Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Nightmare [RESOLVED]

Started by I_Need_a_Geek , Jul 26 2008 03:20 AM

  • This topic is locked This topic is locked

#1
I_Need_a_Geek
Posted 26 July 2008 - 03:20 AM

I_Need_a_Geek

    Member

  • Member
  • PipPip
  • 27 posts
Forgive me if I'm asking questions incorrectly or asking the wrong questions here altogether, but it has come to my attention that the Smitfraud problem I'm having is rooted in my RAM?!?!?! How in the world do you protect/scan RAM? I have a pretty good (I think) virus scanner (Symantec AntiVirus Corporate Edition), but I've never heard of any virus scans or anti-spyware programs that scan the RAM of a computer...

Additionally, if anyone can tell me, is there anything I should know before going ahead with things like Smitfraud-Fix and the one that removes Vundo? I looked over some of the stuff and I think it's safe enough for me to go ahead following the directions posted in the forums, but I am a newbie when it comes to this techie stuff; anything I wouldn't be anticipating? Any common problems that arise? I know a couple of people posted things that happened, but it seems as though they didn't quite follow the directions to a T as I plan to. (Currently I am infected by Virtumonde [Vundo, as I understand it], Smitfraud and Smitfraud-C and a few-thousand variants, as well as Zlob and possibly WinFixer or something like that and possibly a couple of variations on that name as well; I have heard that viruses of the nature of these will cause problems that compound quickly, but I seem to have had these for a number of months and have yet to experience the "Blue Screen of Death," so what gives? Also, why did none of these problems go away when I reformatted my computer?)

I guess the bottom line for me is that I don't know anything about how to protect my computer from malware/spyware/adware/any-kind-of-ware/viruses/trojans/worms, etc. Can anybody give me any tips or refer me to a good antivirus, maybe something better than what I've got (Symantec Corp. Edition)? And can anyone tell me if Spybot Search & Destroy is truly reliable? What about Windows Defender? Which is right? Which is wrong? Who's good? Who's bad?

I know I've just asked an awful lot of questions. If you can answer even just one, please do. And, yes, I'm a complete computer idiot--if you couldn't tell reading my questions, I'm telling you now...computers just aren't my thing. If you can help it, when you answer my questions, please try to put them in Layman's terms.

Now, more questions:

This stuff scares me . I have no real intimate knowledge of MS Windows or computers, and I'm not even sure this site is safe. What assurances do I get that downloading from this site won't hurt me?

What in the world is a HiJackThis Log?

I have a LONG list of (what I think are) malware files. I scratched them down on paper as I ran SpyBot and saw the filenames appear. About half of the 270,000 files on my computer are "Virtumonde" with several different file extensions.

One more issue. As I watched file names appear and replace each other, I could have sworn several were adware/malware/spyware (???) for porn sites or something. I don't go to those. How'd that get there?

By the way, I've reformatted this computer already. It was my novice attempt at getting rid of Zlob, Virtumonde, and Smitfraud. I didn't have nearly this many problems before reformatting. Is this a factor? What does this mean?

Here's the list of many files that seem like they don't belong (I didn't catch every name as SpyBot ran. I debated using a camcorder; is there some other way?). Enjoy this little cocktail:

  • MessengerSkinner
  • Movieland
  • Nurech
  • Premiumsearch
  • PSGuard.msmsgs
  • Virtumonde
  • Smitfraud
  • Zlob
  • SpywareScraper
  • Stration
  • Treloscript
  • Win32.conhook
  • Winsoftware
  • Xpreload
  • IRC ZapChast
  • Hupigon
  • FakeBill
  • FlashExploit
  • Zango
  • Regclean
  • RegistryClear
  • SpywareBOT
  • AlertSpy
  • AdwareSheriff
  • CasinoRoyale
  • DriveCleaner2006
  • Hotbar
  • EverestPoker
  • Astakiller
  • BraveSentry
  • Fakealert
  • Swizzor
  • NCast
  • hack a'tack
  • Zango
  • DialerXX
  • DirectDialer
  • Hacker.
  • MainPean
  • TangoDialer
  • TeenXXX
  • WebDialer
  • Casino
  • Vario.Antivirus
  • AdGoblin
  • BlazeFind
  • EvidenceEraser
  • CoolWWWSearch
  • Sharedocs
  • TNS-Search
  • PerfectKeylogger
  • SCKeylogger
  • SpywareThis
  • FakeSecurityCenter
  • SpySheriff
  • SmartPCKeylogger
  • ABetterInternet
  • Starware
  • AV-Gold
  • ConOptBHO
  • DeepDive
  • DigitalNames
  • DyFuCA
  • Errorsafe
  • FraudAntivirus
  • Isearchtech
  • spyarsenal.keylogger
  • Killsoft
  • MalwareBum
  • Mirar
  • spyheal
  • Fake.spywareremover
  • adbreak
  • alexa
  • bonzibuddy
  • cydoor

That's probably most of 'em. But not all. I couldn't catch every name. I hope this has been detailed enough for someone to help me. God knows it's been long enough.

What good would running a Dell SystemRestore do? None? Any?

Please let me know if any of these are familiar to you and what to do.

Thanks in advance. (Please don't make me feel any dumber than I already do. Don't call me stupid--I'll take care of that myself.)

Edited by I_Need_a_Geek, 26 July 2008 - 03:26 AM.

  • 0

Advertisements

#2
Mike
Posted 26 July 2008 - 03:37 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there I_Need_A_Geek! Welcome to geekstogo :)

I have no real intimate knowledge of MS Windows or computers, and I'm not even sure this site is safe. What assurances do I get that downloading from this site won't hurt me?


To tell you the truth you can't know, but you will have to trust me if you wish to work with me on this problem.

Now to be a bit more reassuring, the instructions I'm giving you will be simple and if you ever have any questions just stop and ask, don't let this give you extra stress - I'll be doing all the hardwork for you :).

Let's see what's running on your system.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a separate reply.
  • 0

#3
I_Need_a_Geek
Posted 26 July 2008 - 04:52 AM

I_Need_a_Geek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
main.txt

Deckard's System Scanner v20071014.68
Run by Admin on 2008-07-26 06:41:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
39: 2008-07-26 10:41:51 UTC - RP39 - Deckard's System Scanner Restore Point
38: 2008-07-26 07:00:25 UTC - RP38 - Software Distribution Service 3.0
37: 2008-07-25 16:44:41 UTC - RP37 - Software Distribution Service 3.0
36: 2008-07-24 21:33:28 UTC - RP36 - Software Distribution Service 3.0
35: 2008-07-24 03:24:24 UTC - RP35 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-07-06 05:25:55 UTC - RP1 - Installed Digital Media Feature Pack for Windows Media Center 2005


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-26 06:43:10
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\MSGSYS.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Admin\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


--
End of file - 6703 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-24 17:33:41 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-06-26 and 2008-07-26 -----------------------------

2008-07-26 02:32:38 0 d-------- C:\spoolerlogs
2008-07-17 17:45:47 2104 --a------ C:\logfile
2008-07-17 17:40:34 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-17 17:39:48 0 d-------- C:\Program Files\Common Files\Kodak
2008-07-17 17:37:01 0 d-------- C:\Program Files\Kodak
2008-07-17 17:34:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-07-17 17:21:57 0 d-------- C:\WINDOWS\system32\kodak
2008-07-14 19:35:57 45056 --a------ C:\WINDOWS\NCUNINST.EXE <Not Verified; Northern Codeworks; Uninstall>
2008-07-14 19:33:49 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-07-08 17:02:31 0 d-------- C:\Program Files\AIM6
2008-07-08 16:53:30 0 d-------- C:\Documents and Settings\Admin\Application Data\Macromedia
2008-07-07 19:36:49 0 d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
2008-07-06 14:19:31 0 d-------- C:\Documents and Settings\Admin\Application Data\CyberLink
2008-07-06 05:25:10 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-07-06 05:22:49 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-06 04:22:14 0 d-------- C:\Program Files\Windows Defender
2008-07-06 04:19:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-06 03:36:00 0 d-------- C:\WINDOWS\network diagnostic
2008-07-06 03:34:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-06 03:15:28 0 d-------- C:\Program Files\MSXML 4.0
2008-07-06 03:11:15 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-06 03:08:57 0 d-------- C:\Program Files\Microsoft.NET
2008-07-06 03:07:41 0 dr-h----- C:\MSOCache
2008-07-06 02:56:57 0 d-------- C:\WINDOWS\ShellNew
2008-07-06 02:56:31 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-07-06 02:56:16 0 d-------- C:\Program Files\Common Files\Corel
2008-07-06 02:56:15 0 d-------- C:\Program Files\WordPerfect Office 12
2008-07-06 02:30:30 0 d-------- C:\Documents and Settings\Kevin\Application Data\Identities
2008-07-06 02:30:10 0 d-------- C:\Documents and Settings\Kevin\Application Data\Intel
2008-07-06 02:29:59 0 dr------- C:\Documents and Settings\Kevin\Favorites
2008-07-06 02:29:59 0 d-------- C:\Documents and Settings\Kevin\Desktop
2008-07-06 02:29:59 0 d---s---- C:\Documents and Settings\Kevin\Cookies
2008-07-06 02:29:59 0 dr-h----- C:\Documents and Settings\Kevin\Application Data
2008-07-06 02:29:59 0 d---s---- C:\Documents and Settings\Kevin\Application Data\Microsoft
2008-07-06 02:29:58 0 d--h----- C:\Documents and Settings\Kevin\Templates
2008-07-06 02:29:58 0 dr------- C:\Documents and Settings\Kevin\Start Menu
2008-07-06 02:29:58 0 dr-h----- C:\Documents and Settings\Kevin\SendTo
2008-07-06 02:29:58 0 dr-h----- C:\Documents and Settings\Kevin\Recent
2008-07-06 02:29:58 0 d--h----- C:\Documents and Settings\Kevin\PrintHood
2008-07-06 02:29:58 2097152 --ah----- C:\Documents and Settings\Kevin\NTUSER.DAT
2008-07-06 02:29:58 0 d--h----- C:\Documents and Settings\Kevin\NetHood
2008-07-06 02:29:58 0 dr------- C:\Documents and Settings\Kevin\My Documents
2008-07-06 02:29:58 0 d--h----- C:\Documents and Settings\Kevin\Local Settings
2008-07-06 02:25:42 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-06 02:25:37 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-06 02:15:49 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-06 02:12:57 4032 --a------ C:\WINDOWS\system32\SYMEVNT1.DLL <Not Verified; Symantec Corporation; SYMEVENT>
2008-07-06 02:12:57 36864 --a------ C:\WINDOWS\system32\S32EVNT1.DLL <Not Verified; Symantec Corporation; SYMEVENT>
2008-07-06 02:12:57 57696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS <Not Verified; Symantec Corporation; SYMEVENT>
2008-07-06 02:12:48 0 d-------- C:\WINDOWS\system32\CBA
2008-07-06 02:12:46 0 d-------- C:\Program Files\Symantec
2008-07-06 02:12:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-06 02:12:38 0 d-------- C:\Program Files\NavNT
2008-07-06 02:12:38 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-06 02:07:17 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-06 02:06:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-07-06 02:06:21 0 d-------- C:\Program Files\Common Files\TiVo Shared
2008-07-06 02:06:19 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-07-06 02:04:52 0 d-------- C:\WINDOWS\system32\DLA
2008-07-06 02:03:54 0 d-------- C:\Program Files\Roxio
2008-07-06 02:03:52 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-07-06 02:00:59 0 d-------- C:\Program Files\CyberLink
2008-07-06 01:58:39 0 d-------- C:\Program Files\Common Files\Dell
2008-07-06 01:58:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-07-06 01:56:29 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-06 01:56:13 0 d-------- C:\Program Files\Dell
2008-07-06 01:54:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-06 01:52:03 0 d-------- C:\Documents and Settings\Admin\Application Data\Intel
2008-07-06 01:51:41 17056 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
2008-07-06 01:51:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-07-06 01:50:22 1654784 --a------ C:\WINDOWS\system32\W29MLRES.DLL <Not Verified; Intel Corporation; Intel® PRO/Wireless 2915ABG Network Connection>
2008-07-06 01:49:13 0 d-------- C:\Program Files\Broadcom
2008-07-06 01:49:04 0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-06 01:48:22 0 d-------- C:\Program Files\CONEXANT
2008-07-06 01:47:02 0 d-------- C:\Program Files\Intel
2008-07-06 01:46:11 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-07-06 01:44:10 0 d-------- C:\Program Files\SigmaTel
2008-07-06 01:42:34 0 d-------- C:\Program Files\ATI Technologies
2008-07-06 01:37:39 176128 --a------ C:\WINDOWS\system32\RcdScan.dll <Not Verified; Dell Computer Corporation; RcdScan Module>
2008-07-06 01:37:39 446464 -ra------ C:\WINDOWS\system32\hhactivex.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP HTML 2000>
2008-07-06 01:37:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-06 01:37:35 13632 -----n--- C:\WINDOWS\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
2008-07-06 01:37:29 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-06 01:31:58 0 d-------- C:\Documents and Settings\Admin\Application Data\Identities
2008-07-06 01:29:20 0 d-------- C:\WINDOWS\system32\URTTemp
2008-07-06 01:28:48 0 d-------- C:\Program Files\RGB
2008-07-06 01:26:09 0 d-------- C:\Documents and Settings\All Users\Application Data\DIGStream
2008-07-06 01:26:08 0 d-------- C:\Program Files\DIGStream
2008-07-06 01:26:06 0 d-------- C:\Program Files\ESPNMotion
2008-07-06 01:26:02 0 d-------- C:\Program Files\GemMaster
2008-07-06 01:25:58 0 d-------- C:\Program Files\EnglishOtto
2008-07-06 01:20:31 0 d--h----- C:\Documents and Settings\Admin\Templates
2008-07-06 01:20:31 0 dr------- C:\Documents and Settings\Admin\Start Menu
2008-07-06 01:20:31 0 dr-h----- C:\Documents and Settings\Admin\SendTo
2008-07-06 01:20:31 0 dr-h----- C:\Documents and Settings\Admin\Recent
2008-07-06 01:20:31 0 d--h----- C:\Documents and Settings\Admin\PrintHood
2008-07-06 01:20:31 2883584 --ah----- C:\Documents and Settings\Admin\NTUSER.DAT
2008-07-06 01:20:31 0 d--h----- C:\Documents and Settings\Admin\NetHood
2008-07-06 01:20:31 0 dr------- C:\Documents and Settings\Admin\My Documents
2008-07-06 01:20:31 0 d--h----- C:\Documents and Settings\Admin\Local Settings
2008-07-06 01:20:31 0 dr------- C:\Documents and Settings\Admin\Favorites
2008-07-06 01:20:31 0 d-------- C:\Documents and Settings\Admin\Desktop
2008-07-06 01:20:31 0 d--hs---- C:\Documents and Settings\Admin\Cookies
2008-07-06 01:20:31 0 dr-h----- C:\Documents and Settings\Admin\Application Data
2008-07-06 01:16:39 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-06 01:16:36 0 d-------- C:\WINDOWS\Prefetch
2008-07-06 01:16:35 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-06 01:16:33 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-06 01:16:33 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-06 01:16:33 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-07-06 01:16:33 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-06 01:16:33 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-06 01:15:58 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-06 01:15:58 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-07-06 01:15:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-06 01:15:58 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-06 01:15:57 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-06 01:11:25 0 d-------- C:\WINDOWS\system32\xircom
2008-07-06 01:11:24 0 d-------- C:\Program Files\microsoft frontpage
2008-07-06 01:10:46 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-06 01:10:46 0 d-------- C:\DELL
2008-07-06 01:10:33 0 -rahs---- C:\MSDOS.SYS
2008-07-06 01:10:33 0 -rahs---- C:\IO.SYS
2008-07-06 01:10:33 0 --a------ C:\CONFIG.SYS
2008-07-06 01:10:33 0 --a------ C:\AUTOEXEC.BAT
2008-07-06 01:08:50 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-06 01:08:38 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-06 01:08:38 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-06 01:08:24 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-06 01:07:59 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-06 01:07:21 0 d---s---- C:\WINDOWS\Tasks
2008-07-06 01:07:20 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-06 01:07:16 0 d-------- C:\WINDOWS\srchasst
2008-07-06 01:07:14 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-06 01:06:55 0 d-------- C:\WINDOWS\system32\Restore
2008-07-06 01:05:25 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-06 01:04:57 0 d-------- C:\WINDOWS\Registration
2008-07-06 01:04:47 0 d-------- C:\Program Files\Online Services
2008-07-06 01:04:01 0 d-------- C:\Program Files\Windows Plus
2008-07-06 01:03:43 0 d-------- C:\Program Files\Movie Maker
2008-07-06 01:02:27 0 d-------- C:\Program Files\Messenger
2008-07-06 01:02:23 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-06 01:01:38 0 d-------- C:\Program Files\Windows NT
2008-07-06 01:01:34 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-06 01:01:32 0 d-------- C:\WINDOWS\system32\Com
2008-07-05 20:50:34 0 d--hs---- C:\WINDOWS\Installer
2008-07-05 20:50:33 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-05 20:50:30 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-05 20:50:29 0 dr------- C:\Program Files
2008-07-05 20:50:29 0 d-------- C:\Program Files\Common Files
2008-07-05 20:49:58 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-05 20:49:58 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-05 20:49:58 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-05 20:49:58 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-05 20:49:58 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-05 20:49:58 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-05 20:49:58 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-05 20:49:58 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-05 20:49:58 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-05 20:49:58 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-05 20:49:58 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-05 20:49:58 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-05 20:49:58 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-05 20:49:58 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-05 20:49:58 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-05 20:49:58 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-05 20:49:41 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-05 20:49:41 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-05 20:49:36 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-05 20:49:36 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-05 20:49:35 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-05 20:49:35 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-05 20:49:05 0 d-------- C:\Documents and Settings
2008-07-05 20:49:04 0 d--hs---- C:\System Volume Information
2008-07-05 20:40:10 0 d-------- C:\WINDOWS
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\WinSxS
2008-07-05 20:40:10 0 dr------- C:\WINDOWS\Web
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\twain_32
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\wins
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\wbem
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\usmt
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\spool
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\Setup
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\ras
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\oobe
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\npp
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\mui
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\IME
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\ias
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\export
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\drivers
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-05 20:40:10 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\config
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\3076
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\2052
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\1054
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\1042
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\1041
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\1037
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\1033
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\1031
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\1028
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system32\1025
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\system
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\security
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\Resources
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\repair
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\Provisioning
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\PeerNet
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\pchealth
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\mui
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\msapps
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\msagent
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\Media
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\java
2008-07-05 20:40:10 0 d--h----- C:\WINDOWS\inf
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\ime
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\Help
2008-07-05 20:40:10 0 dr--s---- C:\WINDOWS\Fonts
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\ehome
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\Driver Cache
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\dell
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\Debug
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\Cursors
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\Config
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\AppPatch
2008-07-05 20:40:10 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-07-05 20:49:58 62 --ahs---- C:\Documents and Settings\Admin\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 04:04 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/03/2004 09:00 PM]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 02:59 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 08:15 PM]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [10/07/2003 04:21 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 04:19 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [11/07/2005 05:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"vptray"="C:\Program Files\NavNT\vptray.exe" [09/24/2001 07:59 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [6/21/2007 10:56:14 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 04:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8910 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-26 06:44:36 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.73GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 1023.4 MiB / 430.43 MiB
Pagefile Memory (total/avail): 2460.28 MiB / 1985.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.8 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 65.37 GiB free.
D: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2080AH - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Admin\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Admin
LOGONSERVER=\\DELL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
USERDOMAIN=DELL
USERNAME=Admin
USERPROFILE=C:\Documents and Settings\Admin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Admin (admin)
Kevin (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Broadcom 440x 10/100 Integrated Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
fflink --> MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_ad84d27\Setup.exe /APR-REMOVE
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Norton AntiVirus Corporate Edition --> MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}


-- Application Event Log -------------------------------------------------------

Event Record #/Type652 / Warning
Event Submitted/Written: 07/26/2008 05:27:02 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\WINDOW~1.LOG [00000003]

Event Record #/Type651 / Warning
Event Submitted/Written: 07/26/2008 05:27:02 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\wiaservc.log [00000003]

Event Record #/Type650 / Warning
Event Submitted/Written: 07/26/2008 05:27:02 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\wiadebug.log [00000003]

Event Record #/Type649 / Warning
Event Submitted/Written: 07/26/2008 05:26:41 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP [00000003]

Event Record #/Type648 / Warning
Event Submitted/Written: 07/26/2008 05:26:41 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\system32\wbem\Repository\FS\OBJECT~1.DAT [00000003]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1658 / Warning
Event Submitted/Written: 07/26/2008 06:43:36 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL27 can't undo changes that you allow.

For more information please see the following:
%DELL275

Scan ID: {419031C5-15D4-4D9A-9A92-5E348C8E88D7}

User: DELL\Admin

Name: %DELL271

ID: %DELL272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL276

Alert Type: %DELL278

Detection Type: 1.1.1593.02

Event Record #/Type1657 / Warning
Event Submitted/Written: 07/26/2008 06:43:36 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL27 can't undo changes that you allow.

For more information please see the following:
%DELL275

Scan ID: {7156F732-909C-4DDE-B6B8-1EB90B46BD7A}

User: DELL\Admin

Name: %DELL271

ID: %DELL272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL276

Alert Type: %DELL278

Detection Type: 1.1.1593.02

Event Record #/Type1656 / Warning
Event Submitted/Written: 07/26/2008 06:43:36 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL27 can't undo changes that you allow.

For more information please see the following:
%DELL275

Scan ID: {407C8B4D-BA05-4767-8D6A-B549D5E64664}

User: DELL\Admin

Name: %DELL271

ID: %DELL272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL276

Alert Type: %DELL278

Detection Type: 1.1.1593.02

Event Record #/Type1655 / Warning
Event Submitted/Written: 07/26/2008 06:43:33 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL27 can't undo changes that you allow.

For more information please see the following:
%DELL275

Scan ID: {FDCF35E3-1D70-4432-A443-6E1D13175E7D}

User: DELL\Admin

Name: %DELL271

ID: %DELL272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL276

Alert Type: %DELL278

Detection Type: 1.1.1593.02

Event Record #/Type1654 / Warning
Event Submitted/Written: 07/26/2008 06:43:33 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL27 can't undo changes that you allow.

For more information please see the following:
%DELL275

Scan ID: {BE1FE452-B869-4997-B092-14E2B7ACE9ED}

User: DELL\Admin

Name: %DELL271

ID: %DELL272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL276

Alert Type: %DELL278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-07-26 06:44:36 ------------
  • 0

#4
Mike
Posted 26 July 2008 - 06:37 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

I don't see anything there - what problems are you still experiencing?


Download the latest version of Java Runtime Environment (JRE) 6 Update 7. Once done, uninstall any older versions of Java through add or remove programs.

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Edited by Mike, 26 July 2008 - 06:38 AM.

  • 0

#5
I_Need_a_Geek
Posted 26 July 2008 - 06:59 AM

I_Need_a_Geek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Part of what I'm experiencing is that my computer runs slow on the internet.

It was slow as molasses, which I determined to be caused by four things: Zlob, Virtumonde, Smitfraud, and a smitfraud variant.

I reformatted. I thought that would fix this.

Didn't seem to do any good. Although I reformatted only about 3, 4 weeks ago, the computer's starting to slow down online again.

I understand that some of these can be viruses multiplying in my RAM, which causes the problem, but nothing seems to scan that. I'll follow the instructions you just posted, and I'll trust that you know what you're talking about, but other than the computer running a bit slower than it should, I really can't point out any symptoms. It's just that I know a lot of those items I listed to be malicious, and I don't want to risk any further trouble with my computer--I need it for school--and I don't want to risk ID theft or anything else.

(By the way, I don't mean to take credit for reformatting the computer--I'm not that bright with these things. My girlfriend did it.)

Just to clarify, though: that list of filenames...I've looked a few of those up, and they're bad news. They're on my computer--I couldn't have come up with things like that even if I'd really spent some time at it. My earlier guess was that LimeWire may have contributed. Now it just seems like the computer is never safe unless it's shut off.
  • 0

#6
Mike
Posted 26 July 2008 - 08:05 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
From the logs you gave me everything is dandy. If your girlfriend reformatted your PC - the virus will be gone, there is no way it can still be there.

Let's see what this can find...

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#7
I_Need_a_Geek
Posted 26 July 2008 - 08:59 AM

I_Need_a_Geek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Still working on that Kaspersky scan (it's taking forever).

But the reason I disagree about the success of the reformat is that I've read about Smitfraud.

http://en.wikipedia.org/wiki/Smitfraud

Look at the list of filenames I posted. It's impossible that they aren't there. Where would I have gotten those names from?!

It's also my understanding that Smitfraud and a lot of similar ones (which are all on my list, Zlob and Virtumonde probably being the worst) are able to disable virus scans from finding them. That's why I was kind of hoping someone would know what specifically I should do...
  • 0

#8
Mike
Posted 26 July 2008 - 09:12 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
I can only say what I know, if you reformatted there is no way the virus would have survived - and your logs back that up. If she may have done it improperly then yes...

Virtumonde and Smitfraud are usually not hard to get rid of, you can see that a lot of people are infected with this and still go away happy after getting help here.

The Kaspersky scan does take long - up to 3 hours sometimes, since you said you have slow internet I gave you the alternative to run MBAM.

Anyways, you have to trust me for me to be able to help you - otherwise we are just both wasting our time.
  • 0

#9
I_Need_a_Geek
Posted 26 July 2008 - 09:22 AM

I_Need_a_Geek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Scan just finished. "No malware detected."

I do trust you; I just want to make sure you're reading me correctly.

I'll try that other scan you posted now.

One other question:

Do I want to use SmitFraud Fix? I think it's posted someplace on this website...

There seem to be a number of virus/malware fixers that are specific to the ones I've got. I know there's a tutorial on running those. You're positive I don't have them?
  • 0

#10
Mike
Posted 26 July 2008 - 09:30 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Yes, I'm positive - Run MBAM and post back with the results.

I'm not running those tools since there is no need to as of yet :)

I'll wait on the results, should take around 5 - 10 minutes for it to scan.
  • 0

Advertisements

#11
I_Need_a_Geek
Posted 26 July 2008 - 09:35 AM

I_Need_a_Geek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Just out of curiosity, why a quick scan instead of a full scan? Wouldn't a full scan be more effective? (Sorry, I have this annoying habit of asking questions. The less I know, the more questions I ask.)
  • 0

#12
I_Need_a_Geek
Posted 26 July 2008 - 09:51 AM

I_Need_a_Geek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
23 mins...

Go figure.

No malicious items were detected...

((By the way, I want to say thanks for all the time you've put in so far. You've been very patient.))

I'm going to finally get some sleep. Hopefully we can pick this up later...I'll follow any instructions I find when I get back and I'll repost.

Here's the MBAM log:

Malwarebytes' Anti-Malware 1.23
Database version: 994
Windows 5.1.2600 Service Pack 2

11:50:02 AM 7/26/2008
mbam-log-7-26-2008 (11-50-02).txt

Scan type: Quick Scan
Objects scanned: 55411
Time elapsed: 23 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by I_Need_a_Geek, 26 July 2008 - 10:05 AM.

  • 0

#13
Mike
Posted 26 July 2008 - 01:26 PM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there your logs are clean,

The scans came out fine and the DSS (Deckard System Scanner) log was clean as well.

I did a quick scan with MBAM because if anything is there, at least a trace would be found - if you wish you can run a full scan for reassurance.

I don't know if this can assure you anymore but I need to say it again, if you reformated - the virus is 100% gone.

There is no such thing as a virus that hides in Hardware (like RAM) it can reside in the Memory (which the RAM adds to the PC), but that is definitely not the case here.

Slow computer doesn't necessarily mean a virus, take a look here and see if this speeds your computer up a bit. http://users.telenet...owcomputer.html

To remove the tools we used do the following:

Please download OTCleanIt.
  • Save it to your desktop.
  • Double Click on OTCleanIt.exe, a window will appear.
  • Please press the CleanUp! Button.
This will remove the tools we used during the process of cleaning your computer including OTCleanIt.

MBAM (MalwareBytes' Anti-Malware) will need to be uninstalled through add or remove programs - and it's folder located at C:\program files\MBAM needs to be deleted separately if present.


Now that your are clean, you'll want to stay that way.

Some important things that you should keep in mind in order to protect yourself:
  • Use common sense. This is the big one! Don't download programs from suspicious sites and be careful where you browse.
    Things you can do to avoid downloading bad programs:
    • Google the program. Read reviews and opinions from other people on the internet, if you dont see any reports of foul play - then there more than likely is none.
    • Stay away from Cracks! However luring the thought of free software can be it's not worth the hassle and potential danger of getting infected.
    • Download the program directly from the website of the developer - then you can be certain you haven't downloaded a bogus copy.
    • Read the EULA (End User License Agreement) - Find out exactly what you are downloading. A good tool to aid you in this would be EULAyzer.
  • Keep your programs updated! Software developers update their programs to patch possible security risks. Do a scan once in a while for outdated programs using Secunia's Software Inspector
  • Keep your protection programs up to date! No matter how good your Antivirus or Antispyware program is, without an updated set of definitions it will do you no good against the new infections. If you run a free program make sure to update them at least once a week.
  • Make sure that windows updates is enabled. Keeping your system up to date is a must - to turn on automatic updates take a look at this article by Microsoft.
I have listed two programs to boost your security while using no resources.
  • SpywareBlaster Take a look at the tutorial here.
  • ZonedOut Adds thousands of websites to your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Also consider using an alternative web browser. Two big named ones, both far superior to Internet Explorer in terms of security and performance, would be Firefox and Opera.

Make a habit of scanning your computer for viruses every week or so and backing up important files regularly.

Please also read Expert Tony Klein's excellent article: How I got Infected in the First Place
  • 0

#14
I_Need_a_Geek
Posted 27 July 2008 - 07:58 AM

I_Need_a_Geek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Should I remove those tools, or would it be better to save them for later use?
  • 0

#15
Mike
Posted 27 July 2008 - 09:11 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Yes, it's a good idea too remove them :)

MalwareBytes' Anti-Malware you can keep as it is a good tool to do occasional scans.

Take care and have a great day still!

Mike

Edited by Mike, 27 July 2008 - 09:11 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP