Am I infected?

[BlazingBlizzard]

Here are the log files

Thanks!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07

Run by Ammar at 12:46:35 on 2012-05-26

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.455 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: McAfee VirusScan *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\lxdicoms.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\oracle\ora81\bin\dbsnmp.exe

C:\oracle\ora81\bin\vppdc.exe

C:\oracle\ora81\Apache\Apache\Apache.exe

C:\oracle\ora81\BIN\TNSLSNR.exe

c:\oracle\ora81\bin\ORACLE.EXE

C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\oracle\ora81\Apache\jdk\bin\java.exe

C:\oracle\ora81\Apache\Apache\Apache.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe

C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Ralink\Common\RaUI.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Ammar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ammar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ammar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ammar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://cnn.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061204

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Page =

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061204

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

mSearchAssistant = hxxp://www.google.com/ie

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [Google Update] "c:\documents and settings\ammar\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe

mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe

mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [lxdimon.exe] "c:\program files\lexmark 3500-4500 series\lxdimon.exe"

mRun: [lxdiamon] "c:\program files\lexmark 3500-4500 series\lxdiamon.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

mExplorerRun: [none] c:\program files\video activex object\pmsngr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000

IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - hxxp://www.trendmicro.com/spyware-scan/as4web.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: qcom - {B8DBD265-42C3-43e6-B439-E968C71984C6} - c:\progra~1\common~1\quests~1\codexp~1\qcom.dll

Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sapgui\sapgui\SAPHTMLP.DLL

Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sapgui\sapgui\SAPHTMLP.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - No File

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - No File

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\ammar\application data\mozilla\firefox\profiles\thquglmn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:\documents and settings\ammar\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrlui.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-5-23 14776]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-29 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-29 337880]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-29 20696]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-29 44768]

R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]

R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-12-4 126976]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-12-4 122368]

R2 OracleOraHome81Agent;OracleOraHome81Agent;c:\oracle\ora81\bin\dbsnmp.exe [2000-11-12 246332]

R2 OracleOraHome81DataGatherer;OracleOraHome81DataGatherer;c:\oracle\ora81\bin\vppdc.exe [2000-11-12 170724]

R2 OracleOraHome81HTTPServer;OracleOraHome81HTTPServer;c:\oracle\ora81\apache\apache\Apache.exe [2000-11-9 3584]

R2 OracleOraHome81TNSListener;OracleOraHome81TNSListener;c:\oracle\ora81\bin\tnslsnr --> c:\oracle\ora81\bin\TNSLSNR [?]

R2 OracleServiceORCL;OracleServiceORCL;c:\oracle\ora81\bin\oracle.exe orcl --> c:\oracle\ora81\bin\ORACLE.EXE ORCL [?]

R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RalinkRegistryWriter.exe [2009-4-23 75040]

S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2010-3-25 99248]

S2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-12-4 221184]

S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-12-4 245760]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-15 129976]

S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-12-4 114464]

S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\ora81\bin\ONRSD.EXE [2000-10-19 411244]

S3 OracleOraHome81PagingServer;OracleOraHome81PagingServer;c:\oracle\ora81\bin\pagntsrv.exe [2009-6-28 52224]

S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2009-4-23 16512]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-4-23 650624]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-4-20 194304]

S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]

.

=============== Created Last 30 ================

.

2012-05-25 21:27:51 -------- d-----w- c:\documents and settings\ammar\application data\SUPERAntiSpyware.com

2012-05-25 21:26:42 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-05-25 21:26:42 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2012-05-24 02:09:43 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-05-24 02:04:44 -------- d-----w- c:\documents and settings\ammar\application data\IObit

2012-05-24 02:04:43 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-05-24 02:04:38 -------- d-----w- c:\program files\IObit

2012-05-24 01:57:03 -------- d-----w- c:\program files\CCleaner

2012-05-24 01:56:01 -------- d-----w- c:\documents and settings\ammar\application data\Malwarebytes

2012-05-24 01:55:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-05-24 01:55:41 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-24 01:55:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-24 01:47:57 -------- d-----w- c:\documents and settings\ammar\jagexcache

2012-05-24 01:43:34 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-22 22:38:01 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-15 19:27:49 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-05-15 19:27:36 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2012-05-15 19:27:36 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

.

==================== Find3M ====================

.

2012-05-24 01:43:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

.

============= FINISH: 12:52:50.03 ===============

DDS.txt

Attach.txt

[Maurice Naggar]

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

[BlazingBlizzard]

Nothing was found by ESET...I'm trying the other one now, will post log soon.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=79ed8390f231f94a998e727efafbb3fb

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-27 06:55:54

# local_time=2012-05-27 01:55:54 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 169418794 169418794 0 0

# compatibility_mode=768 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=119223

# found=0

# cleaned=0

# scan_time=5365

[BlazingBlizzard]

Okay, didn't now it would only take a minute, haha.Well, here it is.

Results of screen317's Security Check version 0.99.38

Windows XP Service Pack 2 x86

Out of date service pack!!

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Antivirus

McAfee VirusScan

Antivirus out of date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

SUPERAntiSpyware

Malwarebytes Anti-Malware version 1.61.0.1400

CCleaner

Java™ 6 Update 7

Java version out of date!

Adobe Flash Player 11.2.202.235

Adobe Reader 7 Adobe Reader out of date!

Mozilla Firefox (12.0)

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

``````````End of Log````````````

[Maurice Naggar]

When was the last time you checked on Windows Update or Automatic Update?

When was the last time you checked as to whether your utility programs were up-to-date ?

Why do you have 2 antivirus programs installed

Your Windows XP is at service pack 2 and not service pack 3. Your system is not getting security updates from MS because of that.

Why have you not applied service pack 3?

In addition, your Java runtime is out of date, as is your Flash Player, and also your Adobe Reader.

All four of the above conditions have this pc as a very tempting target for viruses and other malwares.

IF the Mcafee Viruscan program has a lapsed (not current/expired/ or trial) license, then Un-install it and then Restart the pc.

Having two active monitor antivirus programs leads to deadly-deadlocks and gives less protection.

IF your McAfee is current and paid for, then un-install Avast.

But un-install one or the other and tell me which one you kept.

Confirm this when done.

There is much, much more to follow (after your next reply)

Meantime do NO websurfing of any kind, NO online transactions.

BTW, do not ATTACH logs. Do a Copy & Paste of the logs into main body of reply.

[BlazingBlizzard]

Sorry, I just noticed all tha.t O_O This is actually not my computer, it's my sister's, an for some reason they don't seem to do updates...=/

Anyways, I'll do what I can, but I wont have access to this laptop after tomorrow for a while, so I don't now if I can finish everything by then...

[BlazingBlizzard]

Also, I forgot to mention in the last post, and I can't seem to find the edit option if there is one, but Mcafee does not appear in add/remove items, but it pops up on startup...could you recommend a program or something that completely un-installs mcafee?Or do you recommend Mcafee over Avast! ?

Thans for all your help!

[Maurice Naggar]

If you have checked in Control Panel >>Add-or-Remove Programs & McAfee does not appear there, then you should use the McAfee Consumer Product Removal tool to remove it.

Download and run MCPR.exe:

Download the removal tool from http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe.

Click Save, and save the file to a folder on your computer.

Navigate to the folder where the file was saved.

Ensure that all McAfee windows are closed.

Double-click MCPR.exe to run the removal tool.

NOTE: Windows Vista/7 users must right-click MCPR.exe and select Run as Administrator.

Restart your computer after receiving the message CleanUp Successful.

Your McAfee product will not be fully removed until the system is restarted.

[BlazingBlizzard]

Okay, what should I do now?I'm almost done with Windows Updates, and I ran the tool, although your link is dead.....I used this.

[Maurice Naggar]

The link for McAfee removal tool should be http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS100507

Download Dr.Web CureIt to the desktop.

• Turn OFF your antivirus program.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, chose the Complete Scan.
  
• Select all drives. A red dot shows which drives have been chosen.
  
• Click the green arrow at the right, and the scan will start.
  
• Click 'Yes to all' if it asks if you want to cure/move the file.
  
• When the scan has finished, look and see if you can click the following icon next to the files found:
  
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  
• Save the report to your desktop. The report will be called DrWeb.csv
  
• Close Dr.Web Cureit.
  
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
  

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

[BlazingBlizzard]

Should I also turn off my internet when I scanAlso, should I use MSE or Avast! free?

[BlazingBlizzard]

Okay, didn't have time to do both, so I just did a full scan.It found something that was ''incurabale'' but I accidentally deleted it instead of moving it to quarantine.....

Log:

cachesection;C:\Documents and Settings\Ammar\Application Data\Mozilla\Firefox\Profiles\thquglmn.default\Yahoo! Inc\ytoolbar\default;Probably SCRIPT.Virus;Incurable.Deleted.;

[Maurice Naggar]

Allright. Tell me, How is your system now ?

As to Avast & MS Essentials, both are good. If it were me, I'd probably go with MSE.

Caution: You must be very, very careful if you ever switch antivirus apps.

The preferred method & sequence is:

1) Have new setup-program saved and On-hand

2) Disconnect pc from internet connection (un-plug internet connection)

3) Use Programs and Features (in Vista or Windows 7) [Add-or-Remove programs in XP] and de-install old antivirus.

4) Logoff & Restart Windows

5) Run setup of the new antivirus app

6) Reconnect to internet

7) Make an Update run-function with your Antivirus & insure it is current & up-to-date

Let me know how the system is now.

[BlazingBlizzard]

I no longer have access to that laptop (my sister lives in a different city;I had went to visit her), but it seemed fine, however my brother-in-law said he would probably format the laptop and install the OS again anyways later.Thanks for your help!

[Maurice Naggar]

OK. Thanks for the update. I am closing this topic now.