InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Redirectred searches and can't update.? |
| Answer» <html><body><p>Followed instructions--here is the first file:<br/><br/><br/><strong>SDFix: Version 1.240 </strong><br/>Run by me on Mon 01/19/2009 at 11:21 PM<br/><br/>Microsoft Windows XP [Version 5.1.2600]<br/>Running From: C:\sdfix<br/><br/><strong>Checking Services </strong>:<br/><br/><br/>Restoring Default Security Values<br/>Restoring Default Hosts File<br/><br/>Rebooting<br/><br/><br/><strong>Checking Files </strong>: <br/><br/>Trojan Files Found:<br/><br/>C:\iexplore.exe - Deleted<br/><br/><br/><br/>Folder C:\resycled - <a href="https://interviewquestions.tuteehub.com/tag/removed-1184775" style="font-weight:bold;" target="_blank" title="Click to know more about REMOVED">REMOVED</a><br/><br/><br/>Removing Temp Files<br/><br/><strong>ADS Check </strong>:<br/><br/><br/><br/> <strong>Final Check </strong>:<br/><br/>catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <br/><br/><a href="http://www.gmer.net">http://www.gmer.net</a><br/>Rootkit scan 2009-01-19 23:50:24<br/>Windows 5.1.2600 Service Pack 2 NTFS<br/><br/>scanning hidden processes ...<br/><br/>scanning hidden services & system hive ...<br/><br/>disk error: C:\WINDOWS\system32\config\system, 0<br/>scanning hidden registry entries ...<br/><br/>disk error: C:\WINDOWS\system32\config\software, 0<br/>disk error: C:\Documents and Settings\me\ntuser.dat, 0<br/>scanning hidden files ...<br/><br/>disk error: C:\WINDOWS\<br/><br/>please note that you need administrator rights to perform deep scan<br/><br/><strong>Remaining Services </strong>:<br/><br/><br/><br/><br/>Authorized Application Key Export:<br/><br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters<br/><br/>\firewallpolicy\standardprofile\authorizedapplications\list]<br/>"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:<br/><br/>@xpsp2res.dll,-22019"<br/>"C:\\Program Files\\IVT <br/><br/>Corporation\\BlueSoleil\\BlueSoleil_.exe"="C:\\Program Files\\IVT <br/><br/>Corporation\\BlueSoleil\\BlueSoleil_.exe:*:Enabled:BlueSoleil"<br/>"D:\\Downloads\\AVG01_09\\avgemc.exe"="D:\\Downloads\\AVG01_09\\avgemc.exe:*:<br/><br/>Enabled:avgemc.exe"<br/>"D:\\Downloads\\AVG01_09\\avgupd.exe"="D:\\Downloads\\AVG01_09\\avgupd.exe:*:<br/><br/>Enabled:avgupd.exe"<br/><br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters<br/><br/>\firewallpolicy\domainprofile\authorizedapplications\list]<br/>"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:<br/><br/>@xpsp2res.dll,-22019"<br/><br/><strong>Remaining Files </strong>:<br/><br/><br/>File Backups: - C:\SDFix\backups\backups.zip<br/><br/><strong>Files with Hidden Attributes </strong>:<br/><br/>Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\TeaTimer (Spybot - <br/><br/>Search & Destroy)\TeaTimer.exe"<br/>Tue 14 Oct 2008 24,576 A..H. --- "C:\Program Files\IVT <br/><br/>Corporation\BlueSoleil\BlueSoleil__.exe"<br/>Tue 14 Oct 2008 661,776 A..H. --- "C:\Program Files\IVT <br/><br/>Corporation\BlueSoleil\BlueSoleil_.exe"<br/>Sun 5 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All <br/><br/>Users\DRM\Cache\Indiv01.tmp"<br/>Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common <br/><br/>Files\Motorola Shared\MotPCSDrivers\difxapi.dll"<br/>Mon 15 Oct 2007 15,300 A..H. --- <br/><br/>"C:\WINDOWS\SoftwareDistribution\Download\3f69ea8a578f1bc30e2cba9a445213ed\BI<br/><br/>T10C.tmp"<br/>Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and <br/><br/>Settings\me\Application Data\U3\temp\Launchpad Removal.exe"<br/><br/><strong>Finished!</strong><br/><br/>***<br/><br/>After booting, I tried to go a Microsoft site and was redirected. WinPatrol had a pop-up window telling me a change in the host file. Sorry that I didn't get the exact wording. Clicked on the button for more info and got:<br/><br/># Copyright © 1993-1999 Microsoft Corp.<br/>#<br/># This is a sample HOSTS file used by Microsoft TCP/IP for Windows.<br/>#<br/># This file contains the mappings of IP addresses to host names. Each<br/># entry should be kept on an individual line. The IP address should<br/># be placed in the first column followed by the corresponding host name.<br/># The IP address and the host name should be separated by at least one<br/># space.<br/>#<br/># Additionally, <a href="https://interviewquestions.tuteehub.com/tag/comments-11906" style="font-weight:bold;" target="_blank" title="Click to know more about COMMENTS">COMMENTS</a> (such as these) may be inserted on individual<br/># lines or following the machine name denoted by a "#" symbol.<br/>#<br/># For example:<br/>#<br/># 102.54.94.97 rhino.acme.com # source server<br/># 38.25.63.10 x.acme.com # x client host<br/>#<br/>127.0.0.1 localhost<br/><br/><br/>*** <br/><br/>Hopefully you accepted the change from WinPatrol?<br/><br/>Download ComboFix© by sUBs from one of the below links. Be sure top save it to the <strong>Desktop</strong>.<br/><br/><a href="https://download.bleepingcomputer.com/sUBs/ComboFix.exe">Link #1</a><br/><a href="http://subs.geekstogo.com/ComboFix.exe">Link #2</a><br/><br/>**Note: It is important that it is saved directly to your Desktop<br/><br/>Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.<br/><br/>Temporarily <strong>disable</strong> your <strong>antivirus</strong>, and any <strong>antispyware</strong> real time protection <em><strong>before</strong></em> performing a scan. Click <a href="https://www.bleepingcomputer.com/forums/topic114351.html">this link</a> to see a list of security programs that should be disabled and how to disable them.<br/><br/>Double click combofix.exe & follow the prompts.<br/>When finished ComboFix will produce a log for you.<br/>Post the <strong>ComboFix log</strong> in your next reply.<br/><br/><strong>Important:</strong> Do not mouseclick ComboFix's window while it is running. That may cause it to stall.<br/><br/>Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.<br/><br/>If you have problems with ComboFix usage, see <a href="https://www.bleepingcomputer.com/combofix/how-to-use-combofix">How to use ComboFix</a><br/><br/>Here is the log file:<br/><br/><br/>ComboFix 09-01-19.05 - me 2009-01-20 18:56:25.1 - NTFSx86<br/>Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.288 [GMT -5:00]<br/>Running from: c:\documents and settings\me\Desktop\ComboFix1.exe<br/>AV: avast! antivirus 4.8.1296 [VPS 090120-0] *On-access scanning disabled* (Updated)<br/>AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)<br/>AV: StopSign Antivirus FREE TRIAL diagnostic version *On-access scanning disabled* (Updated)<br/>FW: ZoneAlarm Firewall *enabled*<br/>.<br/><br/>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))<br/>.<br/><br/>c:\windows\IE4 Error Log.txt<br/>c:\windows\system32\drivers\gaopdxvjbapmex.sys<br/>c:\windows\system32\gaopdxwbnyllrc.dll<br/><br/>.<br/>((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))<br/>.<br/><br/>-------\Service_npf<br/><br/><br/>((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))<br/>.<br/><br/>2009-01-20 11:57 . 2009-01-20 11:57410,984--a------c:\windows\system32\deploytk.dll<br/>2009-01-20 00:38 . 2009-01-20 00:38d--------c:\documents and settings\me\Application Data\IObit<br/>2009-01-19 23:19 . 2009-01-19 23:19d--------c:\windows\ERUNT<br/>2009-01-19 23:12 . 2009-01-19 23:50d--------C:\SDFix<br/>2009-01-19 22:32 . 2009-01-19 22:32d--------C:\rsit<br/>2009-01-19 22:32 . 2009-01-19 22:32d--------c:\program files\trend micro<br/>2009-01-19 13:11 . 2009-01-19 13:11230--a------c:\windows\system32\spupdsvc.inf<br/>2009-01-18 22:33 . 2003-03-18 16:201,060,864--a------c:\windows\system32\MFC71.dll<br/>2009-01-18 00:30 . 2009-01-18 00:30d--------c:\documents and settings\me\Application Data\PC Tools<br/>2009-01-18 00:30 . 2009-01-19 23:18d-a------c:\documents and settings\All Users\Application Data\TEMP<br/>2009-01-18 00:30 . 2008-08-25 12:3681,288--a------c:\windows\system32\drivers\iksyssec.sys<br/>2009-01-18 00:30 . 2008-08-25 12:3666,952--a------c:\windows\system32\drivers\iksysflt.sys<br/>2009-01-18 00:30 . 2008-08-25 12:3640,840--a------c:\windows\system32\drivers\ikfilesec.sys<br/>2009-01-18 00:30 . 2008-06-02 16:1929,576--a------c:\windows\system32\drivers\kcom.sys<br/>2009-01-18 00:14 . 2009-01-18 00:14d--------c:\documents and settings\me\DoctorWeb<br/>2009-01-17 10:29 . 2009-01-17 10:29d--------c:\program files\Acceleration Software<br/>2009-01-17 10:29 . 2009-01-17 10:29d--------c:\documents and settings\me\Application Data\eAcceleration<br/>2009-01-17 10:28 . 2009-01-17 10:29d--------c:\program files\eAcceleration<br/>2009-01-17 10:28 . 2009-01-17 10:29d--------c:\program files\Common Files\eAcceleration<br/>2009-01-17 10:28 . 2009-01-17 10:29d--------c:\documents and settings\All Users\Application Data\eAcceleration<br/>2009-01-17 10:23 . 2009-01-17 10:23d--------c:\windows\BDOSCAN8<br/>2009-01-16 03:06 . 2009-01-20 03:16d--h-----C:\$AVG8.VAULT$<br/>2009-01-15 22:26 . 2001-05-22 23:4545,056--a------c:\windows\PANIC32.dll<br/>2009-01-15 22:26 . 2001-09-16 11:4440,960--a------c:\windows\PANICNT.dll<br/>2009-01-15 15:28 . 2009-01-15 15:28d--------c:\windows\system32\drivers\Avg<br/>2009-01-15 15:28 . 2009-01-15 15:28d--------c:\program files\AVG<br/>2009-01-15 15:28 . 2009-01-15 15:36d--------c:\documents and settings\me\Application Data\AVGTOOLBAR<br/>2009-01-15 15:28 . 2009-01-15 15:2897,928--a------c:\windows\system32\drivers\avgldx86.sys<br/>2009-01-15 15:28 . 2009-01-15 15:2876,040--a------c:\windows\system32\drivers\avgtdix.sys<br/>2009-01-15 15:28 . 2009-01-15 15:2810,520--a------c:\windows\system32\avgrsstx.dll<br/>2009-01-09 22:44 . 2008-07-07 12:27102,664--a------c:\windows\system32\drivers\tmcomm.sys<br/>2009-01-05 22:40 . 2009-01-05 22:44d--------c:\documents and settings\me\Application Data\XnView<br/>2009-01-03 13:09 . 2008-10-16 14:06268,648--a------c:\windows\system32\mucltui.dll<br/>2009-01-03 13:09 . 2008-10-16 14:0627,496--a------c:\windows\system32\mucltui.dll.mui<br/>2009-01-02 22:33 . 2009-01-02 22:33d--------c:\program files\MSECache<br/>2008-12-22 21:14 . 2008-12-22 21:1472,192--a------c:\windows\cadkasdeinst01e.exe<br/><br/>.<br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))<br/>.<br/>2009-01-21 00:0389,638,944--sha-wc:\windows\system32\drivers\fidbox.dat<br/>2009-01-20 16:57---------d-----wc:\program files\Java<br/>2009-01-19 18:11907,776----a-wc:\windows\Internet Logs\xDB6.tmp<br/>2009-01-19 18:111,915,392----a-wc:\windows\Internet Logs\xDB7.tmp<br/>2009-01-15 20:28---------d-----wc:\documents and settings\All Users\Application Data\avg8<br/>2009-01-15 15:191,058,096--sha-wc:\windows\system32\drivers\fidbox.idx<br/>2009-01-15 04:36---------d-----wc:\documents and settings\All Users\Application Data\Google Updater<br/>2009-01-15 01:182,258,944----a-wc:\windows\Internet Logs\xDB4.tmp<br/>2009-01-15 01:181,798,144----a-wc:\windows\Internet Logs\xDB5.tmp<br/>2008-12-30 04:271,147,392----a-wc:\windows\Internet Logs\xDB3.tmp<br/>2008-12-20 03:44---------d-----wc:\documents and settings\me\Application Data\DivX<br/>2008-12-20 03:381,881,903----a-wc:\windows\Internet Logs\tvDebug.zip<br/>2008-12-15 22:31---------d-----wc:\documents and settings\me\Application Data\SuperNZB<br/>2008-12-11 11:57333,184----a-wc:\windows\system32\drivers\srv.sys<br/>2008-12-10 18:02625,664----a-wc:\windows\Internet Logs\xDB2.tmp<br/>2008-12-10 14:177,808----a-wc:\windows\system32\drivers\psi_mf.sys<br/>2008-12-01 05:45---------d-----wc:\documents and settings\me\Application Data\GARMIN<br/>2008-11-30 03:182,710,016----a-wc:\windows\Internet Logs\xDB1.tmp<br/>2008-11-25 20:20---------d-----wc:\program files\Freecorder<br/>2008-11-25 14:03---------d-----wc:\documents and settings\me\Application Data\Apple Computer<br/>2008-11-21 21:479,464------wc:\windows\system32\drivers\cdralw2k.sys<br/>2008-11-21 21:479,336------wc:\windows\system32\drivers\cdr4_xp.sys<br/>2008-11-21 21:47524,288----a-wc:\windows\system32\DivXsm.exe<br/>2008-11-21 21:4743,528------wc:\windows\system32\drivers\PxHelp20.sys<br/>2008-11-21 21:473,596,288----a-wc:\windows\system32\qt-dx331.dll<br/>2008-11-21 21:47129,784------wc:\windows\system32\pxafs.dll<br/>2008-11-21 21:47120,056------wc:\windows\system32\pxcpyi64.exe<br/>2008-11-21 21:47118,520------wc:\windows\system32\pxinsi64.exe<br/>2008-11-21 21:46200,704----a-wc:\windows\system32\ssldivx.dll<br/>2008-11-21 21:461,044,480----a-wc:\windows\system32\libdivx.dll<br/>2008-11-21 21:44161,096----a-wc:\windows\system32\DivXCodecVersionChecker.exe<br/>2008-11-21 21:4412,288----a-wc:\windows\system32\DivXWMPExtType.dll<br/>2008-11-10 14:20737,280----a-wc:\windows\iun6002.exe<br/>2008-10-23 13:01283,648----a-wc:\windows\system32\gdi32.dll<br/>1998-10-12 16:2340,960----a-wc:\windows\inf\vizPnP\Vipersti.dll<br/>1998-07-30 17:4419,112----a-wc:\windows\inf\vizPnP\Pmxscan.sys<br/>.<br/><br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))<br/>.<br/>.<br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4<br/><br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]<br/>"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre0.dll" [2008-11-25 1784856]<br/><br/>[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]<br/><br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]<br/>2008-11-25 15:201784856--a------c:\program files\Freecorder\tbFre0.dll<br/><br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]<br/>"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre0.dll" [2008-11-25 1784856]<br/><br/>[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]<br/><br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]<br/>"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre0.dll" [2008-11-25 1784856]<br/><br/>[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]<br/><br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]<br/>"Eraser"="d:\programs\eraser\Eraser\eraser.exe" [2002-04-29 487424]<br/>"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]<br/>"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]<br/>"PPWebCap"="c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2000-03-01 48128]<br/>"Advanced SystemCare 3"="d:\downloads\SystemCare\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]<br/><br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]<br/>"MULTIMEDIA KEYBOARD"="c:\program files\Keymaestro\Multimedia Keyboard\MMKeybd.exe" [2002-01-17 147456]<br/>"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]<br/>"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]<br/>"Adobe Reader Speed Launcher"="d:\downloads\Adobe\Reader\Reader_sl.exe" [2008-06-12 34672]<br/>"WinPatrol"="d:\downloads\WinPatrol\winpatrol.exe" [2004-12-09 140480]<br/>"fbdirect"="c:\program files\ScanSoft\PaperPort\fbdirect.exe" [1998-11-17 227328]<br/>"ZoneAlarm Client"="d:\downloads\ZoneAlarm\ZoneAlarm\zlclient.exe" [2008-07-09 919016]<br/>"AVG8_TRAY"="d:\downlo~1\AVG01_09\avgtray.exe" [2009-01-15 1261336]<br/>"Pop-Up Stopper"="d:\programs\popupstp\POP-UP~1\dpps2.exe" [2001-10-16 675840]<br/>"webscan"="c:\program files\Acceleration Software\Anti-Virus\stopsignav.exe" [2008-12-11 914784]<br/>"SoftwareStation"="c:\program files\eAcceleration\Station\station.exe" [2008-04-15 173392]<br/>"avast!"="d:\downlo~1\Avast\ashDisp.exe" [2008-11-26 81000]<br/>"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]<br/><br/>c:\documents and settings\All Users\Start Menu\Programs\Startup\<br/>AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2008-05-21 581632]<br/>BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 24576]<br/>Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]<br/><br/>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]<br/>"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]<br/><br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]<br/>"Userinit"="c:\windows\system32\Userinit.exe"<br/><br/>[HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^Secunia PSI.lnk]<br/>backup=c:\windows\pss\Secunia PSI.lnkStartup<br/><br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]<br/>--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe<br/><br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]<br/>"gusvc"=2 (0x2)<br/>"CiSvc"=3 (0x3)<br/>"Bonjour Service"=2 (0x2)<br/>"Apple Mobile Device"=2 (0x2)<br/><br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]<br/>"DisableMonitoring"=dword:00000001<br/><br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]<br/>"EnableFirewall"= 0 (0x0)<br/><br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]<br/>"%windir%\\system32\\sessmgr.exe"=<br/>"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=<br/>"d:\\Downloads\\AVG01_09\\avgemc.exe"=<br/>"d:\\Downloads\\AVG01_09\\avgupd.exe"=<br/><br/>R0 DMX3191;DMX3191;c:\windows\system32\drivers\DMX3191.SYS [1999-12-13 11459]<br/>R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-08-19 28544]<br/><a href="https://interviewquestions.tuteehub.com/tag/r1-612656" style="font-weight:bold;" target="_blank" title="Click to know more about R1">R1</a> aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-18 111184]<br/>R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-15 97928]<br/>R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2008-05-31 6656]<br/>R3 pmxscan;Visioneer USB Service;c:\windows\system32\drivers\usbscan.sys [2008-09-28 15104]<br/>R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-18 20560]<br/>R4 avg8emc;AVG Free8 E-mail Scanner;d:\downlo~1\AVG01_09\avgemc.exe [2009-01-15 875288]<br/>R4 avg8wd;AVG Free8 WatchDog;d:\downlo~1\AVG01_09\avgwdsvc.exe [2009-01-15 231704]<br/>R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-15 76040]<br/>R4 eac_notifysvc;eAcceleration Notification Service;c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe [2009-01-17 111952]<br/>R4 eac_productsvc;eAcceleration Product Manager Service;c:\progra~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe [2009-01-17 263504]<br/>R4 HPFECP06;HPFECP06;c:\windows\system32\drivers\hpfecp06.sys [2008-08-23 38176]<br/>R4 nhksrv;Netropa NHK Server;c:\program files\Keymaestro\Multimedia Keyboard\nhksrv.exe [2008-05-31 28672]<br/>R4 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [2008-05-19 100728]<br/>R4 sstsmonsvc;StopSign Antivirus Security Center Provider;c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe [2009-01-17 111952]<br/>S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\16.tmp --> c:\windows\system32\16.tmp [?]<br/>S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-08-29 18176]<br/>S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-08-29 7680]<br/>S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-08-29 42112]<br/>S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]<br/>S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2008-08-28 10880]<br/>S3 sdAuxService;PC Tools Auxiliary Service;d:\downloads\IamFamousRemoval\Spyware Doctor\pctsAuxs.exe [2009-01-18 356920]<br/>S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [2008-05-21 3351]<br/><br/>[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca05ce84-2614-11dd-81e4-0030bd1e78f3}]<br/>\Shell\AutoRun\command - i:\wd_windows_tools\setup.exe<br/>.<br/>Contents of the 'Scheduled Tasks' folder<br/><br/>2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job<br/>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]<br/><br/>2009-01-21 c:\windows\Tasks\RegCure Program Check.job<br/>- d:\downloads\Reg Cure\RegCure\RegCure.exe [2007-10-20 11:40]<br/><br/>2009-01-15 c:\windows\Tasks\RegCure.job<br/>- d:\downloads\Reg Cure\RegCure\RegCure.exe [2007-10-20 11:40]<br/>.<br/>- - - - ORPHANS REMOVED - - - -<br/><br/>HKLM-Run-Cmaudio - cmicnfg.cpl<br/><br/><br/>.<br/>------- Supplementary Scan -------<br/>.<br/>uStart Page = hxxp://www.yahoo.com/<br/>uInternet Settings,ProxyOverride = *.local<br/>uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com<br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000<br/>Trusted Zone: asia.msi.com.tw<br/>Trusted Zone: global.msi.com.tw<br/>Trusted Zone: <a href="http://www.msi.com.tw">www.msi.com.tw</a><br/>Trusted Zone: wdc.custhelp.com<br/>Trusted Zone: global.msi.com.tw<br/>DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab<br/>FF - ProfilePath - c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\default.roe\<br/>FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=<br/>FF - prefs.js: browser.search.selectedEngine - Yahoo<br/>FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/<br/>FF - component: c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\default.roe\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll<br/>FF - component: d:\downloads\AVG01_09\Firefox\components\avgssff.dll<br/>FF - component: d:\downloads\AVG01_09\ToolbarFF\components\vmAVGConnector.dll<br/>FF - plugin: c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\default.roe\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll<br/>FF - plugin: c:\documents and settings\me\Application Data\Mozilla\plugins\npPxPlay.dll<br/>FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll<br/>FF - plugin: d:\downloads\Adobe\Reader\browser\nppdf32.dll<br/>FF - plugin: d:\downloads\divx pro\DivX\DivX Player\npDivxPlayerPlugin.dll<br/>FF - plugin: d:\downloads\divx pro\DivX\DivX Web Player\npdivx32.dll<br/>FF - plugin: d:\downloads\FireFox\plugins\NPBelv32.dll<br/>FF - plugin: d:\downloads\FireFox\plugins\NPZoneSB.dll<br/>.<br/><br/>**************************************************************************<br/><br/>catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net">http://www.gmer.net</a><br/>Rootkit scan 2009-01-20 19:00:45<br/>Windows 5.1.2600 Service Pack 2 NTFS<br/><br/>scanning hidden processes ... <br/><br/>scanning hidden autostart entries ... <br/><br/>scanning hidden files ... <br/><br/>scan completed successfully<br/>hidden files: 0<br/><br/>**************************************************************************<br/><br/>[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]<br/>"ImagePath"="\??\c:\windows\system32\16.tmp"<br/>.<br/>------------------------ Other Running Processes ------------------------<br/>.<br/>c:\windows\system32\ZoneLabs\vsmon.exe<br/>d:\downloads\Avast\aswUpdSv.exe<br/>d:\downloads\Avast\ashServ.exe<br/>c:\program files\Java\jre6\bin\jqs.exe<br/>d:\downloads\Reg_ProShow\scsiaccess.exe<br/>c:\windows\system32\searchindexer.exe<br/>d:\downlo~1\AVG01_09\avgrsx.exe<br/>d:\downloads\Avast\Setup\avast.setup<br/>d:\downloads\Avast\ashMaiSv.exe<br/>d:\downloads\Avast\ashWebSv.exe<br/>c:\program files\Keymaestro\Multimedia Keyboard\Traymon.exe<br/>c:\program files\Keymaestro\Onscreen Display\osd.exe<br/>c:\windows\system32\searchprotocolhost.exe<br/>c:\program files\eAcceleration\Station\station_bk.exe<br/>c:\program files\iPod\bin\iPodService.exe<br/>c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe<br/>c:\windows\system32\searchfilterhost.exe<br/>.<br/>**************************************************************************<br/>.<br/>Completion time: 2009-01-20 19:05:15 - machine was rebooted<br/>ComboFix-quarantined-files.txt 2009-01-21 00:05:06<br/><br/>Pre-Run: 31,539,339,264 bytes free<br/>Post-Run: 31,555,018,752 bytes free<br/><br/>WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe<br/>[Boot Loader]<br/>Timeout=2<br/>Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS<br/>[Operating Systems]<br/>c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons<br/>multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="XXCLONE: (Cloned Volume) [d:0,p:1] \WINDOWS" /fastdetect /NoExecute=OptIn<br/><br/>269--- E O F ---2008-10-17 20:23:57<br/><br/><br/>Also had this in a pop up window:<br/>127.0.0.1 localhost<br/><br/>*** <br/><br/>Just had WinPatrol ask if I wanted .jpg files to open with IE instead of VuePrint. Told it no.<br/><br/>** <br/><br/><br/><br/><br/>Looks good. There are a few <a href="https://interviewquestions.tuteehub.com/tag/things-25910" style="font-weight:bold;" target="_blank" title="Click to know more about THINGS">THINGS</a> to take care of.<br/><br/>Download the <a href="http://oldtimer.geekstogo.com/OTMoveIt3.exe">OTMoveIt3</a> by OldTimer<br/><br/><strong>Note:</strong> If you are running on Vista, right-click on OTMoveIt3.exe and choose <strong>Run As Administrator</strong>.<br/><br/>*<strong> Save</strong> it to your <strong>Desktop</strong>.<br/>* Double-click <strong>OTMoveIt3.exe</strong> to run it.<br/>*<strong> Copy the lines in the codebox below to the clipboard</strong> by highlighting <strong>ALL</strong> of them and <strong>pressing CTRL + C</strong> (or, after highlighting, right-click and choose <strong>Copy</strong>)<br/><br/>Code: <a>[Select]</a>:Processes<br/>explorer.exe<br/><br/>:reg<br/>[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]<br/>[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca05ce84-2614-11dd-81e4-0030bd1e78f3}]<br/><br/>:Commands<br/>[purity]<br/>[emptytemp]<br/>[start explorer]<br/>[Reboot]<br/><br/>* Return to OTMoveIt3, right click in the <strong>"Paste Instructions for Items to be Moved" </strong> window <strong>(under the yellow bar) </strong>and choose <strong>Paste</strong>.<br/>* Click the red <strong>Moveit!</strong> button.<br/>*<strong> Copy everything in the Results window (under the green bar</strong><strong>) to the clipboard</strong> by highlighting <strong>ALL</strong> of them and <strong>pressing CTRL + C</strong> (or, after highlighting, right-click and choose copy), and paste it in your next reply.<br/>Close <strong>OTMoveIt3</strong><br/><br/><strong>Note</strong>: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose <strong>Yes</strong>. If not, reboot anyway.<br/><br/>----------<br/><br/>Please go to Start > Run and copy/paste the following blue text and then press Enter:<br/><br/>C:\QooBox\Add-Remove Programs.txt<br/><br/>A text file should open. Please post the contents of that file in your next reply. <br/>File from MoveIt after the reboot:<br/><br/>========== PROCESSES ==========<br/>Process explorer.exe killed successfully.<br/>========== REGISTRY ==========<br/>Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2\\ deleted successfully.<br/>Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca05ce84-2614-11dd-81e4-0030bd1e78f3}\\ deleted successfully.<br/>========== COMMANDS ==========<br/>File delete failed. C:\DOCUME~1\me\LOCALS~1\Temp\etilqs_k541boUvCGX1FhhVV2lB scheduled to be deleted on reboot.<br/>User's Temp folder emptied.<br/>User's Temporary Internet Files folder emptied.<br/>User's Internet Explorer cache folder emptied.<br/>Local Service Temp folder emptied.<br/>File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.<br/>Local Service Temporary Internet Files folder emptied.<br/>File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.<br/>File delete failed. C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.<br/>File delete failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be deleted on reboot.<br/>File delete failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be deleted on reboot.<br/>File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4d8.dat scheduled to be deleted on reboot.<br/>File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_718.dat scheduled to be deleted on reboot.<br/>File delete failed. C:\WINDOWS\temp\ZLT0432d.TMP scheduled to be deleted on reboot.<br/>File delete failed. C:\WINDOWS\temp\ZLT04330.TMP scheduled to be deleted on reboot.<br/>File delete failed. C:\WINDOWS\temp\~DF1563.tmp scheduled to be deleted on reboot.<br/>Windows Temp folder emptied.<br/>Java cache emptied.<br/>File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_001_ scheduled to be deleted on reboot.<br/>File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_002_ scheduled to be deleted on reboot.<br/>File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_003_ scheduled to be deleted on reboot.<br/>File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.<br/>File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\urlclassifier3.sqlite scheduled to be deleted on reboot.<br/>File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\XUL.mfl scheduled to be deleted on reboot.<br/>FireFox cache emptied.<br/>Temp folders emptied.<br/>Explorer started successfully<br/><br/>OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_215222<br/><br/>Files moved on Reboot...<br/>File C:\DOCUME~1\me\LOCALS~1\Temp\etilqs_k541boUvCGX1FhhVV2lB not found!<br/>File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.<br/>File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.<br/>File move failed. C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.<br/>File move failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be moved on reboot.<br/>File move failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be moved on reboot.<br/>File C:\WINDOWS\temp\Perflib_Perfdata_4d8.dat not found!<br/>C:\WINDOWS\temp\Perflib_Perfdata_718.dat moved successfully.<br/>C:\WINDOWS\temp\ZLT0432d.TMP moved successfully.<br/>C:\WINDOWS\temp\ZLT04330.TMP moved successfully.<br/>C:\WINDOWS\temp\~DF1563.tmp moved successfully.<br/>C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_001_ moved successfully.<br/>C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_002_ moved successfully.<br/>C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_003_ moved successfully.<br/>C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_MAP_ moved successfully.<br/>C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\urlclassifier3.sqlite moved successfully.<br/>C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\XUL.mfl moved successfully.<br/><br/><br/>***<br/><br/>From the add/remove text file:<br/><br/><br/>Acrobat.com<br/>Adobe AIR<br/>Adobe Flash Player 10 ActiveX<br/>Adobe Flash Player 10 Plugin<br/>Adobe Reader 9<br/>Advanced SystemCare 3<br/>Apple Mobile Device Support<br/>Apple Software Update<br/>Audacity 1.2.6<br/>Audacity 1.3.6 (Unicode)<br/>Audio Recorder for Free<br/>Audio Recorder Pro 3.70<br/>AutoUpdate<br/>avast! Antivirus<br/>AVG Free 8.0<br/>Belarc Advisor 5.1<br/>Bluesoleil2.6.0.8 Release 070517<br/>Bonjour<br/>C-Media WDM Audio Driver<br/>Compatibility Pack for the 2007 Office system<br/>Cryptainer LE<br/>DiscWizard for Windows<br/>DivX Codec<br/>DivX Player<br/>DivX Web Player<br/>Driver Detective<br/>DriverGuide DriverScan<br/>DriverGuide Toolkit<br/>Enhanced Sound Card Driver 8.0<br/>Eraser 5.3<br/>FLVhosting Desktop FLV Player Ver 2.00<br/>Fotosizer 1.19<br/>Fox Magic Audio Recorder 1.0<br/>FREE Hi-Q Recorder 1.92<br/>Freecorder Toolbar<br/>Freecorder Toolbar 3.02 Application<br/>Garmin POI Loader<br/>Google Earth<br/>Google Updater<br/>HHD Software Free Hex Editor 3.12<br/>HijackThis 1.99.1<br/>Hotfix for Windows Media Format 11 SDK (KB929399)<br/>Hotfix for Windows Media Player 11 (KB939683)<br/>Hotfix for Windows XP (KB896344)<br/>Hotfix for Windows XP (KB915800-v4)<br/>Hotfix for Windows XP (KB915865)<br/>Hotfix for Windows XP (KB926239)<br/>Hotfix for Windows XP (KB952287)<br/>HP DeskJet 720C Series (Remove only)<br/>Huelix Audio Converter 2.0<br/>Image Resizer Powertoy for Windows XP<br/>iTunes<br/>Java(TM) 6 Update 11<br/>Java(TM) 6 Update 6<br/>Java(TM) 6 Update 7<br/>Keymaestro Multimedia Keyboard<br/>Livestation<br/>Microsoft .NET Framework 2.0 Service Pack 1<br/>Microsoft Compression Client Pack 1.0 for Windows XP<br/>Microsoft Internationalized Domain Names Mitigation APIs<br/>Microsoft Kernel-Mode Driver Framework Feature Pack 1.5<br/>Microsoft National Language Support Downlevel APIs<br/>Microsoft Office Professional Edition 2003<br/>Microsoft Silverlight<br/>Microsoft User-Mode Driver Framework Feature Pack 1.0<br/>Microsoft Visual C++ 2005 Redistributable<br/>Motorola Software Update<br/>Mozilla Firefox (3.0.5)<br/>Mozilla Thunderbird (2.0.0.19)<br/>Mp3 Stream Recorder<br/>MSXML 4.0 SP2 (KB936181)<br/>MSXML 4.0 SP2 (KB954430)<br/>Nikon Scan<br/>OpenAL<br/>Panda ActiveScan 2.0<br/>PaperPort 6.5<br/>PDF Reader 2<br/>Photodex Presenter<br/>Pop-Up Stopper<br/>Prism Video Converter<br/>ProShow<br/>ProShow Gold<br/>QuickTime<br/>Replay Radio and Replay A/V 7<br/>Safari<br/>Samsung USB Driver (MCCI 4.34) WHQL v3.4<br/>Secunia PSI<br/>Security Update for Windows Media Player (KB911564)<br/>Security Update for Windows Media Player (KB952069)<br/>Security Update for Windows Media Player 11 (KB936782)<br/>Security Update for Windows Media Player 11 (KB954154)<br/>Security Update for Windows Media Player 6.4 (KB925398)<br/>Security Update for Windows Media Player 9 (KB936782)<br/>Security Update for Windows XP (KB890046)<br/>Security Update for Windows XP (KB893756)<br/>Security Update for Windows XP (KB896358)<br/>Security Update for Windows XP (KB896423)<br/>Security Update for Windows XP (KB896428)<br/>Security Update for Windows XP (KB899587)<br/>Security Update for Windows XP (KB899591)<br/>Security Update for Windows XP (KB900725)<br/>Security Update for Windows XP (KB901017)<br/>Security Update for Windows XP (KB901214)<br/>Security Update for Windows XP (KB902400)<br/>Security Update for Windows XP (KB905414)<br/>Security Update for Windows XP (KB905749)<br/>Security Update for Windows XP (KB908519)<br/>Security Update for Windows XP (KB911562)<br/>Security Update for Windows XP (KB911927)<br/>Security Update for Windows XP (KB913580)<br/>Security Update for Windows XP (KB914388)<br/>Security Update for Windows XP (KB914389)<br/>Security Update for Windows XP (KB918118)<br/>Security Update for Windows XP (KB918439)<br/>Security Update for Windows XP (KB919007)<br/>Security Update for Windows XP (KB920213)<br/>Security Update for Windows XP (KB920670)<br/>Security Update for Windows XP (KB920683)<br/>Security Update for Windows XP (KB920685)<br/>Security Update for Windows XP (KB922819)<br/>Security Update for Windows XP (KB923191)<br/>Security Update for Windows XP (KB923414)<br/>Security Update for Windows XP (KB923789)<br/>Security Update for Windows XP (KB923980)<br/>Security Update for Windows XP (KB924270)<br/>Security Update for Windows XP (KB924496)<br/>Security Update for Windows XP (KB924667)<br/>Security Update for Windows XP (KB925902)<br/>Security Update for Windows XP (KB926255)<br/>Security Update for Windows XP (KB926436)<br/>Security Update for Windows XP (KB927779)<br/>Security Update for Windows XP (KB927802)<br/>Security Update for Windows XP (KB928255)<br/>Security Update for Windows XP (KB928843)<br/>Security Update for Windows XP (KB929123)<br/>Security Update for Windows XP (KB930178)<br/>Security Update for Windows XP (KB931261)<br/>Security Update for Windows XP (KB931784)<br/>Security Update for Windows XP (KB932168)<br/>Security Update for Windows XP (KB933729)<br/>Security Update for Windows XP (KB935839)<br/>Security Update for Windows XP (KB935840)<br/>Security Update for Windows XP (KB936021)<br/>Security Update for Windows XP (KB937894)<br/>Security Update for Windows XP (KB938127)<br/>Security Update for Windows XP (KB938464)<br/>Security Update for Windows XP (KB941202)<br/>Security Update for Windows XP (KB941568)<br/>Security Update for Windows XP (KB941569)<br/>Security Update for Windows XP (KB941644)<br/>Security Update for Windows XP (KB941693)<br/>Security Update for Windows XP (KB943055)<br/>Security Update for Windows XP (KB943460)<br/>Security Update for Windows XP (KB943485)<br/>Security Update for Windows XP (KB944338)<br/>Security Update for Windows XP (KB944653)<br/>Security Update for Windows XP (KB945553)<br/>Security Update for Windows XP (KB946026)<br/>Security Update for Windows XP (KB946648)<br/>Security Update for Windows XP (KB947864)<br/>Security Update for Windows XP (KB948590)<br/>Security Update for Windows XP (KB948881)<br/>Security Update for Windows XP (KB950749)<br/>Security Update for Windows XP (KB950760)<br/>Security Update for Windows XP (KB950762)<br/>Security Update for Windows XP (KB950974)<br/>Security Update for Windows XP (KB951066)<br/>Security Update for Windows XP (KB951376-v2)<br/>Security Update for Windows XP (KB951376)<br/>Security Update for Windows XP (KB951698)<br/>Security Update for Windows XP (KB951748)<br/>Security Update for Windows XP (KB952954)<br/>Security Update for Windows XP (KB953839)<br/>Security Update for Windows XP (KB954211)<br/>Security Update for Windows XP (KB954600)<br/>Security Update for Windows XP (KB955069)<br/>Security Update for Windows XP (KB956391)<br/>Security Update for Windows XP (KB956802)<br/>Security Update for Windows XP (KB956803)<br/>Security Update for Windows XP (KB956841)<br/>Security Update for Windows XP (KB957095)<br/>Security Update for Windows XP (KB957097)<br/>Security Update for Windows XP (KB958644)<br/>Security Update for Windows XP (KB958687)<br/>Slides & Sound Plus<br/>Smart Defrag 1.03<br/>SoundTap <a href="https://interviewquestions.tuteehub.com/tag/streaming-653713" style="font-weight:bold;" target="_blank" title="Click to know more about STREAMING">STREAMING</a> Audio Recorder<br/>Spybot - Search & Destroy<br/>Spyware Doctor 6.0<br/>StopSign Internet Security<br/>Switch Sound File Converter<br/>Uniblue DriverScanner 2009<br/>Update for Windows XP (KB894391)<br/>Update for Windows XP (KB898461)<br/>Update for Windows XP (KB900485)<br/>Update for Windows XP (KB904942)<br/>Update for Windows XP (KB908531)<br/>Update for Windows XP (KB910437)<br/>Update for Windows XP (KB911280)<br/>Update for Windows XP (KB916595)<br/>Update for Windows XP (KB920872)<br/>Update for Windows XP (KB922582)<br/>Update for Windows XP (KB927891)<br/>Update for Windows XP (KB930916)<br/>Update for Windows XP (KB932823-v3)<br/>Update for Windows XP (KB938828)<br/>Update for Windows XP (KB942763)<br/>Update for Windows XP (KB943729)<br/>Update for Windows XP (KB951072-v2)<br/>Update for Windows XP (KB955839)<br/>VIA Audio Driver Setup Program<br/>Visioneer 7600 USB Scanner Driver<br/>VLC media player 0.9.4<br/>WD Diagnostics<br/>WebFldrs XP<br/>Windows Genuine Advantage Validation Tool (KB892130)<br/>Windows Installer 3.1 (KB893803)<br/>Windows Media Format 11 runtime<br/>Windows Media Player 11<br/>Windows Search 4.0<br/>Windows XP Hotfix - KB873339<br/>Windows XP Hotfix - KB885835<br/>Windows XP Hotfix - KB885836<br/>Windows XP Hotfix - KB886185<br/>Windows XP Hotfix - KB887472<br/>Windows XP Hotfix - KB888302<br/>Windows XP Hotfix - KB890859<br/>Windows XP Hotfix - KB891781<br/>XnView 1.95.4<br/>XXClone ver 0.58.0<br/>ZoneAlarm<br/>ZoneAlarm Spy Blocker<br/><br/>*** <br/><br/>I am able to get the windows updates now. <br/><br/>I have resisted installing sp3 because so many people had problems with it. Read somewhere to download it to a file, burn it on a cd and reboot to safe mode and then install it. What do you suggest?<br/><br/>BTW--Thanks for all the help you have given me. If you were a woman, I'd give you a kiss--a man and I'd shake your hand and buy you a burger and a coke.<br/><br/>))<br/><br/>Next?<br/><br/>ziggy<br/><br/>You can install SP3 from the Windows Update site as soon as we are done. I can't think of any reason to put it on a disk and install in safe mode.<br/><br/>Go to Add/Remove Programs and uninstall: <br/><br/>*AutoUpdate<br/>*Java(TM) 6 Update 6<br/>*Java(TM) 6 Update 7<br/><br/>You have multiple antivirus installed. This is never advised as it only causes problems so uninstall all but one.<br/><br/>avast! Antivirus<br/>AVG Free 8.0<br/>StopSign Internet Security <- Don't keep this one.<br/><br/>----------<br/><br/>Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.<br/>.<br/></p><ul><li> Click <strong>START</strong> then <strong>RUN</strong><br/></li><li> Now type <strong>Combofix /u</strong> in the runbox<br/></li><li> Make sure there's a space between Combofix and /u</li><li> Then hit <strong>Enter</strong>.</li></ul>.<br/>.<br/><strong>The above procedure will:</strong><ul><li>Delete:<ul></ul></li><li>ComboFix and its associated files and folders.</li><li> VundoFix backups, if present</li><li> The C:\Deckard folder, if present</li><li>The C:_OtMoveIt folder, if present</li></ul><ul><li> Reset the clock settings.</li><li> Hide file extensions, if required.</li><li> Hide System/Hidden files, if required.</li><li> Set a new, clean Restore Point.</li></ul>.<br/>----------<br/><br/>1. Double click <strong>OTMoveIt3.exe</strong> to launch it.<br/><strong>Vista users right click and choose Run As Administrator</strong><br/>2. Click on the CleanUp! button.<br/>3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.<br/>4. Click <strong>YES</strong> at the next prompt (list downloaded, Do you want to begin cleanup process?)<br/>5. Once complete exit out of OTMoveIt3<br/><br/>----------<br/><br/>Go to <a href="http://windowsupdate.microsoft.com/">Microsoft Windows Update</a> and get all critical updates.<br/><br/>----------<br/><br/><strong>Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.</strong><br/><br/>Concerned about Browser Security? Consider using <a href="http://%22http://www.spreadfirefox.com/node&id=224248&t=324%22">Mozilla Firefox</a>. With more than 15,000 improvements, Firefox 3 is faster, safer and smarter than ever before.<br/><br/>For Internet Explorer 7 users there is <a href="http://www.ie7pro.com/">IE7Pro</a>. IE7Pro is a must have add-on for Internet Explorer, which includes a lot of features and tweaks to make your IE friendlier, more useful, <strong>more secure</strong> and customizable.<br/><br/>To prevent unknown applications from being installed on your computer install <a href="http://www.winpatrol.com/winpatrol.html">WinPatrol 2008</a><br/>* <a href="http://www.winpatrol.com/features.html"> Using Winpatrol to protect your computer from malicious software</a><br/><br/>I suggest using <a href="http://www.mywot.com/">WOT - Web of Trust</a>. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.<br/><br/><a href="http://www.javacoolsoftware.com/spywareblaster.html"> SpywareBlaster</a> - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.<br/>* <a href="https://www.bleepingcomputer.com/tutorials/tutorial49.html"></a><a href="https://www.bleepingcomputer.com/forums/tutorial49.html">Using SpywareBlaster to protect your computer from Spyware and Malware</a><br/>* If you don't know what ActiveX controls are, see <a href="http://www.webopedia.com/TERM/A/ActiveX_control.html">here</a><br/><br/>Check out <a href="https://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/"> Keeping Yourself Safe On The Web</a> for tips and free tools to help keep you safe in the future.<br/><br/>Also see <a href="https://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/"> Slow Computer? It May Not Be Malware</a> for free cleaning/maintenance tools to help keep your computer running smooth.<br/>Am using FireFox except when I update windows.<br/><br/>Will download the others suggested that I don't have.<br/><br/>Avast or AVG--which do you like better?<br/><br/>Again--Thanks.<br/><br/><br/>Personally I prefer Avast.<br/><br/>Your welcome.</body></html> | |