Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 38
  1. #16
    Joined
    Jan 2010
    Location
    Hamilton, On, Can
    Age
    37
    Posts
    827

    Re: is this pc really trully clean?

    Quote Originally Posted by Mjölnir View Post
    You don't need to install the SP's in succession. Regardless, a smarter option in that case would be to slipstream SP3 into the XP CD (as per the instructions linked in the Windows Stickies)
    Slipstream is always the way I go when I build systems for customers, though, I dont believe adding unnecessary complications to a problem of someone who may not be at a level to create a slipstreamed install disc without having issues doing so, would be wise.
    Last edited by JSLEnterprises; 05-08-2010 at 08:31 AM.
    ..::J.S.L::..


    Email: jsl@jslenterprises.net

  2. #17
    Joined
    Jul 2003
    Location
    Australia
    Posts
    14,223

    Re: is this pc really trully clean?

    Quote Originally Posted by old82 View Post
    i made the below big because no one seems to notice this for some reason. i will try what you say, but i was not able to run the avira rescue disk thanks to the stupid wireless keyboard and mouse she has.
    For now, disregard the avira rescue disk and any thought of reinstalling.

    Quote Originally Posted by old82 View Post
    what does ATF cleaner do?
    In a nutshell, it deletes Windows temporary files and browser caches. You can deselect things like saved passwords and Recycle Bin but make sure you get rid of all the cached files and temporary files.

  3. #18
    Joined
    Nov 2004
    Posts
    5,171

    Re: is this pc really trully clean?

    right now i'm using eset actually
    Max Plank: "A new scientific truth does not
    triumph by convincing its opponents and making them
    see the light,
    but rather because its opponents eventually die"
    Arthur Shopenhauer: "Every truth passes through three stages before it is recognized.
    First, it is ridiculed. Second, it is opposed. Third, it is regarded as self evident."
    Martin Niemöller:
    "When the Nazis came for the communists,
    I remained silent;I was not a communist.
    When they locked up the social democrats,I remained silent;
    I was not a social democrat.When they came for the trade unionists,I did not speak out;
    I was not a trade unionist.When they came for the Jews,
    I remained silent;I wasn't a Jew.When they came for me,
    there was no one left to speak out."

  4. #19
    Joined
    Jul 2003
    Location
    Australia
    Posts
    14,223

    Re: is this pc really trully clean?

    Quote Originally Posted by old82 View Post
    right now i'm using eset actually
    Either way, it's wise to uninstall AV software prior to running ComboFix.

  5. #20
    Joined
    Nov 2004
    Posts
    5,171

    Re: is this pc really trully clean?

    okay, i've done all that (i'll post all later)

    but the ATF thing does nothing. the cookies that i had there are all still there after deleting them.
    Max Plank: "A new scientific truth does not
    triumph by convincing its opponents and making them
    see the light,
    but rather because its opponents eventually die"
    Arthur Shopenhauer: "Every truth passes through three stages before it is recognized.
    First, it is ridiculed. Second, it is opposed. Third, it is regarded as self evident."
    Martin Niemöller:
    "When the Nazis came for the communists,
    I remained silent;I was not a communist.
    When they locked up the social democrats,I remained silent;
    I was not a social democrat.When they came for the trade unionists,I did not speak out;
    I was not a trade unionist.When they came for the Jews,
    I remained silent;I wasn't a Jew.When they came for me,
    there was no one left to speak out."

  6. #21
    Joined
    Jan 2010
    Location
    Hamilton, On, Can
    Age
    37
    Posts
    827

    Re: is this pc really trully clean?

    Quote Originally Posted by old82 View Post
    okay, i've done all that (i'll post all later)

    but the ATF thing does nothing. the cookies that i had there are all still there after deleting them.
    There's a built in cleaner that you can utilize, it may not get all of the temp files that float around in the system (as some temp files are 3rd party software produced) but it will get most if not all within windows itself.

    Start > Run > and type ' cmd ' and press enter, you'll enter command prompt

    type ' cleanmgr /sageset:50 ' and press enter
    (note: you can use any number instead of 50, I used 50 as a generic entry)

    check all boxes in the window that pops up and press ok.

    now you'll be back in the command prompt window.
    type ' cleanmgr /sagerun:50 ' and press enter.
    (note: the number you used in the first command must be the same number in this command)

    windows will then clean out as much as it can. Once complete type 'exit' in the command prompt to close.
    do this once you've completed the recommendations Mjölnir stated.

    You can also download a small simple tool called ccleaner which will do and active scan for junk files. its free.
    when installing uncheck all but the first 2 boxes when you come up to that option screen durring install.
    When installed and running, go to the options tab on the side, click 'advanced' and uncheck all but the 3rd and last options on that list.
    On the cleaner tab list, check all on the list except the "wipe free space" as that would take forever.
    run the cleaner and it'll clear out all the extra junk that the previous step with the built in cleaner didnt get.
    Its also safe to use the registry cleaner built into ccleaner as well. Its recommended you run it atleast twice the first time.

