Solved Smart Defragmenter, et al- Mbam log - Can Bobbye or someone help?
- Thread starter mb2cotter
- Start date
- Status
I uninstalled Prime95 a few days ago and I don't intend to reinstall it. If that's what you mean by overclocking then I guess I'm not.
In post #16, you said, "And there will most likely be Registry entries related to the Adware.PurityScan I need to remove, so please download ComboFix from Here and save to your Desktop". As we discussed before, I was never able to run Combofix becasue I always got a BSOD during the scan. How do I tell if there are registry items that still need to be removed?
I followed your suggestions for getting IR running, and it worked. Therefore, I was able to finally run the ESET scan. It said it found one threat. Do I need to remove it somehow since I unchecked "Remove found threats"? If so, how do I do that? Here's the ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3c46c97d54eaa847be6268f553d4f3d1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-09 02:30:44
# local_time=2010-11-08 07:30:44 (-0700, Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3587 16777194 85 76 0 107331385 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=146185
# found=1
# cleaned=0
# scan_time=6246
C:\download\Nero-7.8.5.0_eng_trial.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I
In post #16, you said, "And there will most likely be Registry entries related to the Adware.PurityScan I need to remove, so please download ComboFix from Here and save to your Desktop". As we discussed before, I was never able to run Combofix becasue I always got a BSOD during the scan. How do I tell if there are registry items that still need to be removed?
I followed your suggestions for getting IR running, and it worked. Therefore, I was able to finally run the ESET scan. It said it found one threat. Do I need to remove it somehow since I unchecked "Remove found threats"? If so, how do I do that? Here's the ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3c46c97d54eaa847be6268f553d4f3d1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-09 02:30:44
# local_time=2010-11-08 07:30:44 (-0700, Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3587 16777194 85 76 0 107331385 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=146185
# found=1
# cleaned=0
# scan_time=6246
C:\download\Nero-7.8.5.0_eng_trial.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I
Bobbye
Posts: 16,313 +36
Please download OTMovit by Old Timer and save to your desktop.
- Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code::Processes :Files C:\download\Nero-7.8.5.0_eng_trial.exe :Commands [purity] [emptytemp] [start explorer] [Reboot] - Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
- Click the red Moveit! button.
- A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
- Close OTMoveIt3
===================================
Try Combofix again please. You ran it previously did you not?
I ran the OTM. It asked me to reboot. After it rebooted, I got a Microsoft Windows error message that said "The system has recovered from a serious error." It listed the following error signature:
BCCode : 24 BCP1 : 001902FE BCP2 : BA4EB254 BCP3 : BA4EAF50
BCP4 : 88782B12 OSVer : 5_1_2600 SP : 3_0 Product : 256_1
It also said that the following files were included in the error report:
C:\DOCUME~1\Mike\LOCALS~1\Temp\WERdf08.dir00\Mini103110-01.dmp
C:\DOCUME~1\Mike\LOCALS~1\Temp\WERdf08.dir00\sysdata.xml
Here's the OTM log:
All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\download\Nero-7.8.5.0_eng_trial.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes
User: Mike
->Temp folder emptied: 51868 bytes
->Temporary Internet Files folder emptied: 12246706 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 589 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 213746 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 12.00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 11092010_164923
Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_7d4.dat not found!
BCCode : 24 BCP1 : 001902FE BCP2 : BA4EB254 BCP3 : BA4EAF50
BCP4 : 88782B12 OSVer : 5_1_2600 SP : 3_0 Product : 256_1
It also said that the following files were included in the error report:
C:\DOCUME~1\Mike\LOCALS~1\Temp\WERdf08.dir00\Mini103110-01.dmp
C:\DOCUME~1\Mike\LOCALS~1\Temp\WERdf08.dir00\sysdata.xml
Here's the OTM log:
All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\download\Nero-7.8.5.0_eng_trial.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes
User: Mike
->Temp folder emptied: 51868 bytes
->Temporary Internet Files folder emptied: 12246706 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 589 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 213746 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 12.00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 11092010_164923
Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_7d4.dat not found!
In the previous post I posted the OTM log and some other info. Also, the combofix finally ran this time with out a BSOD. That's the first time it's completed successfully. Here's the log:
ComboFix 10-11-09.01 - Mike 11/09/2010 17:06:21.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1470 [GMT -7:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
.
((((((((((((((((((((((((( Files Created from 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))))))
.
2010-11-01 00:34 . 2010-11-01 00:34 -------- d--h--w- c:\windows\PIF
2010-10-31 03:39 . 2010-10-31 03:39 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2010-10-31 03:39 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 03:39 . 2010-10-31 03:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-31 03:39 . 2010-10-31 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-31 03:39 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-30 22:49 . 2010-10-30 22:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-30 22:49 . 2010-10-30 22:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-30 22:49 . 2010-10-30 22:49 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-30 22:49 . 2010-10-30 22:49 -------- d-----w- c:\program files\Symantec
2010-10-30 22:48 . 2010-10-30 22:48 -------- d-----w- c:\windows\system32\drivers\NAV
2010-10-30 22:48 . 2010-10-30 22:48 -------- d-----w- c:\program files\Norton AntiVirus
2010-10-30 22:48 . 2010-10-30 22:48 -------- d-----w- c:\program files\Windows Sidebar
2010-10-30 22:14 . 2010-10-30 22:14 -------- d-----w- c:\program files\NortonInstaller
2010-10-30 21:07 . 2010-10-30 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-10-28 14:42 . 2006-09-06 02:08 16896 ----a-w- c:\windows\system32\grwinsthlp.exe
2010-10-28 01:53 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-28 01:53 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-28 01:53 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-28 01:52 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 15:32 . 2010-02-11 01:46 81920 ----a-w- c:\windows\system32\wxcode_msw28u_wxjson_CW.dll
2010-11-06 15:32 . 2010-02-11 01:46 1073152 ----a-w- c:\windows\system32\wxcode_msw28u_wxcurl_CW.dll
2010-11-06 15:32 . 2010-02-11 01:46 975872 ----a-w- c:\windows\system32\libxml2_CW.dll
2010-11-06 15:32 . 2010-02-11 01:46 151552 ----a-w- c:\windows\system32\libexpat.dll
2010-11-06 15:32 . 2010-02-11 01:46 720384 ----a-w- c:\windows\system32\cwalsp.dll
2010-11-06 15:32 . 2010-02-11 01:46 1884160 ----a-w- c:\windows\system32\AltaRecovery.exe
2010-10-02 00:06 . 2010-10-02 00:06 1409 ----a-w- c:\windows\QTFont.for
2010-09-26 01:43 . 2006-09-03 23:54 60416 ----a-w- c:\windows\system32\rbap350.dll
2010-09-18 18:23 . 2005-08-16 09:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-08-16 09:18 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-08-16 09:18 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-08-16 09:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2005-08-16 09:18 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2005-08-16 09:18 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-08-16 09:18 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2005-08-16 09:18 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-22 00:21 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2005-08-16 09:18 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2005-08-16 09:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 18:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 18:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"cwcptray"="c:\program files\ContentWatch\Internet Protection\cwtray.exe" [2010-11-06 353088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=c:\windows\pss\Image Transfer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-06-01 19:32 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2007-03-16 01:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-06-28 15:14 270648 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2006-07-30 02:34 5354792 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-04-27 15:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-22 19:20 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-08-23 16:24 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2006-07-05 14:29 4538368 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\wdisplay\\ftpupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Chessmaster 8000\\Chessmaster.exe"=
"c:\\Program Files\\Actiontec\\BroadBand\\gwconfig.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1201000.025\SymDS.sys [10/30/2010 3:49 PM 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1201000.025\SymEFA.sys [10/30/2010 3:49 PM 666672]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [8/31/2010 3:57 PM 692272]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1201000.025\Ironx86.sys [10/30/2010 3:49 PM 134704]
R2 CwAltaService20;ContentWatch;c:\program files\ContentWatch\Internet Protection\cwsvc.exe [2/10/2010 6:46 PM 2109440]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe [10/30/2010 3:49 PM 126904]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/15/2009 6:56 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/30/2010 3:50 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101028.001\IDSXpx86.sys [10/19/2010 1:36 PM 341880]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 1:36 PM 135664]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [7/13/2007 4:52 PM 29522]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [12/28/2006 4:23 PM 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [12/28/2006 4:23 PM 44928]
.
Contents of the 'Scheduled Tasks' folder
2010-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 19:42]
2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 20:35]
2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 20:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.erieskies.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: mylabbill.com\www
Trusted Zone: remititonline.com
Trusted Zone: turbotax.com
TCP: {69C47182-A893-484C-B37A-A189215F0D6E} = 205.171.3.65,205.171.2.65
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
HKCU-Run-Start WingMan Profiler - (no file)
HKLM-Run-NWEReboot - (no file)
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
AddRemove-Move Networks Player_is1 - c:\documents and settings\Mike\Application Data\Move Networks\ie_bin\unins000.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-{F7D85304-98CF-4A30-A380-B6C59D15E58F} - c:\program files\InstallShield Installation Information\{F7D85304-98CF-4A30-A380-B6C59D15E58F}\setup.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Mike\Application Data\Macromedia\Flash Player\
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-09 17:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\cwalsp.dll
c:\windows\system32\wxbase28u_vc_CW.dll
.
Completion time: 2010-11-09 17:17:56
ComboFix-quarantined-files.txt 2010-11-10 00:17
Pre-Run: 197,905,342,464 bytes free
Post-Run: 197,859,246,080 bytes free
- - End Of File - - 2CFCD9735429F0641AA4C632BA9DC6C1
ComboFix 10-11-09.01 - Mike 11/09/2010 17:06:21.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1470 [GMT -7:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
.
((((((((((((((((((((((((( Files Created from 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))))))
.
2010-11-01 00:34 . 2010-11-01 00:34 -------- d--h--w- c:\windows\PIF
2010-10-31 03:39 . 2010-10-31 03:39 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2010-10-31 03:39 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 03:39 . 2010-10-31 03:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-31 03:39 . 2010-10-31 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-31 03:39 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-30 22:49 . 2010-10-30 22:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-30 22:49 . 2010-10-30 22:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-30 22:49 . 2010-10-30 22:49 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-30 22:49 . 2010-10-30 22:49 -------- d-----w- c:\program files\Symantec
2010-10-30 22:48 . 2010-10-30 22:48 -------- d-----w- c:\windows\system32\drivers\NAV
2010-10-30 22:48 . 2010-10-30 22:48 -------- d-----w- c:\program files\Norton AntiVirus
2010-10-30 22:48 . 2010-10-30 22:48 -------- d-----w- c:\program files\Windows Sidebar
2010-10-30 22:14 . 2010-10-30 22:14 -------- d-----w- c:\program files\NortonInstaller
2010-10-30 21:07 . 2010-10-30 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-10-28 14:42 . 2006-09-06 02:08 16896 ----a-w- c:\windows\system32\grwinsthlp.exe
2010-10-28 01:53 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-28 01:53 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-28 01:53 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-28 01:52 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 15:32 . 2010-02-11 01:46 81920 ----a-w- c:\windows\system32\wxcode_msw28u_wxjson_CW.dll
2010-11-06 15:32 . 2010-02-11 01:46 1073152 ----a-w- c:\windows\system32\wxcode_msw28u_wxcurl_CW.dll
2010-11-06 15:32 . 2010-02-11 01:46 975872 ----a-w- c:\windows\system32\libxml2_CW.dll
2010-11-06 15:32 . 2010-02-11 01:46 151552 ----a-w- c:\windows\system32\libexpat.dll
2010-11-06 15:32 . 2010-02-11 01:46 720384 ----a-w- c:\windows\system32\cwalsp.dll
2010-11-06 15:32 . 2010-02-11 01:46 1884160 ----a-w- c:\windows\system32\AltaRecovery.exe
2010-10-02 00:06 . 2010-10-02 00:06 1409 ----a-w- c:\windows\QTFont.for
2010-09-26 01:43 . 2006-09-03 23:54 60416 ----a-w- c:\windows\system32\rbap350.dll
2010-09-18 18:23 . 2005-08-16 09:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-08-16 09:18 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-08-16 09:18 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-08-16 09:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2005-08-16 09:18 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2005-08-16 09:18 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-08-16 09:18 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2005-08-16 09:18 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-22 00:21 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2005-08-16 09:18 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2005-08-16 09:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 18:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 18:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"cwcptray"="c:\program files\ContentWatch\Internet Protection\cwtray.exe" [2010-11-06 353088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=c:\windows\pss\Image Transfer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-06-01 19:32 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2007-03-16 01:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-06-28 15:14 270648 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2006-07-30 02:34 5354792 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-04-27 15:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-22 19:20 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-08-23 16:24 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2006-07-05 14:29 4538368 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\wdisplay\\ftpupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Chessmaster 8000\\Chessmaster.exe"=
"c:\\Program Files\\Actiontec\\BroadBand\\gwconfig.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1201000.025\SymDS.sys [10/30/2010 3:49 PM 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1201000.025\SymEFA.sys [10/30/2010 3:49 PM 666672]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [8/31/2010 3:57 PM 692272]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1201000.025\Ironx86.sys [10/30/2010 3:49 PM 134704]
R2 CwAltaService20;ContentWatch;c:\program files\ContentWatch\Internet Protection\cwsvc.exe [2/10/2010 6:46 PM 2109440]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe [10/30/2010 3:49 PM 126904]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/15/2009 6:56 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/30/2010 3:50 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101028.001\IDSXpx86.sys [10/19/2010 1:36 PM 341880]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 1:36 PM 135664]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [7/13/2007 4:52 PM 29522]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [12/28/2006 4:23 PM 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [12/28/2006 4:23 PM 44928]
.
Contents of the 'Scheduled Tasks' folder
2010-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 19:42]
2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 20:35]
2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 20:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.erieskies.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: mylabbill.com\www
Trusted Zone: remititonline.com
Trusted Zone: turbotax.com
TCP: {69C47182-A893-484C-B37A-A189215F0D6E} = 205.171.3.65,205.171.2.65
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
HKCU-Run-Start WingMan Profiler - (no file)
HKLM-Run-NWEReboot - (no file)
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
AddRemove-Move Networks Player_is1 - c:\documents and settings\Mike\Application Data\Move Networks\ie_bin\unins000.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-{F7D85304-98CF-4A30-A380-B6C59D15E58F} - c:\program files\InstallShield Installation Information\{F7D85304-98CF-4A30-A380-B6C59D15E58F}\setup.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Mike\Application Data\Macromedia\Flash Player\
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-09 17:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\cwalsp.dll
c:\windows\system32\wxbase28u_vc_CW.dll
.
Completion time: 2010-11-09 17:17:56
ComboFix-quarantined-files.txt 2010-11-10 00:17
Pre-Run: 197,905,342,464 bytes free
Post-Run: 197,859,246,080 bytes free
- - End Of File - - 2CFCD9735429F0641AA4C632BA9DC6C1
Bobbye
Posts: 16,313 +36
OTMovIt appears to have run successfully. Unless you continue to experience unexplained crahes, I wouldn't be concerned. Combofix look good- no sign of anything there. I'd like you to run HijackThis just to make sure there are no bad entries left:
Download the HijackThis Installer and save to the desktop:
NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
If the HJT logs is okay, I'll have to remove the ceaning tools. If you have any of the original problems, now would be the time to let me know- but you shouldn't!.
Download the HijackThis Installer and save to the desktop:
- Double-click on HJTInstall.exe to run the program.
- By default it will install to C:\Program Files\Trend Micro\HijackThis.
- Accept the license agreement by clicking the "I Accept" button.
- Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
- Click "Save log" to save the log file and then the log will open in notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- Come back here to this thread and paste (Ctrl+V) the log in your next reply.
NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
If the HJT logs is okay, I'll have to remove the ceaning tools. If you have any of the original problems, now would be the time to let me know- but you shouldn't!.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:40:18 PM, on 11/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Actiontec\BroadBand\gwconfig.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAdvisor.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.erieskies.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/29.51/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.13/ttinst.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69C47182-A893-484C-B37A-A189215F0D6E}: NameServer = 205.171.3.65,205.171.2.65
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11830 bytes
Scan saved at 6:40:18 PM, on 11/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Actiontec\BroadBand\gwconfig.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAdvisor.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.erieskies.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/29.51/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.13/ttinst.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69C47182-A893-484C-B37A-A189215F0D6E}: NameServer = 205.171.3.65,205.171.2.65
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11830 bytes
Bobbye
Posts: 16,313 +36
Please open HijackThis to 'do system scan only.' Check each of the following if present:
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
023 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Close all Widows except HijackThis and click on "Fix Checked"
Completely uninstall Viewpoint:
Viewpoint installs itself with various other programs such as AOL ©, AOL © Instant Messenger, Netscape, certain Adobe applications, and other programs on the web that require the media player to show their content.
How to Remove Viewpoint Media Player, Toolbar, or Manager
1) Right-click on the clock in your taskbar and choose Task Manager
2) Click on the Processes tab and search for VIEWMGR.EXE, if its found, click on it and then click End Task to close it
3) Click on Start, Control Panel, Add/Remove Programs
4) Uninstall any of the following programs associated with Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
023 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Close all Widows except HijackThis and click on "Fix Checked"
Completely uninstall Viewpoint:
Viewpoint installs itself with various other programs such as AOL ©, AOL © Instant Messenger, Netscape, certain Adobe applications, and other programs on the web that require the media player to show their content.
How to Remove Viewpoint Media Player, Toolbar, or Manager
1) Right-click on the clock in your taskbar and choose Task Manager
2) Click on the Processes tab and search for VIEWMGR.EXE, if its found, click on it and then click End Task to close it
3) Click on Start, Control Panel, Add/Remove Programs
4) Uninstall any of the following programs associated with Viewpoint
- Viewpoint Manager
- Viewpoint Media Player
- Viewpoint Toolbar
5) Close the Add/Remove Programs and Control Panel
6) Restart your computer
Click on Start> Run> type in services.msc double click on the Viewpoint Manager Service> Change the Startup type to Disabled> Stop the Service.
Warning: If you install AOL © Instant Messenger, Adobe Atmosphere plugin, or another program that requires Viewpoint, it will download and install again.
I did all of the above. However, when I type in services,msc, I get a message saying that windows can't find services,msc. I looked in startup and services under msconfig and I don't see anyhting labeled "Viewpoint". I don't know if that's the smae thing, though.
Out of curiosity, why did we delete the R1 registry setting above? Was that something that was added by a virus?
Thanks for the help.
Out of curiosity, why did we delete the R1 registry setting above? Was that something that was added by a virus?
Thanks for the help.
Bobbye
Posts: 16,313 +36
Please accept my apology- I put in a comma instead of a period. First time I've done that.
The correct command (which I am going to fix in my reply) should have been services.msc
I had you remove the R1 HJT entry because of the port listed:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
Yes, it was for the redirect. If you do a search for the port number, you will find this is common in the redirects.
Regarding Viewpoint: Here the full removal:
This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player: To can have HJT remove the Service entry, then when HijackThis has finished, you can continue with the Viewpoint removal.
To remove, find and remove Viewpoint Media Player
Boot into Safe Mode
Finally, delete the following folders if they still exist: Open Windows Explorer> Programs:
C:\Program Files\ViewManager\ <-- and delete this folder
C:\Program Files\Viewpoint\ <-- and delete this folder
Exit Explorer.
The correct command (which I am going to fix in my reply) should have been services.msc
I had you remove the R1 HJT entry because of the port listed:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
Yes, it was for the redirect. If you do a search for the port number, you will find this is common in the redirects.
Regarding Viewpoint: Here the full removal:
This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player: To can have HJT remove the Service entry, then when HijackThis has finished, you can continue with the Viewpoint removal.
To remove, find and remove Viewpoint Media Player
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
- Click on Start > Run and type: services.msc> OK
- Click the "Extended tab".
- Scroll down the list and find the service called "Viewpoint Manager Service"
- When you find the service, double-click on it.
- In the Properties Window > General Tab that opens, click the "Stop" button.
- From the drop-down menu next to "Startup Type", click on "Disabled".
- Now click "Apply", then "OK" and close any open windows.
- Click on Start > Settings > Control Panel >Add/Remove Programs
- Highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.
Finally, delete the following folders if they still exist: Open Windows Explorer> Programs:
C:\Program Files\ViewManager\ <-- and delete this folder
C:\Program Files\Viewpoint\ <-- and delete this folder
Exit Explorer.
Bobbye
Posts: 16,313 +36
You're welcome. Viewpoint isn't malware. We object to it because it is put on the systenen without your knowledge or permission. It's called foistware.'
Removing all of the tools we used and the files and folders they created
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
Empty the Recycle Bin
If there are any of the programs left, remove in Add/Rmove Programs and any left over logs. The only AV program was the Eset online scanner. You can remove that in Inetenet Explorer> Tools> Manage Addons> Disaable Nod32 here.
Let me know if there are any more questions.
Removing all of the tools we used and the files and folders they created
- Uninstall ComboFix and all Backups of the files it deleted
- Click START> then RUN
- Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- Download OTCleanIt by OldTimer and save it to your Desktop.
- Double click OTCleanIt.exe.
- Click the CleanUp! button.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
- You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
- Go to Start > All Programs > Accessories > System Tools
- Click "System Restore".
- Choose "Create a Restore Point" on the first screen then click "Next".
- Give the Restore Point a name> click "Create".
- Go back and follow the path to > System Tools.
[*]Choose Disc Cleanup
[*]Click "OK" to select the partition or drive you want.
[*]Click the "More Options" Tab.
[*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.
Empty the Recycle Bin
If there are any of the programs left, remove in Add/Rmove Programs and any left over logs. The only AV program was the Eset online scanner. You can remove that in Inetenet Explorer> Tools> Manage Addons> Disaable Nod32 here.
Let me know if there are any more questions.
Bobbye
Posts: 16,313 +36
You're welcome. Here's are some tips for you:
Tips for added security and safer browsing:
Note: Some of these prgrams may not work on Windows 7 or a 64bit OS.
Tips for added security and safer browsing:
Note: Some of these prgrams may not work on Windows 7 or a 64bit OS.
- Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
- Have layered Security:
- Antivirus Software(only one):Both of the following programs are free and known to be good:
[o]Avira Free
[o]Avast Home - Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
[o]Comodo
[o]Zone Alarm - Antispyware: I recommend all of the following:
[o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
[o]MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
[o]Google Toolbar Get the free google toolbar to help stop pop up windows.
- Antivirus Software(only one):Both of the following programs are free and known to be good:
- Stay current on updates:
[o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
[o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
[o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
- Reset Cookies to prevent Tracking Cookies:
[o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
[o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List
- Do regular Maintenance
Remove Temporary Internet Files regularly:
[o]ATF Cleaner by Atribune
OR
[o]TFC
Disable and Enable System Restore:
[o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
- Practice Safe Email Handling
[o] Don't open email from anyone you don't know.
[o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
[o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
- Status
Similar threads
Latest posts
-
New Affordable AMD B650 Motherboard Roundup- Avro Arrow replied
-
Nvidia GeForce RTX 3050 6GB Review: Quiet Release, Dodgy Name- petalsofpain replied
