Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 32

Thread: Help please!

  1. #21
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Everything running ok ? Boot up normally ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  2. #22
    Member
    Join Date
    Jul 2008
    Posts
    36

    Default

    You bet! We are running smoothly and the error message is now gone during start up. Are we in the clear now or are there any final steps we should follow through on?



    A

  3. #23
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    You look good to me, but with the seriousness of your infection, lets do this


    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #24
    Member
    Join Date
    Jul 2008
    Posts
    36

    Default combofix log

    ComboFix 11-05-09.04 - Ash 10/05/2011 21:09:52.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.473 [GMT -6:00]
    Running from: c:\documents and settings\Ash\Desktop\CF.exe
    AV: Shaw Secure 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: Shaw Secure 9.01 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Ash\Application Data\Adobe\plugs
    c:\documents and settings\Ash\Application Data\Adobe\shed
    c:\documents and settings\Ash\Application Data\PriceGong
    c:\documents and settings\Ash\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Ash\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Ash\Local Settings\Application Data\{8AE03E5F-CA8F-4A3D-85E4-863629FE246E}
    c:\documents and settings\Ash\Local Settings\Application Data\{8AE03E5F-CA8F-4A3D-85E4-863629FE246E}\chrome.manifest
    c:\documents and settings\Ash\Local Settings\Application Data\{8AE03E5F-CA8F-4A3D-85E4-863629FE246E}\chrome\content\_cfg.js
    c:\documents and settings\Ash\Local Settings\Application Data\{8AE03E5F-CA8F-4A3D-85E4-863629FE246E}\chrome\content\overlay.xul
    c:\documents and settings\Ash\Local Settings\Application Data\{8AE03E5F-CA8F-4A3D-85E4-863629FE246E}\install.rdf
    c:\documents and settings\Ash\Recent\Thumbs.db
    c:\documents and settings\Guest\Application Data\PriceGong
    c:\documents and settings\Guest\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\z.xml
    C:\install.exe
    c:\windows\Installer\$PatchCache$\Managed\6B07CD9D31EBDD140935E916E7270D58\1.0.28\pst.ini
    c:\windows\system32\local.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-08 06:00 . 2011-05-08 06:00 -------- d-----w- c:\documents and settings\Ash\Application Data\F-Secure
    2011-05-08 01:31 . 2011-05-08 01:31 -------- d-----w- c:\windows\system32\LogFiles
    2011-05-04 03:08 . 2011-05-04 03:15 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2011-05-04 03:08 . 2011-05-04 03:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
    2011-05-04 03:07 . 2011-05-04 03:39 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2011-05-04 03:06 . 2011-05-04 03:39 -------- d-----w- c:\program files\Shaw Secure
    2011-05-04 03:05 . 2011-05-04 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
    2011-05-04 03:05 . 2011-05-04 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
    2011-05-04 03:04 . 2011-05-04 03:04 -------- d-----w- c:\program files\Common Files\Java
    2011-05-03 00:39 . 2011-05-03 00:39 -------- d-----w- c:\program files\ESET
    2011-05-02 13:09 . 2011-05-02 13:09 -------- d-----w- c:\documents and settings\Ash\Application Data\Malwarebytes
    2011-05-02 13:09 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-02 13:09 . 2011-05-02 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-05-02 13:09 . 2011-05-02 13:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-02 13:09 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-01 22:23 . 2011-05-01 22:23 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2011-05-01 22:23 . 2011-05-01 22:23 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
    2011-04-27 05:52 . 2011-04-27 05:52 -------- d-----w- c:\windows\26-04-2011
    2011-04-27 05:51 . 2011-04-27 05:51 -------- d-----w- c:\program files\ERUNT
    2011-04-27 05:38 . 2011-04-27 13:16 0 ----a-w- c:\windows\Ctofiwogijanile.bin
    2011-04-15 02:56 . 2008-06-20 11:59 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
    2011-04-15 02:05 . 2011-04-25 04:38 -------- d-----w- c:\documents and settings\Ash\Application Data\Adobe Mini Bridge CS5
    2011-04-15 02:05 . 2011-04-15 02:05 -------- d-----w- c:\documents and settings\Ash\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2011-04-14 14:40 . 2011-04-15 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
    2011-04-14 14:36 . 2011-04-14 14:36 -------- d-----w- c:\program files\Adobe Media Player
    2011-04-11 03:48 . 2011-04-11 03:48 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Conduit
    2011-04-11 03:48 . 2011-04-11 03:48 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\BitTorrentBar
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 05:31 . 2009-06-24 05:48 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2009-02-12 15:32 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:27 . 2009-02-12 15:33 1866880 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2009-02-12 15:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06 . 2008-12-20 22:15 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2008-12-20 22:15 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41 . 2009-02-12 15:26 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-17 13:19 . 2009-02-12 15:28 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:19 . 2009-02-12 15:32 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2009-08-11 04:15 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 13:05 . 2009-02-12 15:25 290432 ----a-w- c:\windows\system32\atmfd.dll
    .
    .
    ------- Sigcheck -------
    .
    [-] 2009-02-12 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    .
    [-] 2009-02-14 . 2547D2CF090AC7636898F16957EBCEDC . 502272 . . [1.0626.6002.16497] . . c:\windows\system32\usp10.dll
    .
    [-] 2009-02-12 . F2DF0FDBD41B34112EE05ED04258F052 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2011-02-02 1066304]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "F-Secure Manager"="c:\program files\Shaw Secure\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB"="c:\program files\Shaw Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
    "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-18 421888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_3"="advpack.dll" [2009-03-08 128512]
    .
    c:\documents and settings\Ash\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2009-6-23 128000]
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 4.0.lnk
    backup=c:\windows\pss\PHOTOfunSTUDIO 4.0.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Subsonic.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Subsonic.lnk
    backup=c:\windows\pss\Subsonic.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ash^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\Ash\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ash^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\documents and settings\Ash\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 05:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 10:47 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
    2011-01-13 16:20 395192 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-08-20 19:45 1164584 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
    2007-11-01 23:13 151552 -c----w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-16 13:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2010-10-29 20:06 5915480 ----a-w- c:\program files\Logitech\Vid HD\Vid.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 20:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
    2009-11-10 17:14 443728 -c--a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-02-07 00:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mumservice]
    2011-02-02 22:45 1066304 ----a-w- c:\program files\Motorola\Software Update\mumservice.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 03:53 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-01-27 00:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Motorola Media Link\\MML.exe"=
    "c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
    "c:\\Program Files\\Subsonic\\subsonic-service.exe"=
    "c:\\Program Files\\Subsonic\\subsonic-agent.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
    .
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [03/05/2011 21:08 42664]
    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [03/05/2011 21:07 82120]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Shaw Secure\HIPS\drivers\fshs.sys [03/05/2011 21:06 68064]
    R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [16/09/2010 23:47 87336]
    R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [02/12/2010 17:48 218432]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [03/05/2011 21:06 130728]
    R3 ramdisk;Windows RAM Disk Driver;c:\windows\system32\drivers\ramdisk.sys [14/02/2009 02:00 10431]
    S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\program files\System\CPL Bonus\Vcdrom.sys --> c:\program files\System\CPL Bonus\Vcdrom.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/05/2010 08:26 136176]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [25/03/2011 20:41 6016]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Shaw Secure\ORSP Client\fsorsp.exe [03/05/2011 21:06 63992]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/05/2010 08:26 136176]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [25/03/2011 20:41 20352]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [25/03/2011 20:41 8320]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [25/03/2011 20:41 42752]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [25/03/2011 20:41 23424]
    S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [08/03/2011 22:59 9472]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
    S3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\drivers\lgusbgps.sys [24/02/2011 21:25 20096]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Shaw Secure\Anti-Virus\win2k\fsfilter.sys [03/05/2011 21:06 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Shaw Secure\Anti-Virus\win2k\fsrec.sys [03/05/2011 21:06 25184]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-ASH-LAPTOP-Ash.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-04-14 09:44]
    .
    2011-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
    .
    2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 14:26]
    .
    2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 14:26]
    .
    2011-03-26 c:\windows\Tasks\MotoHelper MUM.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-12-02 23:48]
    .
    2011-05-10 c:\windows\Tasks\MotoHelper Routing.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-12-02 23:48]
    .
    2011-03-26 c:\windows\Tasks\MotoHelper Update.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-12-02 23:48]
    .
    2011-05-10 c:\windows\Tasks\Scheduled scanning task.job
    - c:\progra~1\SHAWSE~1\ANTI-V~1\fsav.exe [2011-05-04 15:56]
    .
    2011-05-10 c:\windows\Tasks\User_Feed_Synchronization-{80A4E1C4-06CA-45AC-AFAB-7F7B16FF837F}.job
    - c:\windows\system32\msfeedssync.exe [2001-08-23 11:31]
    .
    2011-05-11 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-08-11 04:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = 192.168.*.*
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Copy to Semagic - c:\program files\Semagic\copy.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Semagic - c:\program files\Semagic\link.htm
    LSP: c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
    FF - ProfilePath - c:\documents and settings\Ash\Application Data\Mozilla\Firefox\Profiles\i2rvvuz7.default\
    FF - prefs.js: browser.startup.homepage - google.ca
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Browsing Protection: litmus-ff@f-secure.com - c:\program files\Shaw Secure\NRS\litmus-ff@f-secure.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Photo Collection Organizer - c:\program files\Photo Collection Organizer\PhotoCollectionOrganizer.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-10 21:16
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(844)
    c:\program files\shaw secure\hips\fshook32.dll
    c:\program files\Shaw Secure\FWES\Program\fsdc32.dll
    .
    - - - - - - - > 'lsass.exe'(900)
    c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
    c:\program files\shaw secure\hips\fshook32.dll
    c:\program files\Shaw Secure\FWES\Program\fsdc32.dll
    .
    - - - - - - - > 'csrss.exe'(820)
    c:\program files\Shaw Secure\FWES\Program\fsdc32.dll
    .
    Completion time: 2011-05-10 21:20:15
    ComboFix-quarantined-files.txt 2011-05-11 03:20
    .
    Pre-Run: 10,636,337,152 bytes free
    Post-Run: 10,976,645,120 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    [spybotsd]
    timeout.old=30
    .
    - - End Of File - - FF9815AD7BC4C411BF73AEA08CDD9420

  5. #25
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning

    BitTorrent <-- If I didn't mention it before, using file sharing like any of the torrents can be very dangerous, your downloading that file from an unknown source, malware writers are in tune to this and are using this method to infect you, doing what I do and knowing what I know I would never allow any form of File Sharing on any of my systems.

    If you look through your Combofix log under this heading, you will see BitTorrent listed, that means that this program can let anything onto your system it wants bypassing your firewall.

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Motorola Media Link\\MML.exe"=
    "c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
    "c:\\Program Files\\Subsonic\\subsonic-service.exe"=
    "c:\\Program Files\\Subsonic\\subsonic-agent.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=



    Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above FCopy::


    Code:
    Fcopy::
    c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #26
    Member
    Join Date
    Jul 2008
    Posts
    36

    Default

    Thank you! Good to know, will have that removed asap. Here is the requested log,


    ComboFix 11-05-11.01 - Ash 11/05/2011 16:38:42.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.236 [GMT -6:00]
    Running from: c:\documents and settings\Ash\Desktop\CF.exe
    Command switches used :: c:\documents and settings\Ash\Desktop\CFScript.txt
    AV: Shaw Secure 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: Shaw Secure 9.01 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-08 06:00 . 2011-05-08 06:00 -------- d-----w- c:\documents and settings\Ash\Application Data\F-Secure
    2011-05-08 01:31 . 2011-05-08 01:31 -------- d-----w- c:\windows\system32\LogFiles
    2011-05-04 03:08 . 2011-05-04 03:15 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2011-05-04 03:08 . 2011-05-04 03:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
    2011-05-04 03:07 . 2011-05-04 03:39 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2011-05-04 03:06 . 2011-05-04 03:39 -------- d-----w- c:\program files\Shaw Secure
    2011-05-04 03:05 . 2011-05-04 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
    2011-05-04 03:05 . 2011-05-04 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
    2011-05-04 03:04 . 2011-05-04 03:04 -------- d-----w- c:\program files\Common Files\Java
    2011-05-03 00:39 . 2011-05-03 00:39 -------- d-----w- c:\program files\ESET
    2011-05-02 13:09 . 2011-05-02 13:09 -------- d-----w- c:\documents and settings\Ash\Application Data\Malwarebytes
    2011-05-02 13:09 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-02 13:09 . 2011-05-02 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-05-02 13:09 . 2011-05-02 13:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-02 13:09 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-01 22:23 . 2011-05-01 22:23 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2011-05-01 22:23 . 2011-05-01 22:23 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
    2011-04-27 05:52 . 2011-04-27 05:52 -------- d-----w- c:\windows\26-04-2011
    2011-04-27 05:51 . 2011-04-27 05:51 -------- d-----w- c:\program files\ERUNT
    2011-04-27 05:38 . 2011-04-27 13:16 0 ----a-w- c:\windows\Ctofiwogijanile.bin
    2011-04-15 02:56 . 2008-06-20 11:59 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
    2011-04-15 02:05 . 2011-04-25 04:38 -------- d-----w- c:\documents and settings\Ash\Application Data\Adobe Mini Bridge CS5
    2011-04-15 02:05 . 2011-04-15 02:05 -------- d-----w- c:\documents and settings\Ash\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2011-04-14 14:40 . 2011-04-15 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
    2011-04-14 14:36 . 2011-04-14 14:36 -------- d-----w- c:\program files\Adobe Media Player
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 05:31 . 2009-06-24 05:48 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2009-02-12 15:32 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:27 . 2009-02-12 15:33 1866880 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2009-02-12 15:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06 . 2008-12-20 22:15 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2008-12-20 22:15 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41 . 2009-02-12 15:26 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-17 13:19 . 2009-02-12 15:28 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:19 . 2009-02-12 15:32 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2009-08-11 04:15 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 13:05 . 2009-02-12 15:25 290432 ----a-w- c:\windows\system32\atmfd.dll
    .
    .
    ------- Sigcheck -------
    .
    [-] 2009-02-14 . 2547D2CF090AC7636898F16957EBCEDC . 502272 . . [1.0626.6002.16497] . . c:\windows\system32\usp10.dll
    .
    [-] 2009-02-12 . F2DF0FDBD41B34112EE05ED04258F052 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-05-11_03.16.36 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-05-11 03:40 . 2011-05-11 03:40 16384 c:\windows\Temp\Perflib_Perfdata_2a8.dat
    + 2001-08-23 11:00 . 2011-05-11 03:44 76000 c:\windows\system32\perfc009.dat
    - 2001-08-23 11:00 . 2011-05-11 02:24 76000 c:\windows\system32\perfc009.dat
    + 2001-08-23 11:00 . 2011-05-11 03:44 452366 c:\windows\system32\perfh009.dat
    - 2001-08-23 11:00 . 2011-05-11 02:24 452366 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2011-02-02 1066304]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "F-Secure Manager"="c:\program files\Shaw Secure\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB"="c:\program files\Shaw Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
    "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-18 421888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_3"="advpack.dll" [2009-03-08 128512]
    .
    c:\documents and settings\Ash\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2009-6-23 128000]
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 4.0.lnk
    backup=c:\windows\pss\PHOTOfunSTUDIO 4.0.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Subsonic.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Subsonic.lnk
    backup=c:\windows\pss\Subsonic.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ash^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\Ash\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ash^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\documents and settings\Ash\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 05:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 10:47 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
    2011-01-13 16:20 395192 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-08-20 19:45 1164584 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
    2007-11-01 23:13 151552 -c----w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-16 13:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2010-10-29 20:06 5915480 ----a-w- c:\program files\Logitech\Vid HD\Vid.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 20:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
    2009-11-10 17:14 443728 -c--a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-02-07 00:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mumservice]
    2011-02-02 22:45 1066304 ----a-w- c:\program files\Motorola\Software Update\mumservice.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 03:53 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-01-27 00:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Motorola Media Link\\MML.exe"=
    "c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
    "c:\\Program Files\\Subsonic\\subsonic-service.exe"=
    "c:\\Program Files\\Subsonic\\subsonic-agent.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
    .
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [03/05/2011 21:08 42664]
    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [03/05/2011 21:07 82120]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Shaw Secure\HIPS\drivers\fshs.sys [03/05/2011 21:06 68064]
    R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [16/09/2010 23:47 87336]
    R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [02/12/2010 17:48 218432]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [03/05/2011 21:06 130728]
    R3 ramdisk;Windows RAM Disk Driver;c:\windows\system32\drivers\ramdisk.sys [14/02/2009 02:00 10431]
    S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\program files\System\CPL Bonus\Vcdrom.sys --> c:\program files\System\CPL Bonus\Vcdrom.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/05/2010 08:26 136176]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [25/03/2011 20:41 6016]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Shaw Secure\ORSP Client\fsorsp.exe [03/05/2011 21:06 63992]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/05/2010 08:26 136176]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [25/03/2011 20:41 20352]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [25/03/2011 20:41 8320]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [25/03/2011 20:41 42752]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [25/03/2011 20:41 23424]
    S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [08/03/2011 22:59 9472]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
    S3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\drivers\lgusbgps.sys [24/02/2011 21:25 20096]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Shaw Secure\Anti-Virus\win2k\fsfilter.sys [03/05/2011 21:06 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Shaw Secure\Anti-Virus\win2k\fsrec.sys [03/05/2011 21:06 25184]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-ASH-LAPTOP-Ash.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-04-14 09:44]
    .
    2011-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
    .
    2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 14:26]
    .
    2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 14:26]
    .
    2011-03-26 c:\windows\Tasks\MotoHelper MUM.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-12-02 23:48]
    .
    2011-05-10 c:\windows\Tasks\MotoHelper Routing.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-12-02 23:48]
    .
    2011-03-26 c:\windows\Tasks\MotoHelper Update.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-12-02 23:48]
    .
    2011-05-11 c:\windows\Tasks\Scheduled scanning task.job
    - c:\progra~1\SHAWSE~1\ANTI-V~1\fsav.exe [2011-05-04 15:56]
    .
    2011-05-11 c:\windows\Tasks\User_Feed_Synchronization-{80A4E1C4-06CA-45AC-AFAB-7F7B16FF837F}.job
    - c:\windows\system32\msfeedssync.exe [2001-08-23 11:31]
    .
    2011-05-11 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-08-11 04:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = 192.168.*.*
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Copy to Semagic - c:\program files\Semagic\copy.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Semagic - c:\program files\Semagic\link.htm
    LSP: c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
    FF - ProfilePath - c:\documents and settings\Ash\Application Data\Mozilla\Firefox\Profiles\i2rvvuz7.default\
    FF - prefs.js: browser.startup.homepage - google.ca
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Browsing Protection: litmus-ff@f-secure.com - c:\program files\Shaw Secure\NRS\litmus-ff@f-secure.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-11 16:47
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(844)
    c:\program files\shaw secure\hips\fshook32.dll
    c:\program files\Shaw Secure\FWES\Program\fsdc32.dll
    .
    - - - - - - - > 'lsass.exe'(900)
    c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
    c:\program files\shaw secure\hips\fshook32.dll
    c:\program files\Shaw Secure\FWES\Program\fsdc32.dll
    .
    - - - - - - - > 'explorer.exe'(1812)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\program files\LClock\LC.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    - - - - - - - > 'csrss.exe'(820)
    c:\program files\Shaw Secure\FWES\Program\fsdc32.dll
    .
    Completion time: 2011-05-11 16:52:36
    ComboFix-quarantined-files.txt 2011-05-11 22:52
    ComboFix2.txt 2011-05-11 03:20
    .
    Pre-Run: 11,009,265,664 bytes free
    Post-Run: 10,999,582,720 bytes free
    .
    - - End Of File - - 673EF64BB09414F9D046085DA102CA35

  7. #27
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Looking good, what I would like you to do as a final scan is to run this free on line virus scanner, this could take up to an hour or more.


    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #28
    Member
    Join Date
    Jul 2008
    Posts
    36

    Default 3 threats found

    C:\System Volume Information\_restore{9A62BD57-DD76-458F-B33F-50B39932C7FF}\RP467\A0128724.lnk LNK/URL.B trojan
    C:\System Volume Information\_restore{9A62BD57-DD76-458F-B33F-50B39932C7FF}\RP467\A0128727.lnk LNK/URL.B trojan
    C:\System Volume Information\_restore{9A62BD57-DD76-458F-B33F-50B39932C7FF}\RP470\A0130099.ini Win32/Adware.AntimalwareDoctor.AE.Gen application

  9. #29
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Those threats are in System Restore which are harmless unless you use it to restore your computer to an earlier date so its best to remove them

    This will get rid of them and create a new restore point

    System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

    Please follow the steps below to create a clean restore point:
    1. Click Start > Run > copy and paste the following into the run box:
      %SystemRoot%\System32\restore\rstrui.exe
    2. Press OK. Choose Create a Restore Point then click Next.
    3. Name it (something you'll remember) and click Create.
    4. When the confirmation screen shows the restore point has been created click Close.


    Then remove all previous Restore Points
    1. Click Start > Run > copy and paste the following into the run box:
      cleanmgr
    2. Choose to scan drive C:\ (if C:\ is your main drive).
    3. At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
    4. Click on the Yes button.
    5. When finished, click on Cancel button to exit.



    How is everything running now ????
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #30
    Member
    Join Date
    Jul 2008
    Posts
    36

    Default

    Awesome thank you! everything is running well, no issues or performance lags. We have created a new restore point and cleaned previous as described above. I will run one more online scan later tonight to ensure nothing else shows up. Thanks again for everything, very much appreciated!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •