Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Applications crashing, system running bad

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Applications crashing, system running bad

Unread postby GirlinWayside » February 3rd, 2009, 1:55 pm

things do seem a bit better. My IE still crashes and hangs up though.
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am
Advertisement
Register to Remove

Re: Applications crashing, system running bad

Unread postby Sharagoz » February 4th, 2009, 5:45 am

Since your last log your homepage has changed to this:
http://www.freegasmoneyonline.com/
Did you do this yourself?
The reason Im asking is that if you didnt, then it may be the result of malware.

Could you describe the issues you're having with IE in more detail?
How often does it hang? How often does it crash?
When it hangs, is the whole browser unresponsive, or is it just taking a long time to load a page?
Does it happen on random pages, or the same pages repeatedly?

You have Mozilla Firefox installed. Can you use that browser for a while and see if it happens there too, or if its only in IE?

A couple of more questions:
You seem to have your computer set up to use OpenDNS as your DNS server.
Is this something you did yourself?
How are you connected to the internet?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Applications crashing, system running bad

Unread postby GirlinWayside » February 4th, 2009, 5:55 am

Sharagoz wrote:Since your last log your homepage has changed to this:
http://www.freegasmoneyonline.com/
Did you do this yourself?
The reason Im asking is that if you didnt, then it may be the result of malware.


yes, I change this after the fix you posted.

Sharagoz wrote:Could you describe the issues you're having with IE in more detail?
How often does it hang? How often does it crash?
When it hangs, is the whole browser unresponsive, or is it just taking a long time to load a page?
Does it happen on random pages, or the same pages repeatedly?


IE will stop working all together. Sometimes it restarts itself, other times it freezes and does nothing. it crashed everytime I use it. I only use it on the FreeGasMoneyOnline site so Iim not sure if it does the same elsewhere.


Sharagoz wrote:You have Mozilla Firefox installed. Can you use that browser for a while and see if it happens there too, or if its only in IE?


I use FF 99% of the time and it does NOT do the same thing.


Sharagoz wrote:A couple of more questions:
You seem to have your computer set up to use OpenDNS as your DNS server.
Is this something you did yourself?
How are you connected to the internet?


NO, I did not do this myself. It just happened one day and I didnt know how to change it so I left it alone.

I am connected through Windstream DSL
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Applications crashing, system running bad

Unread postby Sharagoz » February 4th, 2009, 3:34 pm

1) Reset Internet Explorer
  • Close all open Internet Explorer windows
  • Press the windows key and the R key at the same time to open the Run dialog box
  • Type inetcpl.cpl and press Enter
  • Select the Advanced tab and click the Reset button
  • After the procedure finishes, click OK to exit the control panel
  • Open the Run dialog box again by pressing the windows key and R, type inetcpl.cpl and press Enter
  • Type in the start page you want, and press OK to save and exit
  • Launch Internet Explorer, and if asked, turn on Phishing Filter and select your search engine of choice
  • Click Tools, then Manage Add-ons, then Enable or Disable Add-ons
  • Select each of the add-ons listed, and click the Enable radio button to enable the add-on
  • Click OK to exit, and then restart Internet Explorer

Do some testing with IE after this step, and let me know how it behaves.

2) Remove firewall exception
  • Press the windows key and the R key at the same time to open the Run dialog box
  • Type firewall.cpl and press Enter
  • Click the Change settings link
  • Select the Exceptions tab
  • Select BitTorrent and click Delete
  • Click OK to save and Exit

3) Change DNS
This step is optional. Since you didnt set OpenDNS as your DNS server yourself, I'll tell you how to undo this if you wish to do so.
Some belive having a custom DNS like OpenDNS is better than having an automatic DNS, because it may be slightly faster and because it offers some filtering against the darker parts of the internet. Others complain that it comes with minor hijacks, I.E if you type in an address that does not exist, it will redirect you to a sponsored search page, there are also claims that it may hijack google searches.
I have no personal experience with it, as I've always used automatic DNS.
  • Press the windows key and the R key at the same time to open the Run dialog box
  • Type in control netconnections and press Enter
  • Right-click on your network connection and chose Properties
    (If you use a wired connection, your connection is called Local Area Connection, if you use a wireless connection its called Wireless Network Connection)
  • Select Internet Protocol Version 4 and click the Properties button
  • Click the Obtain DNS server address automatically radio button
  • Click OK to save and exit, and then restart your computer

4) Run ESET's online scanner
  • Go here using Internet Explorer:
    http://www.eset.com/onlinescan/
  • Put a checkmark next to Yes, I accept the Terms of Use and click the Start button
  • When prompted about installing ActiveX, allow it and click Install
    The interface will load
  • Click Start
    The scanner will initialize and update itself
  • Once the scanner has loaded, leave both check boxes unchecked and click the Scan button
    Your computer will be scanned, this can take a while to complete
  • When the scan has finished, close Internet Explorer
  • A log will be located here
    C:\Program Files\EsetOnlineScanner\log.txt
  • Include this log in your next reply

5) Get new RSIT log
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Select 3 months and then click Continue at the disclaimer screen to start the scanner
  • When the scan finishes a log will open. Include this log in your next reply

RAM warning
    You're running Windows Vista and only have 1GB of RAM, which is half of the recommeneded amount.
    This is a major bottle neck on your system. With this amount of RAM, around 70% of it is going to be in use just from starting the computer.
    This leaves very little to be used by the applications you run.
    Ram is very cheap these days and upgrading it will have a high effect on your systems performance.
    I recommend you take your computer to a local computer repair shop and ask them to install 2GB more.

Logs I need:
    Log from ESET scan
    RSIT log
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Applications crashing, system running bad

Unread postby GirlinWayside » February 5th, 2009, 12:55 pm

The ESET scanner will not run. It states it must run under admin rights so I need to know how to do that inside IE..


Logfile of random's system information tool 1.05 (written by random/random)
Run by Kelly at 2009-02-05 11:56:14
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 168 GB (73%) free of 229 GB
Total RAM: 1015 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:44 AM, on 2/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Kelly\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kelly.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freegasmoneyonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5699845C-2941-4113-895E-3091E3CA6C2E}: NameServer = 208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9677 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForKelly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2008-06-10 54672]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"HostManager"=C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe [2006-09-25 50736]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-04-01 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-04-01 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-04-01 133656]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-10-09 44168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-03 1783136]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-09-20 455968]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-05-27 4269296]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe

C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-25 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3c231c6-9ad4-11dc-bacf-806e6f6e6963}]
shell\AutoRun\command - E:\Setup.exe -auto


======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 3 months======

2009-01-27 16:12:58 ----A---- C:\Windows\gmer.ini
2009-01-27 16:12:56 ----A---- C:\Windows\gmer_uninstall.cmd
2009-01-27 16:12:55 ----A---- C:\Windows\gmer.exe
2009-01-27 16:12:55 ----A---- C:\Windows\gmer.dll
2009-01-27 16:02:07 ----D---- C:\rsit
2009-01-26 06:32:28 ----D---- C:\ProgramData\Avg8
2009-01-22 13:42:42 ----D---- C:\Program Files\Microsoft Silverlight
2009-01-03 16:52:19 ----D---- C:\Program Files\Avira
2009-01-01 03:00:52 ----A---- C:\Windows\system32\mshtml.dll
2008-12-16 10:22:56 ----D---- C:\j2sdk1.4.0
2008-12-12 03:03:40 ----A---- C:\Windows\system32\tzres.dll
2008-12-11 13:41:15 ----A---- C:\Windows\system32\gdi32.dll
2008-12-11 13:41:09 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-11 13:41:08 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-11 13:41:02 ----A---- C:\Windows\system32\shell32.dll
2008-12-11 13:40:53 ----A---- C:\Windows\explorer.exe
2008-12-11 13:40:48 ----A---- C:\Windows\system32\urlmon.dll
2008-12-11 13:40:47 ----A---- C:\Windows\system32\ieframe.dll
2008-12-11 13:40:46 ----A---- C:\Windows\system32\wininet.dll
2008-12-11 13:40:46 ----A---- C:\Windows\system32\mstime.dll
2008-12-11 13:40:45 ----A---- C:\Windows\system32\iertutil.dll
2008-12-11 13:40:44 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-11 13:40:36 ----A---- C:\Windows\system32\mf.dll
2008-12-11 13:40:35 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-11 13:40:35 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-11 13:40:34 ----A---- C:\Windows\system32\logagent.exe
2008-12-10 04:45:31 ----A---- C:\Windows\system32\javaws.exe
2008-12-10 04:45:31 ----A---- C:\Windows\system32\deploytk.dll
2008-12-10 04:45:30 ----A---- C:\Windows\system32\javaw.exe
2008-12-10 04:45:30 ----A---- C:\Windows\system32\java.exe
2008-12-04 19:31:35 ----D---- C:\Users\Kelly\AppData\Roaming\SaveThePuppy
2008-12-03 20:55:02 ----AD---- C:\ProgramData\TEMP
2008-11-26 00:28:58 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 00:28:57 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 00:28:57 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 00:28:56 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 00:28:55 ----A---- C:\Windows\system32\connect.dll
2008-11-23 11:08:21 ----A---- C:\Windows\system32\wups2.dll
2008-11-23 11:08:21 ----A---- C:\Windows\system32\wucltux.dll
2008-11-23 11:08:21 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-23 11:08:20 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-23 11:07:50 ----A---- C:\Windows\system32\wups.dll
2008-11-23 11:07:50 ----A---- C:\Windows\system32\wudriver.dll
2008-11-23 11:07:50 ----A---- C:\Windows\system32\wuapi.dll
2008-11-23 11:07:27 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-23 11:07:27 ----A---- C:\Windows\system32\wuapp.exe
2008-11-11 20:54:25 ----A---- C:\Windows\system32\msxml3.dll
2008-11-11 20:53:59 ----A---- C:\Windows\system32\msxml6.dll

======List of files/folders modified in the last 3 months======

2009-02-05 11:56:37 ----D---- C:\Windows\temp
2009-02-05 11:56:35 ----D---- C:\Windows\Prefetch
2009-02-05 11:53:24 ----SD---- C:\Windows\Downloaded Program Files
2009-02-05 11:53:24 ----D---- C:\Windows\System32
2009-02-05 11:46:36 ----D---- C:\Windows\SMINST
2009-02-05 11:44:53 ----D---- C:\Windows
2009-02-05 00:09:50 ----SHD---- C:\System Volume Information
2009-02-04 08:31:31 ----D---- C:\Program Files\Mozilla Firefox
2009-02-02 09:36:51 ----RD---- C:\Program Files
2009-02-02 09:27:55 ----HD---- C:\ProgramData
2009-01-27 16:12:56 ----D---- C:\Windows\system32\drivers
2009-01-27 14:10:54 ----RSD---- C:\Windows\Fonts
2009-01-26 10:49:16 ----D---- C:\Windows\inf
2009-01-26 06:32:17 ----SD---- C:\Users\Kelly\AppData\Roaming\Microsoft
2009-01-24 15:55:51 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-22 14:28:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-22 13:42:45 ----SHD---- C:\Windows\Installer
2009-01-21 05:14:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-16 02:28:00 ----D---- C:\Windows\system32\catroot2
2009-01-15 10:47:10 ----D---- C:\Windows\Debug
2009-01-15 04:58:23 ----D---- C:\Windows\winsxs
2009-01-15 04:52:51 ----D---- C:\Windows\system32\catroot
2009-01-15 04:52:47 ----D---- C:\Program Files\Windows Mail
2009-01-09 20:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-05 09:30:20 ----D---- C:\Windows\Tasks
2009-01-05 09:20:24 ----D---- C:\Windows\system32\Tasks
2009-01-03 16:52:19 ----D---- C:\ProgramData\Avira
2009-01-02 11:17:01 ----D---- C:\Program Files\CCleaner
2008-12-31 19:57:48 ----D---- C:\Windows\system32\wbem
2008-12-31 19:57:48 ----D---- C:\Windows\system32\Msdtc
2008-12-31 19:57:03 ----D---- C:\Windows\system32\config
2008-12-31 19:56:41 ----D---- C:\Windows\system32\spool
2008-12-31 19:56:41 ----D---- C:\Program Files\Windows Defender
2008-12-31 19:56:37 ----D---- C:\ProgramData\HP Product Assistant
2008-12-31 19:56:37 ----D---- C:\ProgramData\FLEXnet
2008-12-31 19:56:37 ----D---- C:\Program Files\Norton PC Checkup
2008-12-31 19:56:31 ----D---- C:\Windows\registration
2008-12-16 19:44:09 ----A---- C:\Windows\system32\DEBUG_LOG.txt
2008-12-16 10:22:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-16 10:13:28 ----D---- C:\Program Files\Java
2008-12-12 03:35:27 ----D---- C:\Windows\rescache
2008-12-12 03:16:37 ----D---- C:\Windows\AppPatch
2008-12-12 03:16:36 ----D---- C:\Windows\system32\en-US
2008-12-12 03:10:11 ----D---- C:\ProgramData\Microsoft Help
2008-12-11 16:23:43 ----D---- C:\Program Files\Yahoo!
2008-11-21 09:57:35 ----D---- C:\Users\Kelly\AppData\Roaming\Yahoo!
2008-11-14 05:27:08 ----D---- C:\Program Files\Coupons

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-08-03 91648]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2009-01-27 85969]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-23 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-09-25 79136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-13 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Applications crashing, system running bad

Unread postby Sharagoz » February 5th, 2009, 6:19 pm

Launch Internet Explorer by right-clicking on it and chosing Run as administrator.
Then try to run the ESET scan again.
If that doesn't work you will have to temporarily disable User Account Control to make it run.


Is IE performing any better after you reset it?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Applications crashing, system running bad

Unread postby GirlinWayside » February 6th, 2009, 7:25 am

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
Ok, while running this scan, my Avira kept going off - I have about 30 logs of this same one for just yesterday..

virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Users\Kelly\AppData\Local\Temp\NODB9C4.tmp.
Action performed: Deny access


here is the Est scan


# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3831 (20090205)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=38191f6dc1c241449a20f8d27e9b781d
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2009-02-06 10:44:46
# local_time=2009-02-06 05:44:46 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.0.6001 NT Service Pack 1
# scanned=779971
# found=0
# scan_time=34951
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Applications crashing, system running bad

Unread postby Sharagoz » February 6th, 2009, 4:27 pm

Ok, looks like Avira was falsely detecting the Nod scanner as a virus.

Please answer this question
Is IE performing any better after you reset it?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Applications crashing, system running bad

Unread postby GirlinWayside » February 6th, 2009, 5:53 pm

Sharagoz wrote:Ok, looks like Avira was falsely detecting the Nod scanner as a virus.

Please answer this question
Is IE performing any better after you reset it?


Oh, sorry, yes, it appears to be better now. :cheers:
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Applications crashing, system running bad

Unread postby Sharagoz » February 6th, 2009, 7:34 pm

Your logs are now clean, well done!
Unless you have discovered new problems its time to do the final steps.

Cleaning up after the removal procedures
  • 1) Uninstall through Add/Remove Programs
    • Press the windows key and the R key at the same time to open the Run dialog box
    • Type appwiz.cpl and press enter
    • Locate and uninstall this:
      ESET Online Scanner
  • 2) Uninstall GMER
    • Press the windows key and the R key to open the Run dialog box
    • Copy the command below into it and press Enter
      Code: Select all
      C:\Windows\gmer_uninstall.cmd
  • 2) Flush system restore
    This is to prevent you from getting reinfected should you ever need to do a system restore
    • Click the start button, right-click on Computer and chose Properties
    • Select the System Protection tab
    • After a few seconds your hard drives will appear. Remove the checkmark next to the system drive.
      (System drive will ususally have a name similar to this: Local Disk (C:) (System) )
    • Click OK and then restart your computer
    • After the computer has restarted, find the System Protection tab again the same way you did before
    • Add a checkmark next to the system drive
    • Click Apply and then Create to create a new restore point
    • After the restore point is created, click OK to save settings and exit
  • 3) Other deletions
    • DDS (on your desktop)
      RSIT.exe (on your desktop)
      C:\rsit (folder)
    • Delete any other logs that remain on your desktop.

2) Taking measures to prevent your computer from being infected again
    Now that your computer is free from malware you may want to know how you can prevent this from happening again.
    Below I'm quoting a tutorial I've written which I post to everybody I help here at MWR.
    It covers the key parts of the software side of computer security. What steps you take or dont take to increase your own computers security is of course up to you.
    The tutorial will take a little while to get through, but I hope you find it to be worth your time.
    If you have any questions beyond this, feel free to ask.

    How to protect yourself from malware
    Over the last few years there has been a dramatic increase in the number of infected computers online.
    If everybody using the internet knew what Im about to go through, this number would be significantly reduced.
    I dont have all the answers, and I cant go through every detail if the size of the tutorial is to be kept fairly short, but I'll do my best to explain the most important parts.

  • 1) Keeping your operating system up to date (windows updates)
    This is the most important security measure. With an unpatched operating system you will be defenseless even with top-notch security software.
    Malware often exploit security holes in your operating system to install itself, and keeping your OS up to date at all times will make sure this risk is at a minimum.
    Visit http://update.microsoft.com/ using Internet Explorer, and get all critical updates.
    You may have to repeat the update procedure several times before you get all updates. Repeat it until there are no more critical updates showing as missing.
    Also, I recommend you turn on automatic updates if you havent already.

  • 2) Keeping applications up to date
    Keeping your operating system up to date is critical, but its also important to keep your applications up to date.
    If security holes are discovered in common applications that most people use, malware writers are sure to try and exploit them to install their malicious content.
    Many applications have automatic updates. If you are asked about installing an update you should do so unless you got a good reason not to.
    There are also several online sites that offer to scan your computer for outdated software.
    One of them is provided by Secunia. This one is quick and easy to use, and will provide links to updates if outdated software is discovered.
    I recommend you go there once in a while and make sure you got your software up to date.
    Secunias Software Inspector is located here:
    http://secunia.com/vulnerability_scanning/online/
    Visit that page, click Start Scanner and the rest should be fairly easy to figure out.

  • 3) Immunization software
    This section covers security measures which doesn't do any realtime scanning. All they do is block sites that hosts malware, sites that advertises for malware, malicious ActiveX objects, malicious browser helpers, and cookies that have been identified as bad.
    These protection measures have proven very effective against "internet related" threats and require virtually no computer resources.
    I recommend you install all of the below, regardless of what real-time scanners you use (i.e anti-virus and such).
    - MVP hosts
      Blocks rougly 25k online domains that hosts or advertises malicious content.
      Will significantly reduce the chance of getting in trouble by accidently visiting the wrong page.
    • Download hosts.zip from here and save the file to your desktop
    • Open hosts.zip and extract the file called HOSTS to the folder C:\windows\system32\drivers\etc
    • Answer Yes if asked about overwriting an existing file
    • Delete hosts.zip
    Notes:
    If you have previously added custom entries to your own hosts file, these will have to be re-added after the new hosts file is installed.
    The MVP hosts file should be downloaded and re-installed every now and then to keep it up to date.
    If you install MVP Hosts you should disable a service called "DNS client".
    If you dont, your browser(s) will use 10-60 seconds longer to start than what you are used to.
    Disabling this service will have no side-effects. Its purpose is to put domains in cache, but there is no noticeable increase in browsing speed.
    To disable the "DNS Client" service, do the following:
    • Press the windows key and the R key at the same time to open the run dialog box
    • Type in services.msc and press Enter to open the control panel for services
    • Right-click on "DNS client" and chose "Stop".
    • After the service has stopped, right-click on it again, chose "Properties" and set "startup type" to "disabled, press "Apply" and "OK".

    - Javacool Spywareblaster
      Multi-purpose blocker of activeX objects, browser helpers and unwanted cookies.
    • Download Spywareblaster from here and install it using default settings
    • Launch Spywareblaster
    • Click "manual updating" (automatic require a subscription)
    • Click "updates"->"check for updates"
    • When the updates are finished downloading, click "protection status" -> "enable all protection"
    Note:
    The last two steps should be repeated from time to time to keep the protection up to date.

    - Spybot immunization
      Multi-purpose blocker of domains, activeX objects, browsers helpers and unwanted cookies.
    • Download Spybot from here
    • When installing spybot, be sure to uncheck "Security center integration", "Separate secure shredder application" and "use system settings protection (teatimer)".
      These features have more cons than pros.
    • Launch Spybot
    • Click "update" -> "check for updates" and install all available updates.
    • Click "Immunize" in the left menu and then "immunize" in the right-hand window to enable the protection. (this may take a couple of minutes to finish)
    Note:
    The last two steps should be repeated from time to time to keep the protection up to date.

    After immunization you will start to notice that on some web sites advertisements are not displayed, instead it shows an icon indicating that an image couldnt be loaded or a small frame saying "the web page could not be displayed".
    The reason for this is that the immunization is blocking the site that are hosting the ads because it has been found to advertise for malicious software.
    If you try to enter a website that is being blocked, the browser will simply say "the web page could not be displayed".

    4) Real-time protection
    This section covers security measures that work in real time and scans computer activity as it is happening (anti-virus/anti-malware scans a file before it allows it to be opened, a firewall controls network traffic and blocks it unless you have allowed it to happen).
    This requires a lot of system resources, so what we are looking for is applications with good detection rate, low resource usage, that dont cause problems for legitimate applications.
    I have divided the real-timer scanners into sub-catergories and listed my recommendation for each catergory.

    - Anti-virusNote:
    Never have more than one Anti-virus application installed. Installing a second one is likely to cause conflicts between the two and apart from making your system unstable it will reduce your security rather than increase it.

    - Anti-malware
      These applications are ment to supplement your antivirus as they are aimed spesifically at detecting malicious programs.
      This can be programs designed to display advertisements (adware), track your internet surfing (spyware), give other people control over your computer (backdoors) and the likes.
      Unfortuntly, in the anti-malware department there arent any great free alternatives like there are in the anti-virus department.
      If you want an anti-malware application worth using you'll need to purchase one. Here are three good alternatives:
    • Malwarebytes' Anti-Malware
    • SUPERAntiSpyware (can be tried for 14 days for free)
    • A-squared Anti-Malware (can be tried for 30 days for free)
    Note:
    You can have more than one of these running at the same time, but I don't recommend it because it only gives a small increase in security while a big increase in usage of system resources.
    These can also be run alongside a security suite.

    - 3rd party Firewall
      Modern operating systems and routers have firewalls built into them that control incoming traffic so the main reason you might want to install a 3rd party firewall is to control outgoing traffic.
      Firewalls are different from other security software as it really is a tool you need to learn how to use, rather than an automatic security solution. An anti-virus application for instance you usually just install and then it runs in the background and only alerts you if something is wrong.
      That is not the case with firewalls. It will alert you whenever something tries to connect to the internet, whether its good or bad, and then its up to you to allow or deny the request. So ultimately you are increasing the security yourself with the help of the firewall.
      If you want to have top notch security you need a 3rd party firewall and the knowledge of how to use it. This will be your last line of defense should something bad get through your immunzation, and anti-virus/anti-malware protection.
      It enables you to prevent a trojan downloader from downloading malware to your computer should you end up with one, or prevent malware from sending personal information after it has collected it.
      However, firewalls can be difficult to use properly. When the firewall prompts you with "should xxx be allowed to connect to the internet?" you need to be able to decide whether xxx is good or bad. Most people who use a 3rd party firewall doesnt know how to do this, and click Yes every time, hence making it fairly useless to have a 3rd party firewall.
      In my opinion, firewalls are for the ones who have an above average need/interest in computer security, but nevertheless it's needed to have top-notch security.
      Here are three good, free alternatives if you desire to have one. They each have their own support forum that can help you learn how setup and use their firewall.
    • Comodo
      (If you chose this one, be sure to uncheck the following alternatives during installation:
      "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage")
    • PCTools Firewall
    • Online Armor

    - Winpatrol
      This program is not strictly a security application, but gives you a lot more control over your computer.
      Like a firewall it's a tool you need to learn how to use.
      Basically it watches your system settings and alerts you if an application tries to change something. Then its up to you to accept or deny this change.
      Its main purpose is to watch programs that add themselfs to auto-start, but it also watches file associations, activeX objects and Internet Explorer helpers.
      Most programs do not need to be on auto-start, and the bad thing about auto-start is that it clogs down system resources.
      With winpatrol you can easily detect and prevent when an unwanted auto-start entry is added, and this becomes an additional security layer because most malware will add itself to auto-start.
      You can download winpatrol from here
      And here's a link to a place where you can get more information on how to use it

    If you managed to read through all of that you're probably asking "do I really need that much security software?".
    That depends on what your computer is used for.
    I'd say that everybody who uses a computer on the internet today really needs the following:
    - Windows updates (having all windows updates is more important than any security software)
    - The immunization software in step 3
    - Anti-virus software
    That's the minimum.
    If you use your computer for financial transactions (online bank, web-shopping, etc) or have sensitive information stored on the computer, you should strongly consider buying an anti-malware application to supplement your anti-virus software. A 3rd party firewall should also be considered.
    If you like to use your computer freely and install a lot of different programs, use file-sharing applications and surf all over the web you should also consider enhancing security as you'll be more at risk for infections.

    5) Safe and sensible online practices
    A book could be written on this subject, but here are some key points:
    - Be carefull about what you download and which programs you install.
    Dont blindly install every program that looks neat. If you're suspicious about a program, do a search online and see what others have to say about it before you install it.
    Be especially cautious about programs ment to "boost" your computer in any way, or programs that claim to make your computer run better.
    Any content given away for free are reason for suspicion.
    - Be carefull about which links you click.
    If somebody sends you a link you didnt expect, ask them about it before you click it.
    Some infections are designed to send messages to everybody on a persons email/messenger contact list, and if one of your contacts are infected, you may recive such messages
    - Be carefull about which email attachments you open.
    Use the same caution with unexpected email attachments as with links.
    - If a site looks shady, it probably is
    Sites that host malicious content often look shady with all types of adds and offers. Just navigate away.


For you I would recommend you keep Avira Antivir, as it is one of the very best anti-virus applications out there.
You also have Spybot. Make sure its updated and got the immunization enabled.
I recommend you add MVP hosts and Spywareblaster for increased protection, and then leave it up to you to decide if you want to have Ad-Aware replaced by one of the stronger anti-malware applications that I have recommended.

Thats it.
If you have questions or comments, please respond back and let me know. If you do not respond, this thread will be closed within 48 hours.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Applications crashing, system running bad

Unread postby GirlinWayside » February 7th, 2009, 2:33 pm

OK, I have done everything above accept the gmer will not uninstall. It says that access is denied. Im not sure how to obtain admin rights in the command prompt.

also, I wanted to ask permission to post the section that is quoted below on my forum in the computer section "how to protect yourself against malware" - I will be more than happy to link the post here if necessary.
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Applications crashing, system running bad

Unread postby Sharagoz » February 7th, 2009, 6:56 pm

gmer will not uninstall
Right click on the below file and chose Run as administrator
C:\Windows\gmer_uninstall.cmd
That should uninstall GMER

I wanted to ask permission to post the section that is quoted below on my forum in the computer section "how to protect yourself against malware" - I will be more than happy to link the post here if necessary
Sure, you can repost the tutorial on your forum, but I'd appreachiate it if you'd credit it back to the source by adding a line saying something like 'Originally posted by Sharagoz at malwareremoval.com, reposted with permission'

Btw, may I ask which forum this is?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Applications crashing, system running bad

Unread postby GirlinWayside » February 8th, 2009, 1:35 pm

:cheers: thanks so much. Its uninstalled (I feel ditsy for not thinking about going straight to the file and right clicking.. :oops: )

My forum is a women's only family, parenting and pregnancy forum. here is the link where I will be posting it and I will be sure to link it back to the source as asked.

http://friendsblessings.b1.jcink.com


thanks for all your help, I really, really appreciate it!! :flower:
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Applications crashing, system running bad

Unread postby Sharagoz » February 8th, 2009, 1:39 pm

You're welcome!
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Applications crashing, system running bad

Unread postby NonSuch » February 12th, 2009, 3:36 pm

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27299
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 39 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware