I am fairly certain that my brother, who used my computer two weekends ago downloaded a virulent virus on my computer. For starters I have ran CCleaner. I have also restored my computer to an earlier time. However, when I go to log into facebook it has kept a record of my brother's username and the length of his password in the new user space. I do not have antivirus stored on my computer, as I have not yet found one that does not hinder my processing speed. When I first tried to log into Dani WEB it told me that the site was unavailable. When I next tried to access DaniWEB without logging in, it let me access the site but would not let me log in. I have included a copy of my task manager screen. Please help, otherwise I am going to have to get a reimage CD from Toshiba. I have attached a copy of the processes running from my task manager. I have logged into my facebook and my email and am afraid that this is a sleeper virus. I do not know whether or not I should change my account passwords or if this would alert whoever sent the virus to my computer. I need to clear this thing off my computer and possibly download an antivirus program and a jumpdrive antivirus program. Thank you and Happy Holidays!
Recommended Answers
Jump to Post#1. We do not open attached files here. You must copy/paste the information directly into your thread.
#2.You state you do not have an anti-virus program installed on your computer. Then you are lucky you have not previously had an infection. You haven't looked very hard for an anti-virus …
Jump to PostVery glad to see that you have installed an anti-virus program and Avast is excellent, good choice! Glad to see you have ignored your friends advice on this one. Maybe in days past an anti-virus program was not needed as much and mean WAY in the past. Today about the …
Jump to PostThe item found by the ESET scan was in your SpyBot quarantine so that's fine. Always remember to empty quarantined files after a few days. You should wait a few days just in case an incorrect file was removed, as this can happen occasionally. If you don't see any problems …
Jump to PostRun HiJackThis again and place check marks next to the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Will\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O9 - Extra button: PokerStars …
All 16 Replies
#1. We do not open attached files here. You must copy/paste the information directly into your thread.
#2.You state you do not have an anti-virus program installed on your computer. Then you are lucky you have not previously had an infection. You haven't looked very hard for an anti-virus program because there are any number of excellent FREE anti-virus programs which do not hinder processing speed. CCleaner does NOT remove infections, basically it removes temporary files.
#3. Using System Restore will NOT remove an infection but only make it harder to remove because using system restore will remove visible traces of it that would make it easier to locate.
It is very difficult to remove infections by manually removing the files, mainly because all of the files cannot usually be found manually. Plus, without knowing exactly what infection it is there is no way to determine what files are good and what files are bad. Many infections adopt the names of good files.
You need to do the steps listed in our read me sticky.
http://www.daniweb.com/forums/thread134865.html
and then copy/paste all of the requested logs back here. If you are unable to access these programs with the infected computer then they all can be placed on a flash drive and taken to the infected computer and install them from there to the computer.We also don't know anything about your computer or it's operating system and we can do nothing without all of the above informatiomn.
Provide all of that and we will be most happy to offer assistance.
I must admit that I am not tech savvy. I know a little bit about computers from talking to my friends, who do know about computers. They told me that I did not need an antivirus program as long as I did not go to sites that I don't trust and as long as I didn't download anything from the internet. Pretty much all I know is when a popup comes up saying my computer is infected I hit Alt F4. That is pretty much it. I did not know that restoring to an earlier period would make things harder to trace. I apologize for my lack of knowledge. Thank you for your time. Here is the information I received.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5461
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
1/4/2011 10:02:31 PM
mbam-log-2011-01-04 (22-02-31).txt
Scan type: Full scan (C:\|)
Objects scanned: 161191
Time elapsed: 22 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{0d37dbc6-59c9-4450-b695-fee317e1674d}\RP135\A0521489.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0d37dbc6-59c9-4450-b695-fee317e1674d}\RP136\A0521549.dll (Trojan.Agent) -> Quarantined and deleted successfully.
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-04 20:57:30
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK3025GAS rev.KA300A
Running: 1zvdl3yr.exe; Driver: C:\DOCUME~1\Will\LOCALS~1\Temp\pwriiuog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xF201DCF0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xFAA69112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xFAA482D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xFAA484C8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xFAA69900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xFAA69BB4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xF201D782]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xFAA67E12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xF201D6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xF201D726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xF201DDA6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xFAA6A020]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xF201DD66]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xFAA693D2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xFAA47F44]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xF202A9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xF202AB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP F2027FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 8056469B 7 Bytes JMP F202A9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A1142 5 Bytes JMP F20265D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A410A 7 Bytes JMP F202AB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xFA695900]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1288] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
---- Devices - GMER 1.0.15 ----
Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] zpbdsvsc <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\zpbdsvsc@DisplayName Image Shell
Reg HKLM\SYSTEM\CurrentControlSet\Services\zpbdsvsc@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\zpbdsvsc@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\zpbdsvsc@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\zpbdsvsc@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\zpbdsvsc@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\zpbdsvsc@Description Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\zpbdsvsc\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\zpbdsvsc\Parameters@ServiceDll C:\WINDOWS\system32\eocwbgws.dll
Reg HKLM\SYSTEM\ControlSet003\Services\zpbdsvsc@DisplayName Image Shell
Reg HKLM\SYSTEM\ControlSet003\Services\zpbdsvsc@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\zpbdsvsc@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\zpbdsvsc@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\zpbdsvsc@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\zpbdsvsc@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\zpbdsvsc@Description Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet003\Services\zpbdsvsc\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\zpbdsvsc\Parameters@ServiceDll C:\WINDOWS\system32\eocwbgws.dll
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-12.02) - NTFSx86
Run by Will at 22:33:30.62 on Tue 01/04/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.191.76 [GMT -5:00]
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Will\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Google Update] "c:\documents and settings\will\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\will\applic~1\mozilla\firefox\profiles\gzrha0h7.default\
FF - plugin: c:\documents and settings\will\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
============= SERVICES / DRIVERS ===============
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2004-4-14 5632]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-9-13 218592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-3 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-3 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-3 40384]
S2 McAfeeFramework;McAfee Framework Service;"c:\program files\mcafee\common framework\frameworkservice.exe" /servicestart --> c:\program files\mcafee\common framework\FrameworkService.exe [?]
S2 zpbdsvsc;Image Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-3 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-3 40384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 lxtfojowg;lxtfojowg;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-4 38224]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-9-13 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-9-13 1142224]
S3 sxjcdaao;sxjcdaao;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 talezxfm;talezxfm;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
=============== Created Last 30 ================
2011-01-05 02:04:40 -------- d-----w- c:\docume~1\will\applic~1\Malwarebytes
2011-01-05 02:04:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-05 02:04:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-05 02:04:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-05 02:04:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-03 23:11:50 38848 ----a-w- c:\windows\avastSS.scr
2011-01-03 23:11:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-01-03 23:04:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-22 04:40:40 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-22 04:40:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-22 04:34:37 -------- d-----w- c:\docume~1\will\applic~1\PC Tools
2010-12-22 04:34:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-22 04:34:35 -------- d-----w- c:\program files\Spyware Doctor
2010-12-22 04:34:35 -------- d-----w- c:\program files\common files\PC Tools
==================== Find3M ====================
============= FINISH: 22:34:29.48 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/2/2008 11:07:40 PM
System Uptime: 1/4/2011 10:07:37 PM (0 hours ago)
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Celeron(R) CPU 2.66GHz | mFCPGA | 2666/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 28 GiB total, 22.467 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_1002&DEV_434D&SUBSYS_00011179&REV_01\3&61AAA01&0&A6
