portabledeviceapi.dll
    .
    Completion time: 2011-01-29 03:01:47
    ComboFix-quarantined-files.txt 2011-01-28 20:01

    Pre-Run: 170,513,612,800 bytes free
    Post-Run: 170,477,793,280 bytes free

    Current=3 Default=3 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - 6EE271378F831D89C28976F8541AFDAA
     
  8. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    here is a couple of photo's of 'Roi'
     

    Attached Files:

  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    That is one cute puppy! The red rubber chew toy next to him almost looks larger than he is! How did he break his leg? And didn't you say is was 2nd time? Thanks for the pictures.

    Hey Buzz, I'll tell you something- I cannot get worried about Hotspot Shield when TechSpot offers it as a download! http://www.techspot.com/downloads/4924-hotspot-shield.html
    I don't see anything related to it being adware or other-openvpnas.exe is part of Hotspot Shield developed by AnchorFree Inc.>>>

    But I found the following which explains why the scanners are picking it up:
    This is Art from Hotspot Shield- marketing department in answer to a query about ads:
    More on this Security Site.

    I think that sounds reasonable enough. They are giving you a free connection and for it, you agree to view their ads. So we're not going to remove any of it and will ignore the Eset entry,
    =========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
    Code:
    File::
    Folder::
    c:\documents and settings\All Users\Application Data\avg9
    c:\documents and settings\Buzzzzz\Local Settings\Application Data\AVG Security Toolbar
    C:\$AVG
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Regarding Firefox extension Virtus Search:
    Ext: Virtus Search Opt-in: extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com
    The page on virtus designs admits to changing a default search engine to Ask.com but doesn't give a way to opt out. It was installed with an update, possibly for theme AeroFox and update dropped it without your permission and included the extension
    FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    Please read the discussion about what happened here: http://www.virtusdesigns.com/?p=659

    Regarding FF extensions Chromefox:
    FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com
    FF - Ext: Chromifox Companion: cfxHelper@Triton - %profile%\extensions\cfxHelper@Triton>>> CHROMIFOX COMPANION is now included with Chromifox Extreme themes.
    FF - Ext: Chromifox Extreme: cfxe@Triton - %profile%\extensions\cfxe@Triton
    http://forums.mozillazine.org/viewtopic.php?t=925605
    ===================================
    I don't see any sign of TDss. Are you having any malware related problems?
     
  10. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    I was just about going for a kitesurf session and a 'tourist' was holding her - I called for her and she wriggled out of the ladies hands and dropped onto 1 leg - she then re-broke another smaller bone in the same leg - after being in a cast for almost 5 weeks - was feeling too 'frisky' and while on a very short walk, took 'off' after her no.1 boyfriend, who she hadn't been allowed to see for about 2 weeks, she must have hit a pothole or something ! She is just looooovely ...

    No probs with HotSpot Shield then - I never see the ads anyway, as I use Adblock Plus in FF. It's nice just to connect when doing on-line banking or PayPal.
    Thanks heaps for all the info.

    Virtus Search & Chromefox extensions - I don't know anything about 'em - haven't had any probs as far as i know - should i need do anything ? (sorry, haven't had time to read the info URL's you provided)

    Windows and my PC running fine ... no malware probs as far as i know...

    Latest Combofix text file pasted below:

    Last time my PC caught the 'flu', Broni advised me to run WOT, which has been absolutely great - do you have any similar recommendations ? (yr favourite top 5, must have 'freeware' programs ?)
    I've got to do a Windows monthly up-date, and I want to get rid of heaps of duplicated files - back-up all data, and do a re-frag, as soon as you give me the all clear here.

    (Being on a thai tropical island - i miss a lot of Aussie and other sports on TV ... i download a lot of 'footy' games using uTorrent and I do lots of 'live' on-line sport streaming to watch various games. I know it can be dangerous, but any protection advice muchly appreciated)


    many thanks again, for your time and all the advice,
    Buzz & 'Roi'

    ComboFix 11-01-28.03 - Buzzzzz 29-Jan-11 18:51:36.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3318.2721 [GMT 7:00]
    Running from: c:\documents and settings\Buzzzzz\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Buzzzzz\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\$AVG
    c:\documents and settings\All Users\Application Data\avg9
    c:\documents and settings\All Users\Application Data\avg9\Cfg\changecfgreg.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\erd.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\krnl.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\mail.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\malrep.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\scan.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\sched.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\update.cfg
    c:\documents and settings\All Users\Application Data\avg9\Cfg\user.cfg
    c:\documents and settings\All Users\Application Data\avg9\CfgAll\changecfgreg.cfg
    c:\documents and settings\All Users\Application Data\avg9\CfgAll\falsealarm.cfg
    c:\documents and settings\All Users\Application Data\avg9\CfgAll\krnlall.cfg
    c:\documents and settings\All Users\Application Data\avg9\CfgAll\updateall.cfg
    c:\documents and settings\All Users\Application Data\avg9\CfgAll\userall.cfg
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
    c:\documents and settings\Buzzzzz\Local Settings\Application Data\AVG Security Toolbar

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
    .

    2011-01-21 10:54 . 2004-08-04 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2011-01-21 10:51 . 2006-01-26 13:35 68096 ----a-w- c:\windows\agrsmdel.exe
    2011-01-21 10:51 . 2006-01-25 15:24 1149888 ----a-w- c:\windows\system32\drivers\AGRSM.sys
    2011-01-21 10:45 . 2009-01-22 08:25 120064 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
    2011-01-21 10:45 . 2009-01-16 14:45 73728 ----a-r- c:\windows\system32\RtNicProp32.dll
    2011-01-21 10:45 . 2008-10-27 10:12 34816 ----a-w- c:\windows\system32\RtkCoInstXP.dll
    2011-01-21 10:45 . 2006-01-04 07:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
    2011-01-21 10:45 . 2008-08-05 12:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
    2011-01-21 10:43 . 2008-09-16 06:01 920088 ----a-r- c:\windows\system32\igxpun.exe
    2011-01-21 10:43 . 2006-11-10 01:25 319456 ----a-r- c:\windows\system32\difxapi.dll
    2011-01-21 10:42 . 2011-01-21 10:42 -------- d-----w- c:\program files\Intel
    2011-01-21 10:42 . 2008-07-16 08:05 53248 ----a-r- c:\windows\system32\CSVer.dll
    2011-01-21 10:42 . 2011-01-21 10:42 -------- d-----w- C:\Intel
    2011-01-21 10:21 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
    2011-01-21 10:20 . 2004-08-04 12:00 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
    2011-01-21 10:17 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2011-01-21 10:17 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
    2011-01-21 10:16 . 2004-08-04 12:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
    2011-01-21 10:16 . 2004-08-04 12:00 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
    2011-01-21 10:16 . 2004-08-04 12:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
    2011-01-21 10:16 . 2004-08-04 12:00 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
    2011-01-21 10:16 . 2004-08-04 12:00 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
    2011-01-21 10:16 . 2004-08-04 12:00 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
    2011-01-21 10:16 . 2004-08-04 12:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
    2011-01-21 10:16 . 2004-08-04 12:00 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
    2011-01-21 10:02 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-01-21 10:02 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-01-21 10:02 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2011-01-21 10:02 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-01-15 08:12 . 2011-01-15 08:12 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-15 08:12 . 2011-01-15 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2011-01-15 08:12 . 2011-01-15 08:12 -------- d-----w- c:\program files\Firefox
    2011-01-08 10:48 . 2010-12-20 11:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-08 10:48 . 2011-01-08 10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-08 10:48 . 2010-12-20 11:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-24 06:15 . 2009-11-16 09:03 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-12-11 06:23 . 2009-11-16 07:50 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-11-12 11:53 . 2010-05-22 13:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-12 09:34 . 2009-03-11 08:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
    [-] 2008-04-09 . 0A874046BB7B547864811CFF0DD19724 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-01-28_19.59.37 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-01-29 07:40 . 2011-01-29 07:40 16384 c:\windows\Temp\Perflib_Perfdata_2e4.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Buzzzzz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-24 8491008]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
    "RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 08:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 16:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-22 21:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-04-12 19:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    2001-08-23 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2005-04-07 07:40 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-11-10 17:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2010-12-20 11:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 04:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 09:07 2260480 ----a-w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    "PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "RTHDCPL"=RTHDCPL.EXE
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "Alcmtr"=ALCMTR.EXE
    "nwiz"=nwiz.exe /install

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15-Sep-09 11:42 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15-Sep-09 11:42 AM 74480]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16-Nov-09 4:03 PM 135336]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [26-May-10 8:35 PM 26352]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [26-May-10 8:35 PM 493032]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21-Jul-09 11:48 PM 133104]
    S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [09-Feb-09 3:51 PM 58352]
    S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [09-Feb-09 3:51 PM 8304]
    S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [09-Feb-09 3:51 PM 93904]
    S3 cmo_serd;Data Modem @ CDMA Second DS Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [09-Feb-09 3:51 PM 73696]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04-Aug-04 7:00 PM 14336]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15-Sep-09 11:42 AM 7408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    vvdsvc REG_MULTI_SZ vvdsvc
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 16:48]

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 16:48]

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-507921405-725345543-1003Core.job
    - c:\documents and settings\Buzzzzz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-26 11:05]

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-507921405-725345543-1003UA.job
    - c:\documents and settings\Buzzzzz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-26 11:05]

    2010-10-26 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-08-23 14:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {5EA7F988-C77D-4E9F-BD95-4DFB4D060C32} = 203.113.7.130 8.8.8.8
    FF - ProfilePath - c:\documents and settings\Buzzzzz\Application Data\Mozilla\Firefox\Profiles\jjg4pz97.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://start.bramjnet.com/vb/
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    FF - Ext: AvantGarde Skylight: {d62e0de0-401b-11dd-ae16-0800200c9a66} - %profile%\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}
    FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
    FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com
    FF - Ext: AvantGarde Nightlife: {3fb63340-652a-11dd-ad8b-0800200c9a66} - %profile%\extensions\{3fb63340-652a-11dd-ad8b-0800200c9a66}
    FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: Chromifox Companion: cfxHelper@Triton - %profile%\extensions\cfxHelper@Triton
    FF - Ext: Chromifox Extreme: cfxe@Triton - %profile%\extensions\cfxe@Triton
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Virtus Search Opt-in: extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-29 18:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1324)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'lsass.exe'(1380)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    Completion time: 2011-01-29 18:57:51
    ComboFix-quarantined-files.txt 2011-01-29 11:57
    ComboFix2.txt 2011-01-28 20:01

    Pre-Run: 170,160,922,624 bytes free
    Post-Run: 170,131,447,808 bytes free

    Current=3 Default=3 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - EDFFE386F47F98DBB9ECC1E2075C6386
     
  11. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    ...................................
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Open Firefox> Tools> Add-ons> Choose Extensions at the top of the page> uninstall the following:

    FF - Ext: Chromifox Companion: cfxHelper@Triton - %profile%\extensions\cfxHelper@Triton
    FF - Ext: Chromifox Extreme: cfxe@Triton - %profile%\extensions\cfxe@Triton
    FF - Ext: Virtus Search Opt-in: extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com
    Virtus Search & Chromefox extensions > If you didn't put them on, then they were bundled as mentioned..
    Close, then reopen Firefox.
    ===========================================
    As for File Sharing: "I know it can be dangerous, but any protection advice muchly appreciated)" File sharing in one of the main sources of malware. You can have good protection and still get infected:
    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall any file sharing programs for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.[/li
      Please read the information on P2P Warning to help you better understand these dangers.
      ==================================
      Please update the Adobe Reader: Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
     
  13. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    Hi Bobbye ...

    FF - Ext: Chromifox Companion: Uninstalled
    FF - Ext: Chromifox Extreme: could not see it when I opened extensions ?
    FF - Ext: Virtus Search Opt-in: Uninstalled
    ........................................................................................

    Adobe reader updated to 9.4.1

    I might delete it off my PC all together as you recommended, and just use Foxit reader - I can use it on my laptop to download this once-a-month thai phone account statement.

    .............................................................................................

    File sharing program - uTorrent - I understand what you say - looks like i will have to delete it. Actually, last nite I used it to start downloading a game from acrossthetasman.com (BEFORE getting your last reply about it) - that is the ONLY site I download from - but, download speed was too slow - so only downloaded about 5 % and gave up. I noticed this morning, when starting-up my PC it was a little slow loading. Now after reading your advice, would like to run a scan (MWAM or Super Anti-Spy) just in case - I await your further instruction. (when I re-started PC for the Adobe update - no probs, normal start-up time)

    many thanks again,
    Buzz

    PS: My little 'Min-Pin' still has the fracture in smaller bone - another 3 weeks in the cast !
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry to see that little pup in a cast! Almost as big as he is!

    There were just a couple of entries in Combofix I wanted to remove- you don't need to leave another log:
    Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    Folder
    c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    Registry::
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"=-
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "updateMgr"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . No need to leave.
    ====================
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
    Let me know if you have any more questions.
     
  15. Buzz

    Buzz TS Rookie Topic Starter Posts: 57

    All done Bobbye ... no further problems or questions that I can think of right now.

    thanks heaps for all yr time & assistance,
    Buzz & 'Roi'
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome! Here are some tips to help you stay clean and safe!

    Tips for added security and safer browsing:
    1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
      This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
    2. Have layered Security:
      • Antivirus Software(only one):Both of the following programs are free and known to be good:
        [o]Avira Free
        [o]Avast Home
      • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
        [o]Comodo
        [o]Zone Alarm
      • Antispyware: I recommend all of the following:
        [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
      [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
      For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
      IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
      Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
      [o]Replace the Host Files
      MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
      [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
    3. Stay current on updates:
      [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
      [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
      [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
    4. Reset Cookies to prevent Tracking Cookies:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
    5. Do regular Maintenance
      Remove Temporary Internet Files regularly:
      [o]ATF Cleaner by Atribune
      OR
      [o]TFC
      Disable and Enable System Restore:
      [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
    6. Practice Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Use a Site Advisor:
    The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.

    Every time to do a search and the screen comes up with the sites, they will have the rating light. Green (2 shades), Amber/Yellow Caution, Red> not advised. A few sites haven't been rated and show as a blue flashlight.

    If you want to link to another site from the page you're on o another, WOT will give you an Alert that the site is known for fraudulent entries, unreliable or other and the site won't load. Don't worry- those Alerts don't happen if you still to the green rating.

    Give it a try- http://www.mywot.com/en/download

    Pats to Roi!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...