also @ TechSpot: Android 4.0: Tracking Ice Cream Sandwich's Availability on Smartphones

TechSpot

[Active] HELP! Nasties over-running my laptop

Discussion in 'Virus and Malware Removal' started by jonny utah, Dec 7, 2010.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. jonny utah Newcomer, in training

    combofix log

    ComboFix 10-12-08.04 - Dan 09/12/2010 21:42:00.5.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.142 [GMT 0:00]
    Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Dan\Desktop\CFScript.txt
    AV: Virgin Media Security Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
    FW: Virgin Media Security Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
    .

    ((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
    .

    2010-12-09 20:04 . 2010-12-09 20:04 -------- d-----w- c:\program files\ESET
    2010-12-09 19:41 . 2010-12-09 19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-12-09 19:41 . 2010-12-09 19:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-08 20:10 . 2010-12-09 19:04 -------- d-----w- C:\HijackThis
    2010-12-07 19:29 . 2010-12-07 19:29 -------- d-----w- c:\documents and settings\Tash\Application Data\Virgin Media
    2010-12-06 21:06 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-06 21:06 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-06 21:06 . 2010-12-06 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-05 23:30 . 2010-12-05 23:31 -------- d-----w- c:\program files\tmp
    2010-12-05 22:15 . 2009-11-02 15:27 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
    2010-12-05 22:13 . 2009-10-23 13:25 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
    2010-12-05 22:13 . 2010-12-05 22:13 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
    2010-12-05 22:12 . 2010-12-05 22:12 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
    2010-12-05 22:11 . 2010-12-05 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
    2010-12-05 22:11 . 2010-12-05 22:11 -------- d-----w- c:\program files\Raxco
    2010-12-02 09:42 . 2010-12-05 21:35 -------- d-----w- c:\program files\windows
    2010-11-29 12:25 . 2010-12-05 22:19 -------- d-----w- c:\documents and settings\Dan\Application Data\Virgin Media
    2010-11-29 12:25 . 2010-11-29 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
    2010-11-29 12:25 . 2010-12-05 22:09 -------- d-----w- c:\program files\Virgin Media
    2010-11-29 12:25 . 2010-12-05 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Media
    2010-11-10 20:55 . 2010-12-03 10:31 -------- d-----w- c:\documents and settings\Dan\Application Data\Awsog

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 11:23 . 2004-08-10 15:37 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-10 15:37 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-10 15:37 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-10 15:37 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2006-07-25 22:11 . 2006-07-25 22:11 11817800 -c--a-w- c:\program files\GoogleEarth.exe
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\docume~1\dan\applic~1\Awsog ----


    ---- Directory of c:\docume~1\dan\applic~1\Leyw ----


    ---- Directory of c:\program files\windows ----



    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=

    R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [05/12/2010 22:15 25608]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [03/08/2010 19:04 203280]
    R2 MTC0007_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [29/03/2006 11:48 11279]
    R2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 12:17 165408]
    R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [05/12/2010 22:15 5832712]
    R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [29/11/2010 12:25 668912]
    R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [05/12/2010 22:15 122376]
    R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [05/12/2010 22:15 30216]
    R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [05/12/2010 22:15 25736]
    S2 STDSB;STDSB;c:\windows\system32\drivers\STDSB.sys [29/03/2006 11:48 11279]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [30/08/2008 14:57 13352]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - 3A77365A
    *NewlyCreated* - JAVAQUICKSTARTERSERVICE
    *Deregistered* - 3a77365a

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    vvdsvc REG_MULTI_SZ vvdsvc
    bdx REG_MULTI_SZ scan sysagent
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.virginmedia.com/
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: {A4AA025A-9A5C-4936-B08F-E79DDFCEBDB2} = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-09 21:53
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1700)
    c:\windows\system32\WININET.dll
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-12-09 21:59:30
    ComboFix-quarantined-files.txt 2010-12-09 21:59
    ComboFix2.txt 2010-12-08 22:47
    ComboFix3.txt 2009-04-02 17:52
    ComboFix4.txt 2009-04-02 09:57

    Pre-Run: 37,433,937,920 bytes free
    Post-Run: 37,445,730,304 bytes free

    - - End Of File - - ADF81B39D77A457079FFB25BE06B6658
    jonny utah, Dec 9, 2010
    #21

  2. Bobbye Helper on the Fringe

    Question> Important!
    In the instructions with the Eset online virus scan, there is a line saying this:
    Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked

    Tell me please if you missed it and did check for removal? All of the entries suggest you did as they are marked unable to clean. I think that is because they have already been handled. Qoobox is the qurantine folder from Combofix and System Volumn is restore points which I'll have you remove later. There is only one entry that is showing as 'new' but I think it also has been handled./

    So:
    1. Did you check for removal in Eset?
    2. Are you still having the original malware-related problems?

    I'll move the one Eset entry- in case it is still active:

    Please download color=blue]OTMovit by Old Timer[/color] and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Processes	
:Files 
C:\Documents and Settings\All Users\Documents\Server\hlp.dat 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ==============================================
    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::

Folder::
c:\program files\windows
c:\docume~1\dan\applic~1\Leyw
c:\docume~1\dan\applic~1\Awsog
c:\program files\tmp

NetSvc::
vvdsvc
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    You're almost there!
    Bobbye, Dec 11, 2010
    #22

  3. jonny utah Newcomer, in training

    OTM log

    Bobbye,

    Log pasted below, but in answer to your questions:

    I didn't miss the instruction about unchecking for removal and checking the unwanted items. However, whilst I did uncheck for removal, the second option stated "scan archives", and not "scan unwanted items". I took this to mean the same thing and checked that item.

    Also, internet seems to be relatively normal now. Google searches are not redirecting anyway.




    All processes killed
    ========== PROCESSES ==========
    ========== FILES ==========
    C:\Documents and Settings\All Users\Documents\Server\hlp.dat moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Dan
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 4499169 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 405 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Tash
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4018 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 4.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 12112010_164645

    Files moved on Reboot...

    Registry entries deleted on Reboot...
    jonny utah, Dec 11, 2010
    #23

  4. jonny utah Newcomer, in training

    combo log

    ComboFix 10-12-08.04 - Dan 11/12/2010 17:10:27.6.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.97 [GMT 0:00]
    Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Dan\Desktop\CFScript.txt
    AV: Virgin Media Security Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
    FW: Virgin Media Security Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\dan\applic~1\Awsog
    c:\program files\tmp
    c:\program files\windows

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
    .

    2010-12-11 17:05 . 2010-12-11 17:06 -------- d-----w- C:\32788R22FWJFW
    2010-12-11 16:46 . 2010-12-11 16:46 -------- d-----w- C:\_OTM
    2010-12-09 20:04 . 2010-12-09 20:04 -------- d-----w- c:\program files\ESET
    2010-12-09 19:41 . 2010-12-09 19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-12-09 19:41 . 2010-12-09 19:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-08 20:10 . 2010-12-09 19:04 -------- d-----w- C:\HijackThis
    2010-12-07 19:29 . 2010-12-07 19:29 -------- d-----w- c:\documents and settings\Tash\Application Data\Virgin Media
    2010-12-06 21:06 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-06 21:06 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-06 21:06 . 2010-12-06 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-05 22:15 . 2009-11-02 15:27 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
    2010-12-05 22:13 . 2009-10-23 13:25 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
    2010-12-05 22:13 . 2010-12-05 22:13 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
    2010-12-05 22:12 . 2010-12-05 22:12 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
    2010-12-05 22:11 . 2010-12-05 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
    2010-12-05 22:11 . 2010-12-05 22:11 -------- d-----w- c:\program files\Raxco
    2010-11-29 12:25 . 2010-12-05 22:19 -------- d-----w- c:\documents and settings\Dan\Application Data\Virgin Media
    2010-11-29 12:25 . 2010-11-29 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
    2010-11-29 12:25 . 2010-12-05 22:09 -------- d-----w- c:\program files\Virgin Media
    2010-11-29 12:25 . 2010-12-05 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Media

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 11:23 . 2004-08-10 15:37 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-10 15:37 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-10 15:37 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-10 15:37 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2006-07-25 22:11 . 2006-07-25 22:11 11817800 -c--a-w- c:\program files\GoogleEarth.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=

    R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [05/12/2010 22:15 25608]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [03/08/2010 19:04 203280]
    R2 MTC0007_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [29/03/2006 11:48 11279]
    R2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 12:17 165408]
    R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [05/12/2010 22:15 5832712]
    R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [29/11/2010 12:25 668912]
    R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [05/12/2010 22:15 122376]
    R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [05/12/2010 22:15 30216]
    R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [05/12/2010 22:15 25736]
    S2 STDSB;STDSB;c:\windows\system32\drivers\STDSB.sys [29/03/2006 11:48 11279]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [30/08/2008 14:57 13352]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - EE5C7596
    *Deregistered* - ee5c7596

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    vvdsvc REG_MULTI_SZ vvdsvc
    bdx REG_MULTI_SZ scan sysagent
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.virginmedia.com/
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: {A4AA025A-9A5C-4936-B08F-E79DDFCEBDB2} = 192.168.0.1
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-11 17:23
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3360)
    c:\windows\system32\WININET.dll
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-12-11 17:28:58
    ComboFix-quarantined-files.txt 2010-12-11 17:28
    ComboFix2.txt 2010-12-09 21:59
    ComboFix3.txt 2010-12-08 22:47
    ComboFix4.txt 2009-04-02 17:52
    ComboFix5.txt 2010-12-11 17:07

    Pre-Run: 37,418,622,976 bytes free
    Post-Run: 37,409,447,936 bytes free

    - - End Of File - - 4BA8231A59A0BBA8722C87EF9FE0269F
    jonny utah, Dec 11, 2010
    #24

  5. Bobbye Helper on the Fringe

    The entry foun by Eset shows "unable to clean." But the directions say not to click for removal. I know that sounds confusing, but it's not to me. These logs look good.

    Are the 'nasties' gone? I'd like you to run HijackThis and after I review that log to make sure no bad entries are running, I'll have you remove the cleaning tools and log:

    Download the HijackThis Installer and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    Bobbye, Dec 11, 2010
    #25

  6. jonny utah Newcomer, in training

    hijack this log

    Hi Bobbye,

    Ran hijack this - log below: Not sure whether "nasties" are gone, although computer seems to be running normally. If a little slow. Is there anything I can do to speed that up, i.e. any processes runnng on startup that don't ned to be etc.?


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:47:27, on 12/12/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17091)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Virgin Media\Security\Fws.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Virgin Media\Security\rps.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
    C:\Program Files\Virgin Media\HUB\ServicepointService.exe
    C:\WINDOWS\system32\slmdmsr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A4AA025A-9A5C-4936-B08F-E79DDFCEBDB2}: NameServer = 192.168.0.1
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
    O23 - Service: Virgin Media Security (Radialpoint Security Services) - Virgin Media - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
    O23 - Service: RadialpointIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Virgin Media Security Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Media\Security\Fws.exe
    O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Virgin Media\HUB\ServicepointService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

    --
    End of file - 8224 bytes
    jonny utah, Dec 12, 2010
    #26

  7. Bobbye Helper on the Fringe

    Please reopen HijackThis to 'do system scan only.' Check each of the following if present:

    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

    Close all Windows except HijackThis and click on "Fix Checked."
    ============================================================
    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Click on start> Run> type in services.msc> find each of the following and set Startup type to Manual

    CyberLink Background Capture Service (CBCS)
    CyberLink Task Scheduler (CTS) (CLSched)
    CyberLink Media Library Service -
    iPod Service
    Java Quick Starter (jqs)
    LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    Roxio UPnP Renderer 9
    Roxio Upnp Server 9
    LiveShare P2P Server 9 (RoxLiveShare9)
    RoxMediaDB9
    Roxio Hard Drive Watcher 9 (RoxWatch9)
    Exit Services when through.
    ============================================
    Note: None of the above is malware. None of it needs to be on Startup. None of the Serviees needs to be set to Automatic.

    After you stop the Service, while still in Safe Mode:

    To remove entries from Startup using the msconfig utility:
    • Click on Start> Run> type in msconfig> enter>
    • Click on Selective Startup
    • Choose the Startup tab:
      This is where you UNCHECK the Startup items. This does not remove the item or uninstall anything> it just stops it from starting on boot. It can be rechecked at any time if wanted.
    • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
    • Uncheck any of the processes that correspond to entries you checked in the HJT log and any processes related to the Services you changed to Manual.
    • Click on Apply> OK when finished.

    Reboot into Normal Mode
    NOTE:
    When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.'
    Once you make changes to the Startup menu, you must remain in Selective Startup to retain those changed. If you go back to Normal Startup, everything you unchecked will be checked again and start on boot.

    The only processes that need to be on startuop are the antivirus program, filrewall if yo have a 3rd party firewall, touchopad if on a laptop and neetwork processes is you have something like Pure Magic. Nothing else. Printer/scanner, camera, media players, Java, Adobe processes do not need to start on boot.
    LEX=Lexmark printer
    CyberLink=burning
    =======================================
    Please run the Eset scan again.
    Bobbye, Dec 13, 2010
    #27

  8. jonny utah Newcomer, in training

    Hi there Bobbye,

    I did as you asked and all seems fine with the computer now!

    Can't thank you enough, was completely lost without that thing.

    Thank you.
    jonny utah, Dec 14, 2010
    #28

  9. Bobbye Helper on the Fringe

    You're welcome! You will definitely be carrying a much lighter load!
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

    Empty the Recycle Bin

    Stay safe! Tips for added security and safer browsing:
    1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
      This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
    2. Have layered Security:
      • Antivirus Software(only one):Both of the following programs are free and known to be good:
        [o]Avira Free
        [o]Avast Home
      • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
        [o]Comodo
        [o]Zone Alarm
      • Antispyware: I recommend all of the following:
        [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
      [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
      For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
      IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
      Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
      [o]MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
      [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
    3. Stay current on updates:
      [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
      [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
      [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
    4. Reset Cookies to prevent Tracking Cookies:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
    5. Do regular Maintenance
      Remove Temporary Internet Files regularly:
      [o]ATF Cleaner by Atribune
      OR
      [o]TFC
      Disable and Enable System Restore:
      [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
    6. Practice Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Have a Happy and Peaceful Holiday![IMG]
    Bobbye, Dec 15, 2010
    #29
Page 2 of 2
Thread Status:
Not open for further replies.