AV Security Suite and other issues

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

AV Security Suite and other issues

Post by smleahy88 on Thu 01 Jul 2010, 2:45 pm

First topic message reminder :

So earlier I somehow got AV Security Suite on my computer. I tried to fix it following some steps I found here but was unable to open the hijackthis program. I system restored to a few days ago and I no longer have the AV Security Suite popups. I started my computer up in safe mode with networking and ran malwarebytes. I found 7 problems and fixed them, some of them required the reboot. Now I am getting constant Just-In-Time Debugging popups which I thought I had disabled by changing some registry things, but they still popup. In addition occasionally my browser randomly opens another page or goes to a page that I did not tell it to go to. Here is my HijackThis logfile. If any other information is required from me to help fix this issue please let me know.

Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Sean Leahy\Local Settings\Apps\2.0\HKN2TL5K.KMN\HX6HWK9N.6KA\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
C:\WINDOWS\SYSTEM32\Rpcnet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Sean Leahy\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {099E79F0-1E14-43E4-9B61-F985A7D76946} - (no file)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8DF6F4AC-CE79-42B4-9F29-8E9455E305A1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {BEA57482-22BB-4B7B-8195-B99C5FC1FBCB} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: lJASLBSi - lJASLBSi.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - absoƖute Software Corp. - C:\WINDOWS\SYSTEM32\Rpcnet.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11178 bytes

smleahy88

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2010-07-01
Operating System : XP Home

View user profile

Back to top Go down


Re: AV Security Suite and other issues

Post by Crush on Fri 02 Jul 2010, 1:08 pm

Ok. Let's remove it as myself and a colleague of mine are quite certain it's malicious.

Re-running ComboFix to remove infections:



  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the Code box below into it:

Code:

File::
c:\windows\Qkutubetoguma.bin

  • Save this as CFScript.txt, in the same location as ComboFix.exe





  • Referring to the picture above, drag CFScript into ComboFix.exe
    When finished, it shall produce a log for you at C:\ComboFix.txt
    Please post the contents of the log in your next reply.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: AV Security Suite and other issues

Post by smleahy88 on Fri 02 Jul 2010, 1:42 pm

ComboFix 10-06-30.03 - Sean Leahy 07/01/2010 22:29:43.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1544 [GMT -4:00]
Running from: c:\documents and settings\Sean Leahy\Desktop\commy.exe
Command switches used :: c:\documents and settings\Sean Leahy\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))
.

2010-07-01 05:12 . 2010-07-02 02:04 -------- d-----w- c:\program files\World of Warcraft
2010-07-01 05:06 . 2010-07-01 05:06 -------- d-----w- C:\_OTL
2010-07-01 05:02 . 2010-07-01 05:02 -------- d-----w- c:\program files\World of Warcraft.temp
2010-07-01 00:48 . 2010-07-01 00:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-01 00:26 . 2010-07-01 00:26 -------- d-----w- c:\program files\Defraggler
2010-06-30 22:46 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-30 22:46 . 2010-06-30 22:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-30 22:46 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-30 22:34 . 2010-06-30 22:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-30 22:34 . 2010-06-30 22:34 -------- d-----w- c:\windows\.file_store_32
2010-06-30 22:33 . 2010-06-30 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-30 22:33 . 2010-06-30 22:33 -------- d-----w- c:\program files\Google Video
2010-06-26 02:23 . 2010-06-30 22:31 188584 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-17 04:28 . 2010-06-26 02:10 120 ----a-w- c:\windows\Ulelace.dat
2010-06-17 04:28 . 2010-06-26 02:10 0 ----a-w- c:\windows\Qkutubetoguma.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 01:44 . 2006-09-05 15:14 16896 ----a-w- c:\windows\system32\Rpcnetp.exe
2010-07-02 01:44 . 2006-09-03 04:21 57752 ----a-w- c:\windows\system32\Rpcnet.dll
2010-07-02 01:43 . 2009-02-16 00:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-01 05:09 . 2006-08-30 19:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-01 05:04 . 2006-08-26 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-07-01 02:49 . 2010-02-01 04:33 -------- d-----w- c:\program files\Heroes of Newerth
2010-07-01 00:38 . 2006-08-26 12:19 -------- d-----w- c:\program files\Google
2010-07-01 00:25 . 2009-08-03 20:09 -------- d-----w- c:\program files\CCleaner
2010-06-30 05:41 . 2006-10-27 20:37 -------- d-----w- c:\program files\Warcraft III
2010-06-23 03:03 . 2009-08-20 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-06-22 01:18 . 2008-09-14 09:16 -------- d-----w- c:\documents and settings\Sean Leahy\Application Data\Skype
2010-06-22 00:46 . 2008-09-14 09:20 -------- d-----w- c:\documents and settings\Sean Leahy\Application Data\skypePM
2010-06-19 23:27 . 2006-10-26 01:05 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-19 23:27 . 2006-10-26 01:05 88 -csh--r- c:\windows\system32\195609FFE0.sys
2010-06-19 03:54 . 2006-10-27 20:42 91488 -c--a-w- c:\windows\War3Unin.dat
2010-06-18 04:38 . 2006-11-04 06:56 -------- d-----w- c:\documents and settings\Sean Leahy\Application Data\uTorrent
2010-06-11 22:04 . 2010-02-22 01:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-21 18:14 . 2010-01-23 06:35 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 22:17 . 2006-12-05 20:22 23954 ----a-w- c:\documents and settings\Sean Leahy\Application Data\wklnhst.dat
2010-05-04 17:20 . 2005-08-16 09:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2005-08-16 09:18 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2005-08-16 09:18 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2005-08-16 09:18 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 00:40 . 2005-08-16 09:18 57752 ------w- c:\windows\system32\rpcnet.exe
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-02 01:43 . 2010-07-02 01:43 16384 c:\windows\Temp\Perflib_Perfdata_4d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\Sean Leahy\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-2 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-26 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sean Leahy^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\documents and settings\Sean Leahy\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sean Leahy^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\Sean Leahy\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sean Leahy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Sean Leahy\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sean Leahy^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Sean Leahy\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2006-09-21 21:36 43520 ----a-w- c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
2004-04-01 13:51 1589248 -c--a-w- c:\dell\DellHelp\DellHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
2010-02-02 03:23 160752 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 16:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-03-06 20:19 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-08-12 21:13 21741864 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-24 02:43 1217872 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-04 17:32 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2006-02-16 14:20 1118208 -c----w- c:\program files\Creative\VoiceCenter\AndreaVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\firehousehoss23@yahoo.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Sean Leahy\\Local Settings\\Apps\\2.0\\HKN2TL5K.KMN\\HX6HWK9N.6KA\\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\\CurseClient.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:blizz
"6112:TCP"= 6112:TCP:blizz
"6881:TCP"= 6881:TCP:blizz
"6999:TCP"= 6999:TCP:blizz
"11804:TCP"= 11804:TCP:torrent
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/31/2009 3:47 AM 207792]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/23/2010 3:22 AM 112592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [8/2/2005 5:10 PM 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/15/2009 8:58 PM 359624]
S3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.sys --> c:\windows\system32\drivers\skfilt.sys [?]
S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder

2010-06-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]

2010-07-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-15 03:23]

2010-07-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AIM Search
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Sean Leahy\Application Data\Mozilla\Firefox\Profiles\jiyiout7.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Sean Leahy\Application Data\Mozilla\Firefox\Profiles\jiyiout7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(740)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-01 22:37:12
ComboFix-quarantined-files.txt 2010-07-02 02:37
ComboFix2.txt 2010-07-01 06:04
ComboFix3.txt 2010-07-01 05:39

Pre-Run: 4,184,166,400 bytes free
Post-Run: 4,168,400,896 bytes free

- - End Of File - - 1A4CC87C37CABF98578842D9C48C4F55

smleahy88

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2010-07-01
Operating System : XP Home

View user profile

Back to top Go down

Re: AV Security Suite and other issues

Post by Crush on Fri 02 Jul 2010, 1:46 pm

hi again,

How are things running now? An update would be appreciated

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: AV Security Suite and other issues

Post by smleahy88 on Fri 02 Jul 2010, 1:49 pm

Things seem to be running great I have not had an issue since last night. I have not run any virus scans today to look for anything but I can if you want. No hijacking no JIT debugger popups nothing.

smleahy88

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2010-07-01
Operating System : XP Home

View user profile

Back to top Go down

Re: AV Security Suite and other issues

Post by Crush on Fri 02 Jul 2010, 1:51 pm

Ok. Let's just make sure everything is gone:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


EDIT: 1,000 posts

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: AV Security Suite and other issues

Post by smleahy88 on Fri 02 Jul 2010, 2:12 pm

i cant open internet explorer it says error and wants me to send an error report

smleahy88

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2010-07-01
Operating System : XP Home

View user profile

Back to top Go down

Re: AV Security Suite and other issues

Post by Crush on Fri 02 Jul 2010, 2:13 pm

Ok try this one:

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • Crush

    Tech Officer
    Tech Officer

    Posts : 3889
    Joined : 2010-01-28

    View user profile

    Back to top Go down

    Re: AV Security Suite and other issues

    Post by smleahy88 on Fri 02 Jul 2010, 3:36 pm

    running the kaspersky scan. going to bed ill leave it on and post before wrok in the morning cause it seems to be taking a while. comp is running great ill post in the morning.

    smleahy88

    Newbie Surfer
    Newbie Surfer

    Posts : 21
    Joined : 2010-07-01
    Operating System : XP Home

    View user profile

    Back to top Go down

    Re: AV Security Suite and other issues

    Post by Crush on Fri 02 Jul 2010, 3:38 pm

    Ok. Kaspersky usually takes quite a while so it might not be done when you get up in the morning. I look forward to seeing the log

    Crush

    Tech Officer
    Tech Officer

    Posts : 3889
    Joined : 2010-01-28

    View user profile

    Back to top Go down

    Re: AV Security Suite and other issues

    Post by smleahy88 on Fri 02 Jul 2010, 11:41 pm

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Friday, July 2, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, July 02, 2010 00:04:19
    Records in database: 4259650
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\

    Scan statistics:
    Objects scanned: 95255
    Threats found: 4
    Infected objects found: 5
    Suspicious objects found: 0
    Scan duration: 02:51:34


    File name / Threat / Threats count
    C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP879\A0327717.exe Infected: Trojan.Win32.FraudPack.aygx 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP887\A0331154.DLL Infected: Trojan-Spy.Win32.Brospa.aa 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP889\A0331467.sys Infected: Rootkit.Win32.TDSS.ap 1

    Selected area has been scanned.


    headed to work

    smleahy88

    Newbie Surfer
    Newbie Surfer

    Posts : 21
    Joined : 2010-07-01
    Operating System : XP Home

    View user profile

    Back to top Go down

    Re: AV Security Suite and other issues

    Post by Crush on Fri 02 Jul 2010, 11:57 pm

    All that looks fine. The infections will be removed when we do cleanup. How are things running now?

    Crush

    Tech Officer
    Tech Officer

    Posts : 3889
    Joined : 2010-01-28

    View user profile

    Back to top Go down

    Re: AV Security Suite and other issues

    Post by smleahy88 on Sat 03 Jul 2010, 10:25 am

    things are running great still. Just got home from work. whats next

    smleahy88

    Newbie Surfer
    Newbie Surfer

    Posts : 21
    Joined : 2010-07-01
    Operating System : XP Home

    View user profile

    Back to top Go down

    Re: AV Security Suite and other issues

    Post by Crush on Sat 03 Jul 2010, 1:27 pm

    If there are no more issues:

    Congratulations!! Your PC is all clean!

    To uninstall ComboFix

    • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
    • In the field, type in ComboFix /u



    (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

    • Then, press Enter, or click OK.
    • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.


    There are many things you can do to keep this from happening again. You can think of a computer like a car. It requires basic maintenance to keep in tip top shape and ready to go. Would you drive your car 100,000 miles without changing the oil? The same principle applies here.

    Cleaning

    Now that your PC is free of malware, it is important to clean up your PC. There are several good free cleaners available. You should make sure to clean up your temp files regularly, at least once a week.

    ATF Cleaner
    CCleaner

    Defragmenting Your Hard Disk

    Over time your PC can become fragmented, Windows comes with a defragmenting utility, however, it is very slow, and there are other options available.

    To use the defragmenter included with Windows either go to Start/Run and type dfrg.msc, hit enter; or
    right-click My Computer, choose Manage, Storage, Disk Defragmenter.

    In the Defragmenter utility, select your main partition/HD, generally C:\ and select analyze . The analysis report will tell you whether or not your disk needs to be defragmented, if it does, click defragment. Be patient, this can take a long time.

    Repeat for multiple partitions/hard disks.

    System Restore Cleanup Instructions

    If you are using Windows ME or XP then it is good to disable and re-enable system restore to make sure there are no infected files left in a restore point. (All restore points will be deleted that way)
    You can find instructions on how to disable and re-enable system restore here:

    Windows ME System Restore Guide

    Windows XP System Restore Guide

    Reading Tip:
    Computer Health
    Keep Your System Updated

    Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

    Install the updates immediately, if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

    To update Windows and office

    Go to Start > All Programs > Microsoft Update

    Alternatively, you can visit the link below to update Windows and Office products.

    Microsoft Update

    If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

    1. Go to Start > Control Panel > Automatic Updates
    2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
    3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

    Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

    Be careful when opening attachments and downloading files.

    1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
    2. Never open emails from unknown senders.
    3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These are called hoaxes. The email addresses used in the hoaxes can be easily spoofed. Check the antivirus vendor websites to be sure.
    4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

    Surf safely

    Many security exploits on websites are directed to users of Internet Explorer and Firefox.

    If you use Firefox, try the No-script Add On - which, by default, disables all scripts on all websites. If you trust the website, you can manually allow scripts to work.

    Backup regularly

    You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft Article to learn how to backup. Follow This Article by Microsoft to restore your backups.

    Alternatively, you can use 3rd-party programs to back up your data. Examples of these can be found at
    Bleeping Computer

    Avoid P2P

    I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    Prevent A Re-infection

    1. Winpatrol

    Winpatrol is a heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features Here

    You can get a Free Copy of Winpatrol or use the Plus Version for more features.

    You can read Win Patrol FAQ if you run into problems.

    2. Hosts File

    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:
    MVPS Hosts File
    Blue Tack’s Hosts File
    Blue Tack’s Hosts Manager

    3. Spybot Search and Destroy

    Spybot Search & Destroy is another program for scanning spyware and adware. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from here.

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

    4. SiteHound Toolbar

    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spyware or other questionable content. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

    ====

    Stand Up and Be Counted ---> Malware Complaints<--- where you can make difference!

    The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
    ============================================================
    See [You must be registered and logged in to see this link.] for more info about malware and prevention.
    Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site.
    Before the thread is archived, do you have any more questions?

    Happy surfing and stay clean!

    Crush

    Tech Officer
    Tech Officer

    Posts : 3889
    Joined : 2010-01-28

    View user profile

    Back to top Go down

    Re: AV Security Suite and other issues

    Post by Sponsored content Today at 11:15 pm


    Sponsored content


    Back to top Go down

    Page 2 of 2 Previous  1, 2

    View previous topic View next topic Back to top


     
    Permissions in this forum:
    You cannot reply to topics in this forum