    Also, later on down the road if the computer just becomes unbareable and to many erronious problems arise with is and the only choice is to do a format and reinstall of xp (after you backup all the personal files on a seperate hdd or dvd), you can always use the existing key that came installed on the computer. You can retrieve they key using Magical Jelly Bean's Keyfinder which would allow you to install using the original key. (and you can always test the key to see if it'll work on whatever version of the install disk you get your hands on by running the installation to a virtual pc on your own computer with Oracle's Virtualbox, which is free.
    Last edited by JSLEnterprises; 05-09-2010 at 06:21 AM.
    ..::J.S.L::..


    Email: jsl@jslenterprises.net

  7. #22
    Joined
    Jul 2003
    Location
    Australia
    Posts
    14,223

    Re: is this pc really trully clean?

    Quote Originally Posted by old82 View Post
    but the ATF thing does nothing. the cookies that i had there are all still there after deleting them.
    It doesn't do nothing. If it didn't display how much data was removed, then you didn't run it properly. It's not all that important. All it's mean to do is provide a quick and easy way to remove the bulk of temporary files on the PC to make the scans complete a bit faster. The other thing is that there may be inactive malicious files contained in the temporary files. You get much more more benefit in regards to those two things (reducing amount of data and removing infected files) through purging the System Restore data.

    It'd also be wise for you to post the combofix log as soon as possible. The longer you take in doing this, the more you allow malicious software to work it's "magic".
    Last edited by Mjölnir; 05-09-2010 at 05:54 AM.

  8. #23
    Joined
    Nov 2004
    Posts
    5,171

    Re: is this pc really trully clean?

    it said it did something, but none of my cookies and stuff were gone. i was still logged in to some places.

    the following will be two combofixes and 1 mbam

    log1

    ComboFix 10-05-08.02 - Brenda Head 05/08/2010 22:15:54.1.2 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.223 [GMT -5:00]
    Running from: c:\documents and settings\Brenda Head\Desktop\gfdgdg.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Brenda Head\Recent\Thumbs.db
    c:\windows\system32\ccrpTmr6.dll
    c:\windows\system32\logs
    c:\windows\system32\logs\{D780B7A8-54AF-466D-A5C8-D8C75F594C70}.log
    c:\windows\winhelp.ini

    .
    ((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
    .

    2010-05-09 02:21 . 2010-05-09 02:21 -------- d-----w- C:\FOUND.026
    2010-05-04 03:13 . 2010-05-04 03:13 503808 ----a-w- c:\documents and settings\spiderman\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-51f36cbc-n\msvcp71.dll
    2010-05-04 03:13 . 2010-05-04 03:13 499712 ----a-w- c:\documents and settings\spiderman\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-51f36cbc-n\jmc.dll
    2010-05-04 03:13 . 2010-05-04 03:13 348160 ----a-w- c:\documents and settings\spiderman\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-51f36cbc-n\msvcr71.dll
    2010-05-04 03:13 . 2010-05-04 03:13 61440 ----a-w- c:\documents and settings\spiderman\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5bcde255-n\decora-sse.dll
    2010-05-04 03:13 . 2010-05-04 03:13 12800 ----a-w- c:\documents and settings\spiderman\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5bcde255-n\decora-d3d.dll
    2010-05-03 15:32 . 2010-05-03 15:32 -------- d-----w- C:\FOUND.025
    2010-05-02 23:44 . 2010-05-07 19:41 1 ----a-w- c:\documents and settings\Brenda Head\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-05-02 23:44 . 2010-05-02 23:44 -------- d-----w- c:\documents and settings\Brenda Head\Application Data\OpenOffice.org
    2010-05-02 21:11 . 2010-05-02 21:11 -------- d-----w- c:\documents and settings\spiderman\Local Settings\Application Data\ESET
    2010-05-02 21:11 . 2010-05-02 21:11 -------- d-----w- c:\documents and settings\spiderman\Application Data\ESET
    2010-05-02 21:11 . 2010-05-02 21:11 -------- d-----w- c:\documents and settings\Brenda Head\Local Settings\Application Data\ESET
    2010-05-02 21:11 . 2010-05-02 21:11 -------- d-----w- c:\documents and settings\Brenda Head\Application Data\ESET
    2010-05-02 21:11 . 2010-05-02 21:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
    2010-05-02 20:43 . 2010-05-02 20:43 -------- d-----w- c:\documents and settings\spiderman\Local Settings\Application Data\Mozilla
    2010-05-02 20:21 . 2010-05-02 20:21 -------- d-----w- c:\documents and settings\spiderman\Local Settings\Application Data\AOL
    2010-05-02 20:03 . 2010-05-02 20:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2010-05-01 18:32 . 2010-05-01 18:32 7424000 ----a-r- c:\documents and settings\Brenda Head\Application Data\Microsoft\Installer\{6ADD0603-16EF-400D-9F9E-486432835002}\soffice.exe
    2010-05-01 18:29 . 2010-05-01 18:29 -------- d-----w- c:\program files\JRE
    2010-05-01 18:28 . 2010-05-01 18:28 -------- d-----w- c:\program files\OpenOffice.org 3
    2010-04-30 14:38 . 2010-04-30 14:38 -------- d-----w- C:\FOUND.024
    2010-04-29 15:26 . 2010-04-29 15:26 -------- d-----w- C:\FOUND.023
    2010-04-28 17:53 . 2010-04-28 17:53 -------- d-----w- c:\documents and settings\Brenda Head\Application Data\ImgBurn
    2010-04-28 17:20 . 2010-04-28 17:20 -------- d-----w- c:\program files\ImgBurn
    2010-04-28 00:30 . 2010-04-28 00:30 -------- d-----w- C:\FOUND.022
    2010-04-27 21:58 . 2010-04-27 21:58 -------- d-----w- C:\FOUND.021
    2010-04-25 19:22 . 2010-04-25 19:22 -------- d-----w- c:\windows\system32\en
    2010-04-25 19:13 . 2008-04-14 03:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
    2010-04-25 19:13 . 2008-04-14 05:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
    2010-04-24 15:32 . 2010-04-24 15:32 -------- d-----w- C:\FOUND.020
    2010-04-23 17:33 . 2010-04-23 17:33 503808 ----a-w- c:\documents and settings\Brenda Head\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54743cf7-n\msvcp71.dll
    2010-04-23 17:33 . 2010-04-23 17:33 499712 ----a-w- c:\documents and settings\Brenda Head\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54743cf7-n\jmc.dll
    2010-04-23 17:33 . 2010-04-23 17:33 348160 ----a-w- c:\documents and settings\Brenda Head\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54743cf7-n\msvcr71.dll
    2010-04-23 17:32 . 2010-04-23 17:32 61440 ----a-w- c:\documents and settings\Brenda Head\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5cb3e6c4-n\decora-sse.dll
    2010-04-23 17:32 . 2010-04-23 17:32 12800 ----a-w- c:\documents and settings\Brenda Head\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5cb3e6c4-n\decora-d3d.dll
    2010-04-23 17:31 . 2010-04-23 17:30 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-23 14:58 . 2010-04-23 14:58 -------- d-----w- C:\FOUND.019
    2010-04-22 15:38 . 2010-04-22 15:38 -------- d-----w- C:\FOUND.018
    2010-04-21 17:36 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-21 17:36 . 2010-04-21 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-21 15:14 . 2010-04-21 15:14 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-04-21 14:54 . 2010-04-21 14:54 -------- d-----w- C:\FOUND.017
    2010-04-21 14:12 . 2010-04-21 14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
    2010-04-21 14:12 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-21 13:50 . 2010-04-21 13:50 -------- d-----w- c:\documents and settings\Brenda Head\Application Data\Malwarebytes
    2010-04-21 13:49 . 2010-04-21 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-19 21:57 . 2010-04-19 21:57 388096 ----a-r- c:\documents and settings\Brenda Head\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-04-19 21:57 . 2010-04-19 21:57 -------- d-----w- c:\program files\TrendMicro
    2010-04-19 19:36 . 2010-04-19 19:36 -------- d-----w- c:\documents and settings\Brenda Head\Local Settings\Application Data\Mozilla

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-08 02:19 . 2010-05-08 02:19 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-05-02 20:40 . 2004-10-30 21:08 247520 ----a-w- c:\documents and settings\Brenda Head\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-05-02 20:20 . 2010-05-02 20:20 247520 ----a-w- c:\documents and settings\spiderman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-25 19:32 . 2003-01-01 05:07 76487 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
    2010-04-16 13:10 . 2004-11-21 19:39 242520 ----a-w- c:\documents and settings\Steve Head\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-11 12:38 . 2004-08-24 01:32 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-03-11 12:38 . 2004-08-04 06:56 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-03-11 12:38 . 2004-05-05 21:35 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-03-09 11:09 . 2004-09-02 23:38 430080 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-24 13:11 . 2004-05-05 21:35 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08 . 2001-08-18 03:24 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2001-08-17 18:48 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2004-09-02 23:32 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-05-05 21:35 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    1999-04-30 21:00 . 2004-09-09 15:22 98304 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll
    .
    Max Plank: "A new scientific truth does not
    triumph by convincing its opponents and making them
    see the light,
    but rather because its opponents eventually die"
    Arthur Shopenhauer: "Every truth passes through three stages before it is recognized.
    First, it is ridiculed. Second, it is opposed. Third, it is regarded as self evident."
    Martin Niemöller:
    "When the Nazis came for the communists,
    I remained silent;I was not a communist.
    When they locked up the social democrats,I remained silent;
    I was not a social democrat.When they came for the trade unionists,I did not speak out;
    I was not a trade unionist.When they came for the Jews,
    I remained silent;I wasn't a Jew.When they came for me,
    there was no one left to speak out."

  9. #24
    Joined
    Nov 2004
    Posts
    5,171

    Re: is this pc really trully clean?

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2004-02-09 65024]
    "VTTimer"="VTTimer.exe" [2004-05-27 49152]
    "VTTrayp"="VTtrayp.exe" [2004-06-08 143360]
    "WinampAgent"="c:\program files\Winamp3\winampa.exe" [2002-07-23 12288]
    "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-03 26112]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-09-03 98304]
    "Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-04-21 57344]
    "Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe" [2003-09-20 69632]
    "LapLink Scheduler"="c:\program files\Common Files\LapLink\Scheduler\LLSCHED.EXE" [2003-06-18 126976]
    "NovaBackup 7.0 Tray Control"="c:\program files\NovaStor\NovaBackup\7\NbkCtrl.exe" [2003-01-14 294912]
    "QuickFinder Scheduler"="c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2004-03-23 77887]
    "Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-27 99480]
    "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
    "HostManager"="c:\program files\Common Files\AOL\1129250358\ee\AOLSoftware.exe" [2008-06-24 41824]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    c:\documents and settings\spiderman\Start Menu\Programs\Startup\
    OpenOffice.org 1.0.lnk - c:\program files\OpenOffice.org1.0\program\quickstart.exe [2002-4-29 61440]

    c:\documents and settings\Steve Head\Start Menu\Programs\Startup\
    OpenOffice.org 1.0.lnk - c:\program files\OpenOffice.org1.0\program\quickstart.exe [2002-4-29 61440]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    OpenOffice.org 1.0.lnk - c:\program files\OpenOffice.org1.0\program\quickstart.exe [2002-4-29 61440]

    c:\documents and settings\Brenda Head\Start Menu\Programs\Startup\
    OpenOffice.org 1.0.lnk - c:\program files\OpenOffice.org1.0\program\quickstart.exe [2002-4-29 61440]
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-9-2 114688]
    Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-11-19 53248]
    Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-11-19 36864]
    Billminder.lnk - c:\program files\Quicken\billmind.exe [2002-11-19 36864]
    Digital Lifeline.lnk - c:\program files\Digital Lifeline\bin\mpbtn.exe [2004-9-21 176128]
    Desktop Application Director 11.lnk - c:\windows\Installer\{54F90B55-BEB3-4F0D-8802-228822FA5921}\NewShortcut1_3.exe [2004-9-30 45056]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Max Plank: "A new scientific truth does not
    triumph by convincing its opponents and making them
    see the light,
    but rather because its opponents eventually die"
    Arthur Shopenhauer: "Every truth passes through three stages before it is recognized.
    First, it is ridiculed. Second, it is opposed. Third, it is regarded as self evident."
    Martin Niemöller:
    "When the Nazis came for the communists,
    I remained silent;I was not a communist.
    When they locked up the social democrats,I remained silent;
    I was not a social democrat.When they came for the trade unionists,I did not speak out;
    I was not a trade unionist.When they came for the Jews,
    I remained silent;I wasn't a Jew.When they came for me,
    there was no one left to speak out."

  10. #25
    Joined
    Nov 2004
    Posts
    5,171

    Re: is this pc really trully clean?

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\WINDOWS\\System32\\LEXPPS.EXE"=
    "c:\\Program Files\\AIM95\\AIM.EXE"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1129250358\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1129250358\\EE\\AOLServiceHost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
    "c:\\Program Files\\Tencent\\QQ Games\\QQGamesD.exe"=
    "c:\\Program Files\\Tencent\\QQ Games\\Update\\Update.exe"=

    R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [1/1/2003 4:19 PM 77312]
    R1 tsircmir;LapLink Mirror Driver Miniport;c:\windows\system32\drivers\tsircmir.sys [9/9/2004 11:18 AM 2816]
    R2 TSIREGMO;tsiregmo;c:\windows\system32\drivers\tsiregmo.sys [9/9/2004 11:18 AM 5824]
    R2 TSISER;TSISER;c:\windows\system32\drivers\tsiser.sys [9/9/2004 11:18 AM 42560]
    R2 TSISTRMX;Traveling Software Stream Driver;c:\windows\system32\drivers\TSISTRMX.SYS [9/9/2004 11:18 AM 5120]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/24/2009 11:40 AM 24652]
    R3 PhnxVcd;PhnxVcd;c:\windows\system32\drivers\phnxvcd.sys [9/21/2004 9:05 PM 34688]
    R3 TSIKBF5;Traveling Software Keyboard Filter Driver;c:\windows\system32\drivers\TSIKBF5.sys [9/9/2004 11:18 AM 9728]
    R3 TSIMSF5;Traveling Software Mouse Filter Driver;c:\windows\system32\drivers\TSIMSF5.sys [9/9/2004 11:18 AM 5632]
    S1 TSIRCINK;Traveling Software Install Driver;c:\windows\system32\drivers\TSIRCINK.SYS [9/9/2004 11:18 AM 9216]
    S2 Ca536av;Take-it DV Series;c:\windows\system32\drivers\Ca536av.sys [9/9/2004 12:17 PM 514859]
    S2 mrtRate;mrtRate; [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/21/2010 12:36 PM 38224]
    .
    Contents of the 'Scheduled Tasks' folder

    2006-10-28 c:\windows\Tasks\McDefragTask.job
    - c:\windows\system32\defrag.exe [2004-09-02 10:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=15784&l=dis
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 127.0.0.1
    IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\Steve Head\Start Menu\Programs\UltimateBet\UltimateBet.lnk
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Brenda Head\Application Data\Mozilla\Firefox\Profiles\kyeavvre.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15784&l=dis
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    SafeBoot-mferkdk
    SafeBoot-mferkdk.sys
    SafeBoot-mfetdik
    SafeBoot-mfetdik.sys
    AddRemove-McAfee® Desktop Security - c:\progra~1\MCAFEE.COM\PHOENI~1\UNWISE.EXE
    AddRemove-{8E9D5D35-97A8-4d5b-BE68-53DAA0784D5B} - c:\program files\Common Files\GMT\GUninstaller.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-08 22:20
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(844)
    c:\windows\System32\l3codeca.acm
    c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
    .
    Completion time: 2010-05-08 22:21:50
    ComboFix-quarantined-files.txt 2010-05-09 03:21

    Pre-Run: 131,325,100,032 bytes free
    Post-Run: 131,595,796,480 bytes free

    - - End Of File - - 84CED2A76547F02A34F5D42255150B46
    Max Plank: "A new scientific truth does not
    triumph by convincing its opponents and making them
    see the light,
    but rather because its opponents eventually die"
    Arthur Shopenhauer: "Every truth passes through three stages before it is recognized.
    First, it is ridiculed. Second, it is opposed. Third, it is regarded as self evident."
    Martin Niemöller:
    "When the Nazis came for the communists,
    I remained silent;I was not a communist.
    When they locked up the social democrats,I remained silent;
    I was not a social democrat.When they came for the trade unionists,I did not speak out;
    I was not a trade unionist.When they came for the Jews,
    I remained silent;I wasn't a Jew.When they came for me,
    there was no one left to speak out."

  11. #26
    Joined
    Nov 2004
    Posts
    5,171

    Re: is this pc really trully clean?

    log2


    ComboFix 10-05-08.02 - Brenda Head 05/08/2010 22:23:38.2.2 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.155 [GMT -5:00]
    Running from: c:\documents and settings\Brenda Head\Desktop\gfdgdg.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
    .

    2010-05-09 02:21 . 2010-05-09 02:21 -------- d-----w- C:\FOUND.026
    2010-05-04 03:13 . 2010-05-04 03:13 503808 ----a-w- c:\documents and settings\spiderman\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-51f36cbc-n\msvcp71.dll
    2010-05-04 03:13 . 2010-05-04 03:13 499712 ----a-w- c:\documents and settings\spiderman\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-51f36cbc-n\jmc.dll
    2010-05-04 03:13 . 2010-05-04 03:13 348160 ----a-w- c:\documents and settings\spiderman\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-51f36cbc-n\msvcr71.dll
    2010-05-04 03:13 . 2010-05-04 03:13 61440 ----a-w- c:\documents and settings\spiderman\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5bcde255-n\decora-sse.dll
    2010-05-04 03:13 . 2010-05-04 03:13 12800 ----a-w- c:\documents and settings\spiderman\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5bcde255-n\decora-d3d.dll
    2010-05-03 15:32 . 2010-05-03 15:32 -------- d-----w- C:\FOUND.025
    2010-05-02 23:44 . 2010-05-07 19:41 1 ----a-w- c:\documents and settings\Brenda Head\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-05-02 23:44 . 2010-05-02 23:44 -------- d-----w- c:\documents and settings\Brenda Head\Application Data\OpenOffice.org
    2010-05-02 21:11 . 2010-05-02 21:11 -------- d-----w- c:\documents and settings\spiderman\Local Settings\Application Data\ESET
    2010-05-02 21:11 . 2010-05-02 21:11 -------- d-----w- c:\documents and settings\spiderman\Application Data\ESET
    2010-05-02 21:11 . 2010-05-02 21:11 -------- d-----w- c:\documents and settings\Brenda Head\Local Settings\Application Data\ESET
    2010-05-02 21:11 . 2010-05-02 21:11 -------- d-----w- c:\documents and settings\Brenda Head\Application Data\ESET
    2010-05-02 21:11 . 2010-05-02 21:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
    2010-05-02 20:43 . 2010-05-02 20:43 -------- d-----w- c:\documents and settings\spiderman\Local Settings\Application Data\Mozilla
    2010-05-02 20:21 . 2010-05-02 20:21 -------- d-----w- c:\documents and settings\spiderman\Local Settings\Application Data\AOL
    2010-05-02 20:03 . 2010-05-02 20:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2010-05-01 18:32 . 2010-05-01 18:32 7424000 ----a-r- c:\documents and settings\Brenda Head\Application Data\Microsoft\Installer\{6ADD0603-16EF-400D-9F9E-486432835002}\soffice.exe
    2010-05-01 18:29 . 2010-05-01 18:29 -------- d-----w- c:\program files\JRE
    2010-05-01 18:28 . 2010-05-01 18:28 -------- d-----w- c:\program files\OpenOffice.org 3
    2010-04-30 14:38 . 2010-04-30 14:38 -------- d-----w- C:\FOUND.024
    2010-04-29 15:26 . 2010-04-29 15:26 -------- d-----w- C:\FOUND.023
    2010-04-28 17:53 . 2010-04-28 17:53 -------- d-----w- c:\documents and settings\Brenda Head\Application Data\ImgBurn
    2010-04-28 17:20 . 2010-04-28 17:20 -------- d-----w- c:\program files\ImgBurn
    2010-04-28 00:30 . 2010-04-28 00:30 -------- d-----w- C:\FOUND.022
    2010-04-27 21:58 . 2010-04-27 21:58 -------- d-----w- C:\FOUND.021
    2010-04-25 19:22 . 2010-04-25 19:22 -------- d-----w- c:\windows\system32\en
    2010-04-25 19:13 . 2008-04-14 03:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
    2010-04-25 19:13 . 2008-04-14 05:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
    2010-04-24 15:32 . 2010-04-24 15:32 -------- d-----w- C:\FOUND.020
    2010-04-23 17:33 . 2010-04-23 17:33 503808 ----a-w- c:\documents and settings\Brenda Head\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54743cf7-n\msvcp71.dll
    2010-04-23 17:33 . 2010-04-23 17:33 499712 ----a-w- c:\documents and settings\Brenda Head\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54743cf7-n\jmc.dll
    2010-04-23 17:33 . 2010-04-23 17:33 348160 ----a-w- c:\documents and settings\Brenda Head\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54743cf7-n\msvcr71.dll
    2010-04-23 17:32 . 2010-04-23 17:32 61440 ----a-w- c:\documents and settings\Brenda Head\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5cb3e6c4-n\decora-sse.dll
    2010-04-23 17:32 . 2010-04-23 17:32 12800 ----a-w- c:\documents and settings\Brenda Head\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5cb3e6c4-n\decora-d3d.dll
    2010-04-23 17:31 . 2010-04-23 17:30 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-23 14:58 . 2010-04-23 14:58 -------- d-----w- C:\FOUND.019
    2010-04-22 15:38 . 2010-04-22 15:38 -------- d-----w- C:\FOUND.018
    2010-04-21 17:36 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-21 17:36 . 2010-04-21 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-21 15:14 . 2010-04-21 15:14 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-04-21 14:54 . 2010-04-21 14:54 -------- d-----w- C:\FOUND.017
    2010-04-21 14:12 . 2010-04-21 14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
    2010-04-21 14:12 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-21 13:50 . 2010-04-21 13:50 -------- d-----w- c:\documents and settings\Brenda Head\Application Data\Malwarebytes
    2010-04-21 13:49 . 2010-04-21 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-19 21:57 . 2010-04-19 21:57 388096 ----a-r- c:\documents and settings\Brenda Head\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-04-19 21:57 . 2010-04-19 21:57 -------- d-----w- c:\program files\TrendMicro
    2010-04-19 19:36 . 2010-04-19 19:36 -------- d-----w- c:\documents and settings\Brenda Head\Local Settings\Application Data\Mozilla

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-08 02:19 . 2010-05-08 02:19 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-05-02 20:40 . 2004-10-30 21:08 247520 ----a-w- c:\documents and settings\Brenda Head\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-05-02 20:20 . 2010-05-02 20:20 247520 ----a-w- c:\documents and settings\spiderman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-25 19:32 . 2003-01-01 05:07 76487 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
    2010-04-16 13:10 . 2004-11-21 19:39 242520 ----a-w- c:\documents and settings\Steve Head\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-11 12:38 . 2004-08-24 01:32 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-03-11 12:38 . 2004-08-04 06:56 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-03-11 12:38 . 2004-05-05 21:35 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-03-09 11:09 . 2004-09-02 23:38 430080 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-24 13:11 . 2004-05-05 21:35 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08 . 2001-08-18 03:24 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2001-08-17 18:48 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2004-09-02 23:32 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-05-05 21:35 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    1999-04-30 21:00 . 2004-09-09 15:22 98304 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    Max Plank: "A new scientific truth does not
    triumph by convincing its opponents and making them
    see the light,
    but rather because its opponents eventually die"
    Arthur Shopenhauer: "Every truth passes through three stages before it is recognized.
    First, it is ridiculed. Second, it is opposed. Third, it is regarded as self evident."
    Martin Niemöller:
    "When the Nazis came for the communists,
    I remained silent;I was not a communist.
    When they locked up the social democrats,I remained silent;
    I was not a social democrat.When they came for the trade unionists,I did not speak out;
    I was not a trade unionist.When they came for the Jews,
    I remained silent;I wasn't a Jew.When they came for me,
    there was no one left to speak out."

  12. #27
    Joined
    Nov 2004
    Posts
    5,171

    Re: is this pc really trully clean?

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2004-02-09 65024]
    "VTTimer"="VTTimer.exe" [2004-05-27 49152]
    "VTTrayp"="VTtrayp.exe" [2004-06-08 143360]
    "WinampAgent"="c:\program files\Winamp3\winampa.exe" [2002-07-23 12288]
    "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-03 26112]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-09-03 98304]
    "Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-04-21 57344]
    "Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe" [2003-09-20 69632]
    "LapLink Scheduler"="c:\program files\Common Files\LapLink\Scheduler\LLSCHED.EXE" [2003-06-18 126976]
    "NovaBackup 7.0 Tray Control"="c:\program files\NovaStor\NovaBackup\7\NbkCtrl.exe" [2003-01-14 294912]
    "QuickFinder Scheduler"="c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2004-03-23 77887]
    "Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-27 99480]
    "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
    "HostManager"="c:\program files\Common Files\AOL\1129250358\ee\AOLSoftware.exe" [2008-06-24 41824]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    c:\documents and settings\spiderman\Start Menu\Programs\Startup\
    OpenOffice.org 1.0.lnk - c:\program files\OpenOffice.org1.0\program\quickstart.exe [2002-4-29 61440]

    c:\documents and settings\Steve Head\Start Menu\Programs\Startup\
    OpenOffice.org 1.0.lnk - c:\program files\OpenOffice.org1.0\program\quickstart.exe [2002-4-29 61440]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    OpenOffice.org 1.0.lnk - c:\program files\OpenOffice.org1.0\program\quickstart.exe [2002-4-29 61440]

    c:\documents and settings\Brenda Head\Start Menu\Programs\Startup\
    OpenOffice.org 1.0.lnk - c:\program files\OpenOffice.org1.0\program\quickstart.exe [2002-4-29 61440]
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-9-2 114688]
    Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-11-19 53248]
    Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-11-19 36864]
    Billminder.lnk - c:\program files\Quicken\billmind.exe [2002-11-19 36864]
    Digital Lifeline.lnk - c:\program files\Digital Lifeline\bin\mpbtn.exe [2004-9-21 176128]
    Desktop Application Director 11.lnk - c:\windows\Installer\{54F90B55-BEB3-4F0D-8802-228822FA5921}\NewShortcut1_3.exe [2004-9-30 45056]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\WINDOWS\\System32\\LEXPPS.EXE"=
    "c:\\Program Files\\AIM95\\AIM.EXE"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1129250358\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1129250358\\EE\\AOLServiceHost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
    "c:\\Program Files\\Tencent\\QQ Games\\QQGamesD.exe"=
    "c:\\Program Files\\Tencent\\QQ Games\\Update\\Update.exe"=

    R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [1/1/2003 4:19 PM 77312]
    R1 tsircmir;LapLink Mirror Driver Miniport;c:\windows\system32\drivers\tsircmir.sys [9/9/2004 11:18 AM 2816]
    R2 TSIREGMO;tsiregmo;c:\windows\system32\drivers\tsiregmo.sys [9/9/2004 11:18 AM 5824]
    R2 TSISER;TSISER;c:\windows\system32\drivers\tsiser.sys [9/9/2004 11:18 AM 42560]
    R2 TSISTRMX;Traveling Software Stream Driver;c:\windows\system32\drivers\TSISTRMX.SYS [9/9/2004 11:18 AM 5120]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/24/2009 11:40 AM 24652]
    R3 PhnxVcd;PhnxVcd;c:\windows\system32\drivers\phnxvcd.sys [9/21/2004 9:05 PM 34688]
    R3 TSIKBF5;Traveling Software Keyboard Filter Driver;c:\windows\system32\drivers\TSIKBF5.sys [9/9/2004 11:18 AM 9728]
    R3 TSIMSF5;Traveling Software Mouse Filter Driver;c:\windows\system32\drivers\TSIMSF5.sys [9/9/2004 11:18 AM 5632]
    S1 TSIRCINK;Traveling Software Install Driver;c:\windows\system32\drivers\TSIRCINK.SYS [9/9/2004 11:18 AM 9216]
    S2 Ca536av;Take-it DV Series;c:\windows\system32\drivers\Ca536av.sys [9/9/2004 12:17 PM 514859]
    S2 mrtRate;mrtRate; [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/21/2010 12:36 PM 38224]
    Max Plank: "A new scientific truth does not
    triumph by convincing its opponents and making them
    see the light,
    but rather because its opponents eventually die"
    Arthur Shopenhauer: "Every truth passes through three stages before it is recognized.
    First, it is ridiculed. Second, it is opposed. Third, it is regarded as self evident."
    Martin Niemöller:
    "When the Nazis came for the communists,
    I remained silent;I was not a communist.
    When they locked up the social democrats,I remained silent;
    I was not a social democrat.When they came for the trade unionists,I did not speak out;
    I was not a trade unionist.When they came for the Jews,
    I remained silent;I wasn't a Jew.When they came for me,
    there was no one left to speak out."

  13. #28
    Joined
    Nov 2004
    Posts
    5,171

    Re: is this pc really trully clean?

    .
    Contents of the 'Scheduled Tasks' folder

    2006-10-28 c:\windows\Tasks\McDefragTask.job
    - c:\windows\system32\defrag.exe [2004-09-02 10:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=15784&l=dis
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 127.0.0.1
    IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\Steve Head\Start Menu\Programs\UltimateBet\UltimateBet.lnk
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Brenda Head\Application Data\Mozilla\Firefox\Profiles\kyeavvre.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15784&l=dis
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-McAfee® Desktop Security - c:\progra~1\MCAFEE.COM\PHOENI~1\UNWISE.EXE



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-08 22:28
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(844)
    c:\windows\System32\l3codeca.acm
    c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

    - - - - - - - > 'explorer.exe'(3864)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2010-05-08 22:29:38
    ComboFix-quarantined-files.txt 2010-05-09 03:29
    ComboFix2.txt 2010-05-09 03:21

    Pre-Run: 131,611,918,336 bytes free
    Post-Run: 131,589,734,400 bytes free

    - - End Of File - - 2CC0E0D3378990B7CBF2DBAAF58BC907
    Max Plank: "A new scientific truth does not
    triumph by convincing its opponents and making them
    see the light,
    but rather because its opponents eventually die"
    Arthur Shopenhauer: "Every truth passes through three stages before it is recognized.
    First, it is ridiculed. Second, it is opposed. Third, it is regarded as self evident."
    Martin Niemöller:
    "When the Nazis came for the communists,
    I remained silent;I was not a communist.
    When they locked up the social democrats,I remained silent;
    I was not a social democrat.When they came for the trade unionists,I did not speak out;
    I was not a trade unionist.When they came for the Jews,
    I remained silent;I wasn't a Jew.When they came for me,
    there was no one left to speak out."

  14. #29
    Joined
    Nov 2004
    Posts
    5,171

    Re: is this pc really trully clean?

    MBAM


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4080

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    5/8/2010 11:16:32 PM
    mbam-log-2010-05-08 (23-16-32).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 237533
    Time elapsed: 30 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    Max Plank: "A new scientific truth does not
    triumph by convincing its opponents and making them
    see the light,
    but rather because its opponents eventually die"
    Arthur Shopenhauer: "Every truth passes through three stages before it is recognized.
    First, it is ridiculed. Second, it is opposed. Third, it is regarded as self evident."
    Martin Niemöller:
    "When the Nazis came for the communists,
    I remained silent;I was not a communist.
    When they locked up the social democrats,I remained silent;
    I was not a social democrat.When they came for the trade unionists,I did not speak out;
    I was not a trade unionist.When they came for the Jews,
    I remained silent;I wasn't a Jew.When they came for me,
    there was no one left to speak out."

  15. #30
    Joined
    Jul 2003
    Location
    Australia
    Posts
    14,223

    Re: is this pc really trully clean?

    Only one thing in those logs that's potentially dodgy:
    • R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/24/2009 11:40 AM 24652]
    See this link for instructions on removing it.


    There are also a couple of other points to make:
    • There are lots of FOUND.XXX folders, which would suggest either hard drive errors, data corruption or frequent unexpected shutdowns. It would be wise to do the following:
      • Test the hard drive with the hard drive manufacturer's diagnostic tool (eg. Seatools for Seagate)
      • Run chkdsk /f on the hard drive.
      • Run sfc /scannow (unfortunately this may require an XP CD)
    • The firewall is disabled. Is there a reason for this?
    • There are a handful of programs on there that are probably not used or required. At the least, not required to run when the PC boots. If you want help getting rid of those and speeding up the PC a bit, post a HijackThis log and I'll show you what to do with it


    If the various antivirus scanners turn up with nothing and spybot doesn't list anything major, then there's a fairly solid chance that the PC is clean

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •