[1peter]

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\au not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3157615755-1486774832-3457830323-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\CruX\CruX.exe not found.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
File C:\Program Files\BoontyGames not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Dan\Local Settings\Temp\msn3764.fdr scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.16 fix logfile created on 06252008_170749

Files moved on Reboot...
C:\Documents and Settings\Dan\Local Settings\Temp\msn3764.fdr moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_001_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_002_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_003_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot.

[Advertisements]

How is your system running now ?

[Essexboy]

How is your system running now ?

[1peter]

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\au not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3157615755-1486774832-3457830323-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\CruX\CruX.exe not found.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
File C:\Program Files\BoontyGames not found!
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.16 fix logfile created on 06262008_211858

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xw7rhzj2.default\Cache\_CACHE_MAP_ moved successfully.

[1peter]

Still get the mcaffee notice. And it runs slow. I have defraged again, opened up 22% cpu memory. Ran stopzilla, etc.

I appreciate all you have done.

[Essexboy]

OK try this

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

THEN TUNE UP

Download, install and run Tuneup Utilities 2008

Select Free up disk space

Select Unneccesary files and backups then clean

Select Maintain Windows

Run Drive Defrag

Run Tune Up registry clean up

Then run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Select Increase performance

Run the internet Optimiser to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click Increase performance then system optimizer to run system advisor


What is the actual report from McAfee ?

[1peter]

Site blocker said the tune up utilities is a malicious web site and blocked it.

[Essexboy]

Wierd

Does mcafee give a location for the alert ?

Lets go for a second opinion

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.

[1peter]

Here is the Dr web scan

Attached Files

•  mcafee_notice.doc   146.5KB   11 downloads

[1peter]

SMI29.tmp;C:\WINDOWS\temp;Tool.Prockill;Incurable.Moved.;
SMI2A.tmp;C:\WINDOWS\temp;Tool.Prockill;Incurable.Moved.;
SMI35.tmp;C:\WINDOWS\temp;Tool.Prockill;Incurable.Moved.;
SMI36.tmp;C:\WINDOWS\temp;Tool.Prockill;Incurable.Moved.;
SMI37.tmp;C:\WINDOWS\temp;Tool.Prockill;Incurable.Moved.;
SMI38.tmp;C:\WINDOWS\temp;Tool.Prockill;Incurable.Moved.;

[Essexboy]

Tool.Prockill is used by anti-malware programmes to terminates processes and it is also used by malware. So it can be used for good or bad

Have you run a scan with McAfee and did it find anything ?

[1peter]

McAfee comes up empty.

[Essexboy]

Hi this is what I have found out about the alert

ActiveShield is the component of the McAfee Internet Security Suite antivirus which monitors incoming and outgoing traffic in real time to proactively detect and block threats.

Which sounds similar to Webshield that I use on Avast. If it is the same then it is telling you that it blocked something from the web site you were visiting

Or does it appear as soon as you boot your computer

[1peter]

It would appear that it comes on after a reboot, or while a program is trying to scan viruses. But, we have not seen it in a couple of days now.

[Essexboy]

What I will do is give the cleanup spiel, yet I will leave this thread open for a few days just in case

Now the best part of the day ----- Your log now appears clean

Double click OTMoveIt2 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt2 wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done


Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.