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_1002&DEV_434D&SUBSYS_00011179&REV_01\3&61AAA01&0&A6
Service:
==== System Restore Points ===================
RP101: 10/6/2010 8:13:36 PM - System Checkpoint
RP102: 10/7/2010 8:38:02 PM - System Checkpoint
RP103: 10/10/2010 12:01:36 PM - System Checkpoint
RP104: 10/12/2010 7:21:44 PM - System Checkpoint
RP105: 10/14/2010 6:46:40 PM - System Checkpoint
RP106: 10/15/2010 7:31:23 PM - System Checkpoint
RP107: 10/16/2010 11:36:09 PM - System Checkpoint
RP108: 10/19/2010 9:17:48 PM - System Checkpoint
RP109: 10/23/2010 2:29:23 PM - System Checkpoint
RP110: 10/24/2010 6:57:49 PM - System Checkpoint
RP111: 10/25/2010 9:28:27 PM - System Checkpoint
RP112: 10/27/2010 7:25:14 PM - System Checkpoint
RP113: 10/28/2010 7:27:18 PM - System Checkpoint
RP114: 11/2/2010 5:09:47 PM - Removed Microsoft Silverlight
RP115: 11/3/2010 7:46:46 PM - System Checkpoint
RP116: 11/6/2010 9:43:40 PM - Restore Operation
RP117: 11/11/2010 9:13:42 PM - System Checkpoint
RP118: 11/14/2010 10:46:52 AM - System Checkpoint
RP119: 11/16/2010 4:10:15 PM - System Checkpoint
RP120: 11/17/2010 6:07:29 PM - System Checkpoint
RP121: 11/20/2010 2:58:06 PM - System Checkpoint
RP122: 11/23/2010 6:46:34 PM - System Checkpoint
RP123: 11/24/2010 9:11:42 PM - System Checkpoint
RP124: 11/26/2010 12:22:45 AM - System Checkpoint
RP125: 11/27/2010 11:28:55 PM - System Checkpoint
RP126: 11/29/2010 9:00:29 PM - System Checkpoint
RP127: 12/2/2010 5:38:39 PM - System Checkpoint
RP128: 12/5/2010 10:43:03 AM - System Checkpoint
RP129: 12/6/2010 11:28:28 AM - System Checkpoint
RP130: 12/7/2010 11:40:37 AM - System Checkpoint
RP131: 12/8/2010 8:20:04 PM - System Checkpoint
RP132: 12/9/2010 8:33:11 PM - System Checkpoint
RP133: 12/11/2010 12:09:40 AM - System Checkpoint
RP134: 12/12/2010 2:40:25 PM - System Checkpoint
RP135: 12/12/2010 8:52:33 PM - Restore Operation
RP136: 12/13/2010 7:44:06 AM - Restore Operation
RP137: 12/16/2010 1:17:38 PM - Restore Operation
RP138: 12/17/2010 7:31:46 PM - System Checkpoint
RP139: 12/20/2010 8:28:25 PM - Restore Operation
RP140: 12/21/2010 9:18:01 PM - System Checkpoint
RP141: 12/21/2010 11:28:59 PM - Restore Operation
RP142: 12/23/2010 11:05:53 PM - System Checkpoint
RP143: 12/25/2010 12:25:40 AM - System Checkpoint
RP144: 12/26/2010 2:22:20 AM - System Checkpoint
RP145: 12/28/2010 12:01:51 AM - System Checkpoint
RP146: 12/29/2010 9:33:50 PM - System Checkpoint
RP147: 1/1/2011 11:13:32 AM - System Checkpoint
RP148: 1/2/2011 4:11:58 PM - System Checkpoint
RP149: 1/3/2011 6:11:21 PM - avast! Free Antivirus Setup
RP150: 1/4/2011 9:53:19 PM - System Checkpoint
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
CCleaner (remove only)
DVD-RAM Driver
Google Gears
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Java(TM) 6 Update 11
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Spybot - Search & Destroy
Spyware Doctor 7.0
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
==== Event Viewer Messages From Past Week ========
1/4/2011 5:40:42 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0011F529C8D7. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/4/2011 10:09:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
1/3/2011 7:06:31 PM, error: Service Control Manager [7023] - The Image Shell service terminated with the following error: The specified module could not be found.
1/3/2011 6:33:21 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
1/3/2011 6:23:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/3/2011 6:23:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/3/2011 6:23:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
1/3/2011 6:23:09 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/3/2011 6:23:09 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/3/2011 6:23:09 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/3/2011 6:23:09 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/1/2011 9:37:42 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
1/1/2011 9:22:46 PM, error: Service Control Manager [7023] - The Image Shell service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
1/1/2011 9:22:46 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
1/1/2011 9:22:46 PM, error: Service Control Manager [7000] - The McAfee Framework Service service failed to start due to the following error: The system cannot find the path specified.
==== End Of File ===========================
Very glad to see that you have installed an anti-virus program and Avast is excellent, good choice! Glad to see you have ignored your friends advice on this one. Maybe in days past an anti-virus program was not needed as much and mean WAY in the past. Today about the only computer that would not need an anti-virus program would be one that would never, ever be connected to the internet, if that is even done today, and I really doubt it.
Since Malwarebytes' did find infection then I would recommend that you now do this online scan
Run the ESET Online Scanner
http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use either Internet Explorer or Firefox to complete this scan and you will need to allow an Active X to be installed.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.
Post back with that log.
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=44344426b3fda84590adab79008189b9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-05 05:19:52
# local_time=2011-01-05 12:19:52 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=770 16774141 100 100 66859 70030684 0 0
# compatibility_mode=2560 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=19041
# found=1
# cleaned=1
# scan_time=1988
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVcodec.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
I've also been getting a pop up that says unresponsive script. Then it asks if I want to end the script to click here. And it has a web address zulu.tweetmeme.com/button_ajax3.js:1 Is that part of the virus on my system?
The item found by the ESET scan was in your SpyBot quarantine so that's fine. Always remember to empty quarantined files after a few days. You should wait a few days just in case an incorrect file was removed, as this can happen occasionally. If you don't see any problems after a couple days then empty the quarantine, this holds for any security program by the way.
Don't know that the pop up you are getting is due to a virus, it also may be because you have out of date java on your system. You are running Java(TM) 6 Update 11 so it is way, way out of date as the current update is update 23. So you need to download and install the newest version from http://www.java.com/en/download/
After you do that, give me a new system scan with HiJackThis version 2.0.4 and post that log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:26:15 PM, on 1/6/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\Will\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Will\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 4244 bytes
Run HiJackThis again and place check marks next to the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Will\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
Once you have placed the check marks then click the Fix Checked button.
Exit HJT and reboot the computer. Do another system scan and post that new log.
Can you tell us how things are running now?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:34:26 PM, on 1/7/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Will\Desktop\HijackThis.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 3795 bytes
My computer is running a lot faster. And having the Avast antivirus is not slowing it down as much as mcafee or norton did. Is there an free antivirus that you would recommend besides Avast? Also, can I log into my email account at this point? I've been holding back from doing that because I don't want it to get hijacked. Thank you for all your help.
Why do you want another free av? Avast is one of the best av programs around, free or otherwise.
The one I use is Avira Free, also one of the best free or otherwise. Is there something about Avast that you don't like?
Yes, you should be able to access your email if you wish.
No I'm perfectly fine with Avast. I just didn't know if there were any qualms you had about it, since you are a lot more informed about av programs then I am. I was worried about accessing secure information since I obviously had something infecting my computer. Also in the past when I posted to Daniweb, I had to use killbot and I didn't know if I would have to use that or if my computer doesn't have anything on it that would require killbot. IF my computer is in tip top shape I only have one more question
Are there any books, websites, or links that you would recommend that I read so that I can learn more about computer viruses and how to repair them? I understand that Daniweb is a talk forum where members help other members. I'd like to be able to do that some day. I've been helped a lot by Daniweb and I want to give something back. I do thank you very much for all that you have done for me.
We would love the help. I don't know of any books, I learned what little I know from websites like this one and the kindness and expertise of people like crunchie and phillephan here. I would suggest that you keep reading here. You can learn a lot from reading other posts. "google is your friend" too.
http://www.bleepingcomputer.com/ is another good place to do some reading and learning. Many of the recommended fixes for various infections originate there.
Killbox isn't necessary and you don't need it really. It is used when there are infected files that can't be removed by normal means.
I have a couple suggestions for you on keeping your computer clean.
Use MBA-M on at least a weekly basis. Always updating before each scan.
Use correct browser settings in IE use these settings:
Open the browser and pull down on the Tools option to open the Internet Settings and click on the General tab
Click on the Settings button under Temporary Internet Files and select Every visit to the page and also reduce disk space used for temp files to less than 50 mb.
click OK
Click on the Privacy tab and click on the Advanced button.
Check the Override automatic cookie handling and select Accept for the First party Cookies option and Block 3rd Party cookies and a check mark in Allow Sessions cookies.
click Ok
On Firefox:
Tools, Options:
Privacy, check mark in Accept cookies and NO check mark in Accept 3rd party cookies.
I would also advise that you download, install, update and then enable all protection with SpywareBlaster. A FREE must have program from javacool.
"SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites"
http://download.cnet.com/SpywareBlas...-10196637.html
I read your posts all the time, but have never commented. I just wanted to take the time to stop and tell you how much one reader appreciates your words. It seems most people only want to comment to point out how they disagree, but every once in a while we should just stop to say "Thanks!".
Thank you pajojeff
For starters, I ran CCleaner. I also restored my computer to a previous state. However, when you go into a file that keeps facebook user name of my brother and the length of the password space in the new user. No antivirus I have stored on the computer, I have not found one that does not interfere with my processing speed.
For starters, I ran CCleaner. I also restored my computer to a previous state. However, when you go into a file that keeps facebook user name of my brother and the length of the password space in the new user. No antivirus I have stored on the computer, I have not found one that does not interfere with my processing speed.
You are posting in somebody else's thread. cliftonhall is the creator of this thread, therefore, this can be called thread hijacking. Please create your own thread.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.