Computer Hope
Software => Computer viruses and spyware => Topic started by: friday on July 15, 2009, 11:32:41 PM
-
Hi,
It looks like my Windows XP Professional with SP2 Laptop has problems with some kind of virus.
I have followed the recommended process but unfortunately could not carry out steps 3, 4 and 6 as the applications could not be installed.
Your suggestions and recommendations would be greatly appreciated.
Initial Symptoms:
Firefox 3.1 crashes
get error "An unhandled WIN32 exception..." quite often
Cannot scan using McAfee Anti-virus
Step 1
Add / Rem programs - Do not find any unknown application to remove
Step 2
CCleaner OK
Step 3
Super Anti Spyware -
Unable to install
Unhandled WIN32 exception
Step 4
MBAM - Installer would not execute
Step 5
Log Files:
JavaRa 1.15 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Thu Jul 16 01:05:17 2009
Found and removed: C:\Program Files\Java\jre1.5.0_06
Found and removed: C:\Program Files\Java\jre1.5.0_15
Found and removed: C:\Program Files\Java\jre1.6.0_05
Found and removed: C:\Program Files\Java\jre1.6.0_07
Found and removed: Software\JavaSoft\Java2D\1.5.0_05
Found and removed: Software\JavaSoft\Java2D\1.5.0_06
Found and removed: Software\JavaSoft\Java2D\1.5.0_11
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006Found and removed:
SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006Found and removed:
SOFTWARE\Classes\JavaPlugin.150_06Found and removed:
SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed: SOFTWARE\JavaSoft\Java Plug-
in\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5Found and removed:
SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06Found and removed: SOFTWARE\Microsoft\Code
Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\ACBB9B2318A96D117A58000B0D510006Found and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Products\8A0F842331866D117AB7000B0D510006Found and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}Found
and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed:
SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}Found and removed:
SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed:
SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005Found and removed:
SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005Found and removed:
SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005Found and removed:
SOFTWARE\Classes\JavaPlugin.160_05Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05Found
and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05Found and removed:
SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\ACBB9B2318A96D117A58000B0D610005Found and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Products\8A0F842331866D117AB7000B0D610005Found and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}Found
and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06Found and removed:
Software\Classes\JavaPlugin.160_05Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-
0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-
ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed:
SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web
Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed:
SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web
Start\1.2.0_01Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05Found and removed:
Software\JavaSoft\Java2D\1.5.0_15Found and removed: Software\JavaSoft\Java2D\1.6.0Found and
removed: Software\JavaSoft\Java2D\1.6.0_03Found and removed:
Software\JavaSoft\Java2D\1.6.0_05Found and removed: Software\JavaSoft\Java Runtime
Environment\1.6.0_05Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_15Found and removed:
SOFTWARE\Classes\JavaPlugin.150_15Found and removed: SOFTWARE\JavaSoft\Java Runtime
Environment\1.5.0_15Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-
0013-0001-0000-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-
ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and
removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}Found and removed:
Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}Found and removed:
SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07Found and removed: SOFTWARE\JavaSoft\Java Runtime
Environment\1.6.0_07Found and removed: SOFTWARE\Microsoft\Active Setup\Installed
Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\ACBB9B2318A96D117A58000B0D610007Found and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Products\8A0F842331866D117AB7000B0D610007Found and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}Found
and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common
Files\Java\Update\Base Images\jre1.5.0.b64\Found and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06
\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program
Files\Java\jre1.6.0_05\Found and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05
\bin\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program
Files\Java\jre1.6.0_07\bin\Found and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common
Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\Found and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common
Files\Java\Update\Base Images\jre1.5.0.b64\core1.zipFound and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common
Files\Java\Update\Base Images\jre1.5.0.b64\core2.zipFound and removed:
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common
Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip
------------------------------------
Finished reporting.
Step 6
Hijack This - - Installer would not execute
-
Try renaming the installation files to any other name and run them in safe mode....Did you follow Step#6 and rename HJT?
-
Mbam renamer
Try the renamer download for Malwarbytes.
http://kixhelp.com/wr/files/mb/randmbam.exe
The randmbam.exe will try to create random names and shortcuts for Malwarebytes Anti Malware (MBAM) if you have it installed already.
If it installs then use this link to download the updates.
Download Malwarebytes' Anti-Malware Database - GT500.org
Just download it to the desktop and run the exe then run Malwarebytes
harry
-
Jeese...why didn't I get that idea.
After renaming I am able to install all files. I will complete all steps and get back to you with logs.
Thanks a ton Karnac!
Thank you harry 48!
Regards,
Friday
-
Hi Karnac,
Step A: Not Applicable
Step 1: Not Applicable
Step 2: Done!
Step 3: SAS - Log attached.
Step 4: MBAM - Log attached.
Step 5: Done!
Step 6: HJT - Log attached.
Please let me know if I need to do anything else.
Regards,
Fred
[attachment deleted by admin]
-
Sit tight , wait for Evilfantasy or kpac......
-
Download DDS from |HERE| (http://www.techsupportforum.com/sectools/sUBs/dds) or |HERE| (http://download.bleepingcomputer.com/sUBs/dds.scr) or |HERE| (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
-
Hi evilfantasy,
Please find both DDS.txt and Attach.txt logs below -
============= DDS.txt File Content ===============
DDS (Ver_09-06-26.01) - NTFSx86
Run by Friedey at 10:26:02.56 on Sun 07/19/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1370 [GMT -4:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Print Distributor 4\pd3service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Friedey\Desktop\dds.pif
============== Pseudo HJT Report ===============
uStart Page = about:blank
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {3A83FA37-BB81-4009-9EA4-3E9A4E328A8F} = 192.168.1.4
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\friedey\applic~1\mozilla\firefox\profiles\n0hewecp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo Search
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
============= SERVICES / DRIVERS ===============
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2005-11-21 11008]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-20 214024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-20 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-20 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-20 144704]
R2 Print Distributor 4;Print Distributor 4;c:\program files\print distributor 4\pd3service.exe [2009-5-11 860920]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-20 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-5-16 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-5-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-5-16 40552]
R3 NsSmrCap;NsSmrCap;c:\windows\system32\drivers\NsSmrCap.sys [2008-4-23 26624]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-3-6 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-3-6 7424]
S2 gupdate1c9867475d96ba2;Google Update Service (gupdate1c9867475d96ba2);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-5-16 34216]
S3 MySQL5;MySQL5;"c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql5 --> c:\program files\mysql\mysql server 5.0\bin\mysqld-nt [?]
S3 OracleDBConsolemes;OracleDBConsolemes;c:\app\friedey\product\11.1.0\db_1\bin\nmesrvc.exe [2008-3-16 25600]
S3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\friedey\product\11.1.0\db_1\bin\tnslsnr --> c:\app\friedey\product\11.1.0\db_1\bin\TNSLSNR [?]
S3 OracleServiceMES;OracleServiceMES;c:\app\friedey\product\11.1.0\db_1\bin\oracle.exe mes --> c:\app\friedey\product\11.1.0\db_1\bin\ORACLE.EXE MES [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2008-1-18 24635]
S4 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2006-2-14 106496]
S4 Eyelit_Factory_Connect;Eyelit Factory Connect;c:\eyelit\eyelitfc\factoryconnect\startfc.exe -zglaxservice eyelit_factory_connect --> c:\eyelit\eyelitfc\factoryconnect\StartFC.exe -zglaxservice Eyelit_Factory_Connect [?]
S4 OracleJobSchedulerMES;OracleJobSchedulerMES;c:\app\friedey\product\11.1.0\db_1\bin\extjob.exe mes --> c:\app\friedey\product\11.1.0\db_1\bin\extjob.exe MES [?]
=============== Created Last 30 ================
2009-07-19 10:23 <DIR> --d-h--- c:\windows\PIF
2009-07-18 00:09 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-07-18 00:09 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-18 00:09 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-07-18 00:09 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-07-18 00:09 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-07-17 23:33 <DIR> --d----- c:\windows\system32\scripting
2009-07-17 23:33 <DIR> --d----- c:\windows\l2schemas
2009-07-17 23:33 <DIR> --d----- c:\windows\system32\en
2009-07-17 23:33 <DIR> --d----- c:\windows\system32\bits
2009-07-17 23:30 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-17 22:17 <DIR> --d----- c:\docume~1\friedey\applic~1\Malwarebytes
2009-07-16 19:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-16 16:52 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-16 16:06 219,648 a------- c:\windows\PEV.exe
2009-07-16 16:06 161,792 a------- c:\windows\SWREG.exe
2009-07-16 16:06 98,816 a------- c:\windows\sed.exe
2009-07-16 15:20 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 15:20 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-16 15:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-16 15:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 15:19 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-16 15:19 <DIR> --d----- c:\docume~1\friedey\applic~1\SUPERAntiSpyware.com
2009-07-16 01:52 <DIR> --d----- c:\windows\ERUNT
2009-07-16 01:40 <DIR> --d----- C:\SDFix
2009-07-16 01:01 <DIR> --d----- c:\program files\Sun
2009-07-16 00:49 <DIR> --d----- c:\documents and settings\friedey\.SunDownloadManager
2009-07-15 23:02 <DIR> --d----- c:\program files\CCleaner
2009-07-15 11:13 3,248 a------- c:\windows\system32\wbem\Outlook_01ca055ec2d84ae0.mof
==================== Find3M ====================
2009-07-17 23:38 87,643 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-16 00:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-03 17:01 1,890 a------- c:\docume~1\friedey\applic~1\wklnhst.dat
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-25 13:19 170,454 a------- c:\windows\hpqins00.dat
2009-05-21 14:46 268,288 -------- c:\windows\system32\dllcache\httpext.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 -------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-03-06 03:41 76 -c-shr-- c:\windows\CT4CET.bin
============= FINISH: 10:26:52.79 ===============
============= Attach.txt File Content ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/12/2008 7:31:50 PM
System Uptime: 7/19/2009 7:01:53 AM (3 hours ago)
Motherboard: Dell Inc. | | 0KY767
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | Microprocessor | 1595/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 143 GiB total, 18.105 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Loopback Adapter
Device ID: ROOT\NET\0000
Manufacturer: Microsoft
Name: Microsoft Loopback Adapter
PNP Device ID: ROOT\NET\0000
Service: msloop
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA
==== System Restore Points ===================
RP334: 7/12/2009 8:16:47 PM - System Checkpoint
RP335: 7/12/2009 8:16:47 PM - System Checkpoint
RP336: 7/12/2009 8:16:47 PM - System Checkpoint
RP337: 7/12/2009 8:16:48 PM - System Checkpoint
RP338: 7/12/2009 8:16:49 PM - System Checkpoint
RP339: 7/12/2009 8:16:49 PM - System Checkpoint
RP340: 7/12/2009 8:16:50 PM - System Checkpoint
RP341: 7/12/2009 8:16:50 PM - System Checkpoint
RP342: 7/12/2009 8:16:51 PM - System Checkpoint
RP343: 7/12/2009 8:16:51 PM - System Checkpoint
RP344: 7/12/2009 8:16:52 PM - System Checkpoint
RP345: 7/12/2009 8:16:53 PM - System Checkpoint
RP346: 7/12/2009 8:16:53 PM - System Checkpoint
RP347: 7/12/2009 8:16:54 PM - System Checkpoint
RP348: 7/12/2009 8:16:55 PM - Installed 32 Bit HP CIO Components Installer
RP349: 7/12/2009 8:16:57 PM - Removed 32 Bit HP CIO Components Installer
RP350: 7/12/2009 8:17:01 PM - System Checkpoint
RP351: 7/12/2009 8:17:03 PM - System Checkpoint
RP352: 7/12/2009 8:17:04 PM - System Checkpoint
RP353: 7/12/2009 8:17:04 PM - System Checkpoint
RP354: 7/12/2009 8:17:05 PM - System Checkpoint
RP355: 7/12/2009 8:17:05 PM - System Checkpoint
RP356: 7/12/2009 8:17:06 PM - System Checkpoint
RP357: 7/12/2009 8:17:07 PM - System Checkpoint
RP358: 7/12/2009 8:17:09 PM - System Checkpoint
RP359: 7/12/2009 8:17:11 PM - System Checkpoint
RP360: 7/12/2009 8:17:13 PM - System Checkpoint
RP361: 7/12/2009 8:17:14 PM - System Checkpoint
RP362: 7/12/2009 8:17:16 PM - System Checkpoint
RP363: 7/12/2009 8:17:20 PM - System Checkpoint
RP364: 7/12/2009 8:17:24 PM - System Checkpoint
RP365: 7/12/2009 8:17:26 PM - System Checkpoint
RP366: 7/12/2009 8:17:26 PM - System Checkpoint
RP367: 7/12/2009 8:17:27 PM - System Checkpoint
RP368: 7/12/2009 8:17:29 PM - System Checkpoint
RP369: 7/12/2009 8:17:30 PM - System Checkpoint
RP370: 7/12/2009 8:17:30 PM - System Checkpoint
RP371: 7/12/2009 8:17:31 PM - System Checkpoint
RP372: 7/12/2009 8:17:31 PM - System Checkpoint
RP373: 7/12/2009 8:17:32 PM - System Checkpoint
RP374: 7/12/2009 8:17:32 PM - System Checkpoint
RP375: 7/12/2009 8:17:32 PM - System Checkpoint
RP376: 7/12/2009 8:17:33 PM - System Checkpoint
RP377: 7/12/2009 8:17:34 PM - Installed Windows Media Player 10
RP378: 7/12/2009 8:17:35 PM - Software Distribution Service 3.0
RP379: 7/12/2009 8:17:41 PM - System Checkpoint
RP380: 7/12/2009 8:17:43 PM - System Checkpoint
RP381: 7/12/2009 8:17:44 PM - System Checkpoint
RP382: 7/12/2009 8:17:45 PM - System Checkpoint
RP383: 7/12/2009 8:17:46 PM - System Checkpoint
RP384: 7/12/2009 8:17:46 PM - System Checkpoint
RP385: 7/12/2009 8:17:47 PM - System Checkpoint
RP386: 7/12/2009 8:17:49 PM - System Checkpoint
RP387: 7/12/2009 8:17:49 PM - System Checkpoint
RP388: 7/12/2009 8:17:50 PM - Software Distribution Service 3.0
RP389: 7/12/2009 8:17:51 PM - System Checkpoint
RP390: 7/12/2009 8:17:51 PM - System Checkpoint
RP391: 7/12/2009 8:17:51 PM - System Checkpoint
RP392: 7/12/2009 8:17:52 PM - System Checkpoint
RP393: 7/12/2009 8:17:52 PM - System Checkpoint
RP394: 7/12/2009 8:17:52 PM - System Checkpoint
RP395: 7/12/2009 8:17:53 PM - System Checkpoint
RP396: 7/12/2009 8:17:53 PM - System Checkpoint
RP397: 7/12/2009 8:17:54 PM - System Checkpoint
RP398: 7/12/2009 8:17:56 PM - System Checkpoint
RP399: 7/12/2009 8:17:56 PM - System Checkpoint
RP400: 7/12/2009 8:17:56 PM - System Checkpoint
RP401: 7/12/2009 8:17:57 PM - System Checkpoint
RP402: 7/12/2009 8:17:57 PM - System Checkpoint
RP403: 7/12/2009 8:17:58 PM - System Checkpoint
RP404: 7/12/2009 8:17:58 PM - System Checkpoint
RP405: 7/12/2009 8:17:59 PM - System Checkpoint
RP406: 7/17/2009 12:39:36 AM - Software Distribution Service 3.0
RP407: 7/17/2009 9:20:04 AM - Installed Windows XP WgaNotify.
RP408: 7/17/2009 11:12:28 PM - Software Distribution Service 3.0
RP409: 7/18/2009 3:00:29 AM - Software Distribution Service 3.0
RP410: 7/19/2009 3:00:23 AM - Software Distribution Service 3.0
==== Installed Programs ======================
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1.2
AIO_Scan
Apache HTTP Server 2.2.8
Asset Management 5.0 Integration
Asset Management Modeler
Broadcom Management Programs
BufferChm
CAPA 2.0 Integration
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner (remove only)
Cisco Systems VPN Client 5.0.01.0600
Conexant HDA D330 MDC V.92 Modem
Copy
CustomerResearchQFolder
Dell DataSafe Online
Dell Support Center (Support Software)
Dell System Restore
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Web Player
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Documentation & Support Launcher
DreamCoder for Oracle 2.5
DScaler 5 Mpeg Decoders
eSupportQFolder
eyelit CAPA 2.0 Modeler
eyelit CAPA 2.0 Operator
eyelit CAPA Modeler
eyelit CAPA Operator
eyelit MES 3.0 - Control Centre
eyelit MES 3.0 - Modeler
eyelit MES 3.0 - Operator
eyelit MES 3.0 - Proxy
eyelit MES 4.0 BASE
eyelit MES 4.0 Modeler
eyelit MES 4.0 Operator
EyelitFC Control Center
F4100
F4100_doccd
F4100_Help
Factory Connect 4.5
ffdshow [rev 1685] [2007-12-06]
Games, Music, & Photos Launcher
Google Chrome
Google Earth
Google Update Helper
Google Updater
Haali Media Splitter
HeidiSQL 3.2
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Internet Service Offers Launcher
J2SE Development Kit 5.0 Update 15
J2SE Runtime Environment 5.0 Update 15
Java DB 10.4.2.1
Java(TM) 6 Update 14
Java(TM) SE Development Kit 6 Update 14
Java(TM) SE Development Kit 6 Update 5
Laptop Integrated Webcam Driver (1.03.02.0719)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech QuickCam
Logitech® Camera Driver
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
MediaDirect
MES Modeler
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MySQL Server 5.0
Nero 8
neroxml
NetWaiting
Network Recording Player
OpenSource Flash Video Splitter (remove only)
Operator Station 3.0 Development Edition
OutlookAddinSetup
Presto! WMS2.5
Print Distributor 4
Print Distributor 4 DEP Fix
PSSWCORE
QuickSet
RealMedia (remove only)
RealPlayer
Rediff Bol
Rediff Toolbar
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB954459)
SolutionCenter
Sonic Activation Module
Status
SUPERAntiSpyware Free Edition
Supervisor Station 3.0 Development Edition
Symantec pcAnywhere
Toolbox
TrayApp
TuneUp Utilities 2008
UnloadSupport
Update for Windows XP (KB951978)
VC80CRTRedist - 8.0.50727.762
VideoToolkit01
Visual Defrag 2007
WebEx
WebEx PCNow
WebFldrs XP
WebReg
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
WinSCP 4.0.3
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
7/17/2009 12:44:25 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
7/16/2009 6:24:42 PM, error: Dhcp [1002] - The IP address lease 192.168.100.105 for the Network Card with network address 001F3A5D3981 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
7/16/2009 4:31:32 PM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
7/16/2009 4:30:07 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/16/2009 4:20:26 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
7/16/2009 4:10:20 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
7/16/2009 4:05:59 PM, error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).
7/16/2009 4:05:59 PM, error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s).
7/16/2009 4:05:59 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
7/16/2009 4:05:10 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
7/16/2009 4:04:10 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/16/2009 4:03:57 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/16/2009 4:03:54 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
7/16/2009 4:03:20 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
7/16/2009 3:52:57 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
7/16/2009 3:52:40 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/16/2009 3:52:39 PM, error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s).
7/16/2009 3:52:39 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/16/2009 3:52:39 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
7/16/2009 3:25:40 AM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
7/16/2009 2:53:00 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 5 time(s).
7/16/2009 12:32:59 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service McMSCSvc with arguments "" in order to run the server: {DDA1154C-204B-41D7-BFE7-7907C6BA9D56}
7/16/2009 12:32:53 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service McMSCSvc with arguments "" in order to run the server: {398E2E68-BFDA-4834-B971-3CB8EC3C7219}
7/16/2009 12:31:52 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service McMSCSvc with arguments "" in order to run the server: {03082469-BA75-44A5-89CB-D187F313E572}
7/16/2009 12:31:46 AM, error: Service Control Manager [7022] - The McAfee Real-time Scanner service hung on starting.
7/16/2009 12:30:01 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
7/16/2009 12:26:12 AM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
7/16/2009 12:24:23 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
7/16/2009 12:23:22 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/16/2009 12:15:46 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service LVCOMSer with arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}
7/16/2009 12:15:17 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service NMIndexingService with arguments "" in order to run the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}
7/16/2009 12:15:14 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
7/16/2009 12:14:13 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1c9867475d96ba2) service to connect.
7/16/2009 12:14:13 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate1c9867475d96ba2) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/16/2009 11:44:01 AM, error: Dhcp [1002] - The IP address lease 192.168.100.122 for the Network Card with network address 001F3A5D3981 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
7/16/2009 11:43:30 AM, error: Dhcp [1002] - The IP address lease 192.168.100.133 for the Network Card with network address 001D09BFE15C has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
7/16/2009 1:51:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
7/16/2009 1:51:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/16/2009 1:50:27 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/16/2009 1:50:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV awlegacy AW_HOST Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
7/16/2009 1:50:05 AM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
7/16/2009 1:50:05 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/16/2009 1:50:05 AM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
7/16/2009 1:50:05 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/16/2009 1:50:05 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/16/2009 1:50:05 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/16/2009 1:49:41 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/15/2009 9:16:39 AM, error: Dhcp [1002] - The IP address lease 192.168.0.170 for the Network Card with network address 001F3A5D3981 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
7/15/2009 7:09:37 PM, error: Dhcp [1002] - The IP address lease 192.168.100.122 for the Network Card with network address 001F3A5D3981 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
7/15/2009 6:06:42 PM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
7/15/2009 4:55:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Print Distributor 4 service to connect.
7/15/2009 4:55:50 PM, error: Service Control Manager [7000] - The Print Distributor 4 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/15/2009 12:47:51 PM, error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
7/15/2009 10:32:41 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
7/13/2009 6:41:42 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
7/13/2009 12:30:23 AM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 4 time(s).
7/12/2009 8:37:32 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 3 time(s).
7/12/2009 8:36:32 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 2 time(s).
7/12/2009 8:33:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the MBackMonitor service to connect.
7/12/2009 8:33:52 PM, error: Service Control Manager [7000] - The MBackMonitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/12/2009 8:16:14 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/12/2009 8:09:39 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
==== End Of File ===========================
Regards,
Friday
-
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to infect your system.
First install the new Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html)
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close all browser windows before beginning the install.
Remove the old version(s)
Download JavaRa (http://prm753.bchea.org/JavaRa.zip)
* Unzip the file and open the JavaRa.exe
* Click Remove Older Versions
* JavaRa will search for and remove any outdated version of Java and remove any that are found.
* Click Additional Tasks
* Place a check next to Remove Useless JRE Files and click Go
* Exit JavaRa
* Delete the JavaRa files from the Desktop
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
----------
Go to Add or Remove Programs and uninstall:
- LiveReg (Symantec Corporation)
- LiveUpdate 3.0 (Symantec Corporation)
.
----------
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
DO NOT run it yet!
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
DDS::
uStart Page = about:blank
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
Hi Evilfantasy,
Updated Java.
Removed older version using JavaRa
Uninstalled -
* LiveReg (Symantec Corporation)
* LiveUpdate 3.0 (Symantec Corporation)
Please find ComboFix.txt and JavaRa.log attached.
Thank you.
Regards,
Friday
[attachment deleted by admin]
-
Go to Start > Run and type notepad.exe then click OK
Copy and paste the below into Notepad and save as fixme.reg to Your Desktop
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.
Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.
Delete the fixme.reg from the Desktop.
----------
How is the computer running now?
.
-
Yes I got a success message.
Computer is running okay.
Thank you.
Is there anything else I should do?
-
Is there anything else I should do?
Just finish up if everything is OK now.
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
.
.
The above procedure will:- Delete: ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy (http://www.safer-networking.org/en/spybotsd/index.html). Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.
-
I will go through your recommendations and take actions if required.
Thank you very much for all your help...evilfantasy, karnac and harry 48!
Regards,
Friday
-
Your welcome.
--
I would also recommend that you Defrag the computer. There may be a lot of fragmented sections on the drive after cleaning the malware and contributing to the slowness.
You can use the built in Windows Defrag by clicking Start > Run and then type in dfrg.msc then click OK. Or use a faster FREE program. Defraggler (http://www.defraggler.com/) is very effective and easy to use.
Note: Be sure to clean out temp files and restart the computer just before beginning a defrag.
-
Thank you once again Evilfantasy!
Regards,
Friday