Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Check this Log please, see if safe. TY [Solved]

Started by GreenSWLegend , Feb 19 2009 07:01 AM

This topic is locked

#1
GreenSWLegend

Posted 19 February 2009 - 07:01 AM

New Member

Member
6 posts

Hi. I have had trouble with malware/spyware for past 2 years (twice) and had to format my hard drive to get rid of it. but now seeing these forums am going to get rid of these annoying spyware without formatting.
I did a malwarebytes scan, it removed mostly vundo trojans.
Before removing them, i used to get false windows security alert telling me mu automatic updates are switched off. I checked in control panel but they were switched on. And when browsing with IE 7, there were the usual unwanted pop ups redirecting me to buy other software and pop up saying i should download this and that software because i was infected.
Tested the PC yesterday, but no sign of the annoying popups, but really want to make sure everything is clean in my logs that am going to copy/paste here, Can you please check this for me. by the way am dual booting with windows XP 64bit, that windows is fine.

Malwarebytes log:....................

Malwarebytes' Anti-Malware 1.34
Database version: 1771
Windows 5.1.2600 Service Pack 3

17/02/2009 22:12:56
mbam-log-2009-02-17 (22-12-56).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 168267
Time elapsed: 50 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\yayxuvSI.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f8f247f-e86f-4457-b3c0-bbf0a85cc7f7} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2f8f247f-e86f-4457-b3c0-bbf0a85cc7f7} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2f8f247f-e86f-4457-b3c0-bbf0a85cc7f7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayxuvsi -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxuvsi -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\yayxuvSI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ISvuxyay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ISvuxyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BD609F18-31AA-4AFD-9FF2-2E4DF2CC52C4}\RP43\A0012312.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BD609F18-31AA-4AFD-9FF2-2E4DF2CC52C4}\RP43\A0012309.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

I did a hijackthis log yesterday when all seemed fine. but am just going to let someone knowledgeable check them for me. thanks

Hijackthis log:..........................

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:03, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee\MSC\Updates\Installs\1\msc\mcinst.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: mlJDtsss - mlJDtsss.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8729 bytes

Your help is much appreciated. this malware is really giving big headache. dont want to be formatting the 300GB drive, LOL.

#2
Transience

Posted 19 February 2009 - 08:04 AM

Unofficial Music Guru

Retired Staff
2,448 posts

Hello GreenSWLegend and welcome to Geeks to Go! I'm Dave and I'll be helping you out.

One quick fix with HJT:

1. Fix HijackThis entries

Please re-open Hijackthis (Vista users please right click and select Run as Administrator) and scan. Place a check mark in the box next to each of the following entries if present. Do not worry if they aren't there:

O20 - Winlogon Notify: mlJDtsss - mlJDtsss.dll (file missing)

Now close all windows other than Hijackthis, including web broswers, so that HJT will have the best chance of being able to fix these problems, and click "Fix Checked" .

I'd like one more scan with a tool that's very good at removing the infections you have to see if anything else remains:

2. ComboFix

Please visit this webpage for download links and instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

Download ComboFix from one of the links at that site and save it directly to your desktop. Be sure that you read ALL of the instructions on that page very carefully and follow them exactly. Of particular importance is disabling all your protection programs before running ComboFix, if you need further help figuring out how to disable a specific program look here. Installing the recovery console if you're running an XP machine is also very important. By following the steps at that site closely, you give ComboFix the best chance at a successful run and minimmize the likelihood of having potentially serious problems occur after an attempted removal of malware.

Onc the program has finished running its log should pop up automatically, or if for some reason you lose it it can found at C:\ComboFix.txt. Include the complete contents of that log in your next reply, being sure that it has not been cut off by the limit on the length of posts. Use multiple replies if you need.

Just need the CF log in your next reply

.

Cheers,
Dave

#3
GreenSWLegend

Posted 19 February 2009 - 08:27 AM

New Member

Topic Starter
Member
6 posts

Thank you for the quick responce. I am in university at moment so when i get home later I shall get the Combofix log for you.

#4
Transience

Posted 19 February 2009 - 12:14 PM

Unofficial Music Guru

Retired Staff
2,448 posts

Sounds good, no hurry.

#5
GreenSWLegend

Posted 19 February 2009 - 05:25 PM

New Member

Topic Starter
Member
6 posts

Hi Dave, did what you said on HJT, and ran combofix. initially upon download mcafee warned me that this combofix was virus(trojan) worried me but anyway, ran it and got the log for you.

ComboFix log:.................

ComboFix 09-02-18.01 - Waheed 2009-02-19 23:16:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1609 [GMT 0:00]
Running from: c:\documents and settings\Waheed\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.

2009-02-17 22:16 . 2009-02-17 22:16 <DIR> d-------- c:\program files\Trend Micro
2009-02-17 21:17 . 2009-02-17 21:17 <DIR> d-------- c:\program files\FileASSASSIN
2009-02-17 21:16 . 2009-02-17 21:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 21:16 . 2009-02-17 21:16 <DIR> d-------- c:\documents and settings\Waheed\Application Data\Malwarebytes
2009-02-17 21:16 . 2009-02-17 21:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-17 21:16 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 21:16 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-17 19:15 . 2009-01-18 21:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-17 18:38 . 2009-02-17 18:38 <DIR> d-------- c:\program files\Lavasoft
2009-02-17 18:38 . 2009-02-17 18:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-17 18:38 . 2009-02-17 18:38 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-17 18:38 . 2009-01-18 21:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-17 18:36 . 2009-02-17 18:31 34,543,112 --a------ C:\Ad-AwareAE.exe
2009-02-16 20:36 . 2009-02-19 14:35 <DIR> d-------- C:\Photos
2009-02-16 20:30 . 2009-02-16 20:30 <DIR> d-------- c:\program files\Sony Ericsson
2009-02-16 20:30 . 2009-02-16 20:30 <DIR> d-------- c:\program files\Avanquest update
2009-02-16 20:30 . 2009-02-16 20:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-02-16 20:30 . 2009-02-16 20:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2009-02-16 20:30 . 2008-10-21 09:22 114,600 --a------ c:\windows\system32\drivers\s0017mdm.sys
2009-02-16 20:30 . 2008-10-21 09:22 109,736 --a------ c:\windows\system32\drivers\s0017unic.sys
2009-02-16 20:30 . 2008-10-21 09:22 108,328 --a------ c:\windows\system32\drivers\s0017mgmt.sys
2009-02-16 20:30 . 2008-10-21 09:22 104,616 --a------ c:\windows\system32\drivers\s0017obex.sys
2009-02-16 20:30 . 2008-10-21 09:22 86,824 --a------ c:\windows\system32\drivers\s0017bus.sys
2009-02-16 20:30 . 2008-10-21 09:22 26,024 --a------ c:\windows\system32\drivers\s0017nd5.sys
2009-02-16 20:30 . 2008-10-21 09:22 15,016 --a------ c:\windows\system32\drivers\s0017mdfl.sys
2009-02-16 20:30 . 2008-10-21 09:22 12,200 --a------ c:\windows\system32\drivers\s0017whnt.sys
2009-02-16 20:30 . 2008-10-21 09:22 12,200 --a------ c:\windows\system32\drivers\s0017wh.sys
2009-02-16 20:30 . 2008-10-21 09:22 12,200 --a------ c:\windows\system32\drivers\s0017cmnt.sys
2009-02-16 20:30 . 2008-10-21 09:22 12,200 --a------ c:\windows\system32\drivers\s0017cm.sys
2009-02-16 20:30 . 2008-10-21 09:22 10,792 --a------ c:\windows\system32\drivers\s0017cr.sys
2009-02-16 20:29 . 2009-02-16 20:29 <DIR> d-------- c:\documents and settings\Waheed\Application Data\InstallShield
2009-02-14 13:29 . 2009-02-14 13:29 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-14 13:27 . 2009-02-14 13:27 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-14 13:25 . 2009-02-14 13:25 <DIR> d-------- c:\program files\NOS
2009-02-14 13:25 . 2009-02-14 13:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-02-14 13:20 . 2009-02-14 13:20 <DIR> d-------- c:\documents and settings\Waheed\Application Data\AdobeUM
2009-02-08 21:34 . 2009-02-08 21:34 <DIR> d-------- c:\documents and settings\Waheed\Application Data\DivX
2009-02-08 21:33 . 2009-02-08 21:33 <DIR> d-------- c:\program files\DivX
2009-02-08 21:21 . 2009-02-08 21:41 69 --a------ c:\windows\NeroDigital.ini
2009-02-08 20:56 . 2009-02-08 20:56 <DIR> d-------- c:\documents and settings\Waheed\Application Data\Ahead
2009-02-08 20:53 . 2009-02-08 20:53 <DIR> d-------- c:\program files\Nero
2009-02-08 20:53 . 2009-02-08 21:47 <DIR> d-------- c:\program files\Common Files\Ahead
2009-02-08 19:45 . 2009-02-08 19:45 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2009-02-08 19:29 . 2009-02-08 19:29 <DIR> d-------- C:\Roxi EasyMediaCreator
2009-02-07 13:24 . 2009-02-07 13:24 <DIR> d-------- C:\Garmin Mobile XT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 23:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-18 22:24 --------- d-----w c:\program files\McAfee
2009-02-16 20:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 11:52 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-17 17:36 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-17 14:19 --------- d-----w c:\program files\iTunes
2009-01-17 14:19 --------- d-----w c:\program files\iPod
2009-01-17 14:19 --------- d-----w c:\program files\Common Files\Apple
2009-01-17 14:19 --------- d-----w c:\documents and settings\Waheed\Application Data\Apple Computer
2009-01-17 14:19 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-17 14:19 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-17 14:18 --------- d-----w c:\program files\QuickTime
2009-01-17 14:18 --------- d-----w c:\program files\Bonjour
2009-01-17 14:18 --------- d-----w c:\program files\Apple Software Update
2009-01-17 14:18 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-09 12:03 79,304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-01-09 12:03 40,552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-01-09 12:03 35,272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-01-09 12:03 34,216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-01-09 12:03 213,640 ----a-w c:\windows\system32\drivers\mfehidk.sys
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 14:54 --------- d-----w c:\program files\Google
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-04 626176]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"nwiz"="nwiz.exe" [2007-11-06 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-17 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2008-11-15 29696]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-14 33752]
S3 PciCon;PciCon;\??\g:\pcicon.sys --> g:\PciCon.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-02-16 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-02-16 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-02-16 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-02-16 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-02-16 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-02-16 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-02-16 109736]
.
Contents of the 'Scheduled Tasks' folder

2009-02-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2008-11-15 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Waheed\Application Data\Mozilla\Firefox\Profiles\gk9dhabg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.ebay.co.uk
FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 23:17:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-19 23:18:35
ComboFix-quarantined-files.txt 2009-02-19 23:18:33

Pre-Run: 294,004,318,208 bytes free
Post-Run: 294,146,658,304 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="Microsoft Windows XP Pro 64" /fastdetect

188 --- E O F --- 2009-02-12 11:53:30

thats all there is to it. do let me know if anything else need doing.
Edit: can i delete the combofix now? delete recommended?
Thank you.
Waheed

Edited by GreenSWLegend, 19 February 2009 - 05:26 PM.

#6
Transience

Posted 20 February 2009 - 09:01 AM

Unofficial Music Guru

Retired Staff
2,448 posts

Edit: can i delete the combofix now? delete recommended?

Best to leave it for now in case we come across any leftovers that need fixing, we'll get rid of it once you're clean

.

All looks in order with the CF log, because I'm paranoid I'd like you to run a couple final checks for me:

1. ATF Cleaner

Please download ATF Cleaner by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

2. Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from here or here.

Doubleclick mbam-setup.exe to install the program.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware at the end of setup, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Full Scan, then click Scan.
The scan will take a fairly long time to finish (you can leave it to run and go do something else), please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab.
Copy & Paste the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so and allow MBAM to finish.

3. Kaspersky Online Scan

Kaspersky online scanner uses Java technology to perform the scan. Because your Java is out of date, we need to update it first so that the scan will run without issues.

Update Java

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts. A log will appear (JavaRa.log), DO NOT post this log, I have no need for it.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Scan

Follow this link to the Kaspersky WebScanner
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

So post back with the logs from MBAM and Kaspersky when you have them and give me an update on how the PC is running, and we should have you on your way

.

- Dave

Edited by Transience, 20 February 2009 - 09:02 AM.

#7
GreenSWLegend

Posted 20 February 2009 - 03:50 PM

New Member

Topic Starter
Member
6 posts

did the two scans you requested. Phew! that took long lol

MalwareBytes scan:..................

Malwarebytes' Anti-Malware 1.34
Database version: 1782
Windows 5.1.2600 Service Pack 3

20/02/2009 19:34:29
mbam-log-2009-02-20 (19-34-29).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 168435
Time elapsed: 55 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Kapersky Scan log:..................

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, February 20, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, February 20, 2009 20:02:19
Records in database: 1822736
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 134410
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:39:45

No malware has been detected. The scan area is clean.

The selected area was scanned.

nothing found.
Ok update on computer, i havent seen any strange behaviour like slow running PC or any unwanted pop ups. think its all ok now, back to normal. Just want to know the scans above in all posts are clean?

let me know if its safe now. Before closing the thread if it has been resolved, i want to know what is the best online protection software that prevents being infected again? what would you suggest?
Thank you very much for your help.

Waheed

#8
Transience

Posted 20 February 2009 - 10:58 PM

Unofficial Music Guru

Retired Staff
2,448 posts

i want to know what is the best online protection software that prevents being infected again? what would you suggest?

McAfee like you have is just fine, as long as you keep it updated and read over the other tips I'll give you in a minute you should be fine.

Your logs are clean, we have a couple last things to take care of and then you're good to go.

Uninstall ComboFix and its traces from your computer:

Click on Start > Run
Type Combofix /u in the run box and click Ok. Note the space between the x and the /u, it needs to be there.

Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTCleanIt is a small program that removes all the leftover tools and logs from cleanup of malware.

Please download OTCleanIt! to your desktop.

Double-click OTCleanIt.exe to run it. (Vista users, please right click on OTCleanIt.exe and select "Run as an Administrator")
Click on the CleanUp! button
A list of tool components used in the cleanup of malware will be downloaded.
If your firewall or other protection attempts to block OTCleanIt's attempts to reach the internet, please allow it to run.
Click Yes to begin the Cleanup process and remove the tools we used, including this application.
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not be removed by OTCleanIt. Feel free to manually delete any tools it leaves behind.
Windows XP:

Now to get you off to a good start we will clean your system restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

Here are some tips to reduce the potential for malware infection in the future; I strongly that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Make proper use of your antivirus and firewall
Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, and if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure nothing has slipped through your protection. Once a week works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Finally, for a great tutorial on how to get the best protection out of your firewall, visit this link.

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, a couple add-ons that will nicely help to enhance your security are:

McAfee SiteAdvisor: A great firefox add-on that puts McAfee's database of tested sites at your fingertips so you can know whether or not that link you're about to click is safe.
NoScript - This add-on helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in a vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates
Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?
If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

And finally, see Tony Klein's good advice (recently rewritten by our own admin Kat) which reinforces and extends on some of the above concepts: So how did I get infected in the first place?

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Dave

#9
GreenSWLegend

Posted 21 February 2009 - 08:10 AM

New Member

Topic Starter
Member
6 posts

Thank you for your help. All done now. I think its safe to close the thread if you want to.
The ComboFix was removed by Mcafee when i turned virus scan off the other day.

Thanks again. I shall let you know if anything comes up again anytime soon.

EDIT: almost forgot. I did install Siteadvisor recently but somehow it slows my PC down too much, i mean when i browse. Anything you know as to why that may be? thanks

Regards
Waheed

Edited by GreenSWLegend, 21 February 2009 - 08:12 AM.

#10
Transience

Posted 21 February 2009 - 08:16 AM

Unofficial Music Guru

Retired Staff
2,448 posts

What browser are you using? I've had Siteadvisor as a firefox add-on for ages and never noticed any difference in performance. Try uninstalling or disabling it (I know in Firefox it's Tools > Add-Ons, not sure about IE) and see if your browser performance goes back to normal.

Edited by Transience, 21 February 2009 - 08:17 AM.

#11
GreenSWLegend

Posted 21 February 2009 - 03:34 PM

New Member

Topic Starter
Member
6 posts

For some reason Siteadvisor has gone from my Firefox 3.0.6. i cant find it in add-ons either. mainly use firefox now. i can install it on IE. but then the process for siteadvisor slows my browsing.

EDIT: Just got it running now, it installed for IE too lol

Thanks for your help.

Edited by GreenSWLegend, 21 February 2009 - 03:40 PM.

#12
Transience

Posted 21 February 2009 - 11:37 PM

Unofficial Music Guru

Retired Staff
2,448 posts

No problem, glad it's all resolved

#13
Transience

Posted 21 February 2009 - 11:39 PM

Unofficial Music Guru

Retired Staff
2,448 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.