Jump to content


Photo
- - - - -

Can't remove Hijack WindowsUpdates


  • This topic is locked This topic is locked
14 replies to this topic

#1 Gambler1st

Gambler1st

    New Member

  • Members
  • Pip
  • 8 posts
  • Location:Amsterdam

Posted 25 September 2009 - 02:15 PM

Hi There,

Since yesterday my Malware Bytes alerts me about 2 entries in the Registry Data with the name Hijack WindowsUpdates.
I've seen topics where there is a suggestion to delete this, but it seems it is specified to user who post question
Please Help

This is the log file:

Malwarebytes' Anti-Malware 1.41
Database version: 2860
Windows 5.1.2600 Service Pack 3

25-9-2009 21:11:36
mbam-log-2009-09-25 (21-11-36).txt

Scan type: Quick Scan
Objects scanned: 119497
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#2 Gambler1st

Gambler1st

    New Member

  • Members
  • Pip
  • 8 posts
  • Location:Amsterdam

Posted 26 September 2009 - 11:37 AM

Please, can you help me. I need this to go away.

Thank you very much!

Regards
Gambler

#3 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 26 September 2009 - 07:01 PM

Hi and welcome to Malwarebytes.


Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 Gambler1st

Gambler1st

    New Member

  • Members
  • Pip
  • 8 posts
  • Location:Amsterdam

Posted 27 September 2009 - 02:13 AM

Hi screen 317,

Thank you for your help. Here are my log Files:

--COMBOFIX LOG--

ComboFix 09-09-25.01 - biesmar 27-09-2009 8:28.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1350 [GMT 2:00]
Running from: c:\documents and settings\Biesmar\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
c:\documents and settings\Biesmar\Application Data\Microsoft\Clip Organizer\mstore10.mgc
c:\documents and settings\Biesmar\Application Data\Microsoft\Clip Organizer\Offic10.MGC
c:\recycler\S-1-5-21-1236027963-590738440-2331357172-500
c:\recycler\S-1-5-21-4156654137-380929339-3244173841-500
c:\windows\Installer\26ec5.msp
c:\windows\Installer\48ff8.msp
c:\windows\system32\Cache
c:\windows\system32\drivers\d2297f7c.sys
c:\windows\system32\Ijl11.dll
c:\windows\system32\mswinup.exe
c:\windows\system32\winsvcup.exe
c:\windows\system32\winupsvc.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_MSUPDATE
-------\Service_Iprip
-------\Service_d2297f7c


((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 )))))))))))))))))))))))))))))))
.

2009-09-25 18:46 . 2009-09-25 18:46 -------- d-----w- C:\ARK
2009-09-24 19:49 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-24 19:49 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-24 19:49 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-24 19:48 . 2009-09-24 19:48 -------- d-----w- c:\documents and settings\Biesmar\Application Data\PC Tools
2009-09-24 19:48 . 2009-09-24 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-24 19:46 . 2009-09-24 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-24 19:34 . 2009-09-24 21:30 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-24 19:34 . 2009-09-25 18:57 -------- d-----w- c:\program files\Spyware Doctor
2009-09-24 19:19 . 2009-09-24 19:19 -------- d-----w- c:\program files\Enigma Software Group
2009-09-16 21:55 . 2009-09-16 21:55 -------- d-----w- c:\program files\EA Sports
2009-09-12 17:47 . 2009-09-19 21:25 -------- d-----w- c:\documents and settings\Biesmar\Application Data\Pro Cycling Manager 2009
2009-09-12 16:16 . 2009-09-25 17:03 -------- d-----w- c:\program files\Cyanide

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 06:55 . 2008-10-09 09:00 -------- d-----w- c:\program files\Symantec AntiVirus
2009-09-27 06:25 . 2008-10-06 07:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-25 20:43 . 2008-06-10 10:45 475608 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-25 17:05 . 2008-04-19 06:01 -------- d-----w- c:\program files\KONAMI
2009-09-24 19:46 . 2009-03-23 09:51 -------- d-----w- c:\program files\Google
2009-09-22 21:18 . 2008-04-16 14:01 -------- d-----w- c:\documents and settings\Biesmar\Application Data\Azureus
2009-09-17 20:03 . 2008-06-09 20:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-16 19:48 . 2008-10-09 09:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 12:54 . 2008-10-09 09:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-10-09 09:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-21 15:36 . 2009-03-23 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-08-21 15:35 . 2007-08-01 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2009-08-21 15:35 . 2007-08-01 14:47 -------- d-----w- c:\program files\Windows Live
2009-08-11 20:04 . 2009-07-31 18:32 -------- d-----w- c:\documents and settings\Biesmar\Application Data\GrabIt
2009-07-31 18:24 . 2009-07-31 18:24 -------- d-----w- c:\program files\GrabIt
2009-07-28 17:01 . 2009-07-28 17:01 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-15 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2009-06-03 5069648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2008-02-22 86016]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-02-18 303104]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2008-02-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
"MSSQLSERVER"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"MSSQL$TEST2008"=2 (0x2)
"SQLSERVERAGENT"=3 (0x3)
"SQLAgent$TEST2008"=3 (0x3)
"MSSQLServerOLAPService"=2 (0x2)
"MSOLAP$TEST2008"=2 (0x2)
"msftesql"=2 (0x2)
"MsDtsServer100"=2 (0x2)
"ReportServer$TEST2008"=2 (0x2)
"SQLWriter"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"stllssvr"=3 (0x3)
"SQLBrowser"=2 (0x2)
"SQLAgent$SQL2005"=3 (0x3)
"SavRoam"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MSSQL$SQL2005"=2 (0x2)
"MSOLAP$SQL2005"=2 (0x2)
"msftesql$SQL2005"=2 (0x2)
"MsDtsServer"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"vmh"=3 (0x3)
"Virtual Server"=2 (0x2)
"NVSvc"=2 (0x2)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"Fax"=2 (0x2)
"ERSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Virtual Server\\vssrvc.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"135:TCP"= 135:TCP:Remote Procedure Call

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 pctcore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [24-9-2009 21:49 130936]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [19-12-2006 15:21 79432]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2-11-2006 13:32 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [24-9-2009 21:05 102448]
R3 vhdbus;Microsoft Virtual Server Storage Bus;c:\windows\system32\drivers\vhdbus.sys [5-5-2007 4:25 25480]
S3 EC168BDA;EC168BDA service;c:\windows\system32\DRIVERS\EC168BDA.sys --> c:\windows\system32\DRIVERS\EC168BDA.sys [?]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [24-9-2009 21:48 348752]
S4 MsDtsServer;SQL Server Integration Services;"c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" --> c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [?]
S4 msftesql$SQL2005;SQL Server FullText Search (SQL2005);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:SQL2005 --> c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [?]
S4 MSOLAP$SQL2005;SQL Server Analysis Services (SQL2005);"c:\program files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "c:\program files\Microsoft SQL Server\MSSQL.2\OLAP\Config" --> c:\program files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [?]
S4 MSSQL$SQL2005;SQL Server (SQL2005);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQL2005 --> c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23-9-2005 7:01 2799808]
S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27-9-2006 20:33 116464]
S4 SQLAgent$SQL2005;SQL Server Agent (SQL2005);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i SQL2005 --> c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [?]
S4 Virtual Server;Virtual Server;c:\program files\Microsoft Virtual Server\vssrvc.exe [24-5-2007 13:36 3373432]
S4 vmh;Virtual Machine Helper;c:\program files\Microsoft Virtual Server\vmh.exe [24-5-2007 13:36 166808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-24 19:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 10.17.6.48:8080
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://90.145.4.49:8080/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 08:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\msftesql$SQL2005]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQL2005"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2856)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\scardsvr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2009-09-27 9:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-27 07:03

Pre-Run: 86.856.097.792 bytes free
Post-Run: 87.089.676.288 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
262 --- E O F --- 2009-09-03 10:20



--Here is the Hijackthis log--

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:15, on 27-9-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=en&client=dell-row-rel&channel=nl&ibd=5070712
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.17.6.48:8080
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://the.earth.li
O15 - ESC Trusted Zone: http://*.kixtart.org
O15 - ESC Trusted Zone: http://files6.rarlab.com
O15 - ESC Trusted Zone: http://support.ricoh.com
O15 - ESC Trusted Zone: http://mesh.dl.sourceforge.net
O15 - ESC Trusted IP range: http://10.0.0.10
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://90.145.4.49:8...activex/AMC.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://portal.rocmn...perSetupSP1.cab
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - http://10.200.8.21/R...OpType=PrintCab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = backoffice.rubicongroup.biz
O17 - HKLM\Software\..\Telephony: DomainName = backoffice.rubicongroup.biz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = backoffice.rubicongroup.biz
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = backoffice.rubicongroup.biz
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = backoffice.rubicongroup.biz
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = backoffice.rubicongroup.biz
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10458 bytes


Hope to hear from you soon!

Thank you again!

Regards

Gambler

#5 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 27 September 2009 - 03:07 AM

Hi,

Things are looking good. B)

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.
  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.


Next, download my Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 Gambler1st

Gambler1st

    New Member

  • Members
  • Pip
  • 8 posts
  • Location:Amsterdam

Posted 27 September 2009 - 03:23 PM

HI good to hear it looks goed B)

Here are the results from the F-Secure Scan:

--RESULTS--
Scanning Report
Sunday, September 27, 2009 21:21:16 - 22:09:59
Computer name: 3WKCL3J
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\


--------------------------------------------------------------------------------

7 malware found
TrackingCookie.Atdmt (spyware)
System (Disinfected)
TrackingCookie.Adtech (spyware)
System (Disinfected)
TrackingCookie.Doubleclick (spyware)
System (Disinfected)
TrackingCookie.Admeta (spyware)
System (Disinfected)
Trojan.Generic.1771037 (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)
Trojan.Generic.1771037 (virus)
C:\WINDOWS\SYSTEM32\WB64977.DLL (Not cleaned)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 60112
System: 3866
Not scanned: 8
Actions:
Disinfected: 6
Renamed: 0
Deleted: 0
Not cleaned: 1
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\VIRTUAL MACHINE HELPER\NETWORK SERVICE

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.




And here is the log of security check

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Symantec AntiVirus
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java™ 6 Update 2
Java™ 6 Update 5
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2 - Nederlands
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````


These are the logs you requested.

I'm still having the problem with the hijack WindowsUpdate. It's the only problem, everything else is working perfectly well.

Thank you so far. Hope to hear from you soon with more helpfull suggestions!

Regards
Marty

#7 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 27 September 2009 - 06:40 PM

Hi Marty,

Navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java™ 6 Update 2
Java™ 6 Update 5
Adobe Reader 8.1.2 - Nederlands


Restart your computer.

Get the latest version of Java and Adobe Reader.


Update MBAM, run a Quick Scan, and post its log.

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 Gambler1st

Gambler1st

    New Member

  • Members
  • Pip
  • 8 posts
  • Location:Amsterdam

Posted 28 September 2009 - 02:45 PM

Hi!

I deleted the items you requested and installed the new Java and Adobe Reader.

Here are the scan results from my last Malware Bytes scan:

Malwarebytes' Anti-Malware 1.41
Database version: 2868
Windows 5.1.2600 Service Pack 3

28-9-2009 21:44:29
mbam-log-2009-09-28 (21-44-29).txt

Scan type: Quick Scan
Objects scanned: 122195
Time elapsed: 8 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Regards

Marty

#9 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 29 September 2009 - 11:42 PM

Hi,

Malwarebytes currently has problems with dealing with keys where permissions are set, but that will be fixed in next version.
To deal with this for now, Please download and run WUS_Fix.exe: http://users.telenet...ols/WUS_Fix.exe
This should restore the default registry settings related with BITS and Automatic updates.

Let me know if that solved it.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 Gambler1st

Gambler1st

    New Member

  • Members
  • Pip
  • 8 posts
  • Location:Amsterdam

Posted 30 September 2009 - 05:52 AM

Thanks! I will download the program when I get home. And try to fix. I will report back tonight.

Gambler

#11 Gambler1st

Gambler1st

    New Member

  • Members
  • Pip
  • 8 posts
  • Location:Amsterdam

Posted 30 September 2009 - 02:09 PM

Thanks! I downloaded the program and run it. The two notifications in MALWARE BYTES are gone!!

Do you also have suggestions on what process i can stop in windows XP

Thanks again!

#12 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 30 September 2009 - 06:25 PM

Great to hear.

Do you also have suggestions on what process i can stop in windows XP

Err, could you elaborate on this? What do you mean what process you can stop? And why?

Please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 Gambler1st

Gambler1st

    New Member

  • Members
  • Pip
  • 8 posts
  • Location:Amsterdam

Posted 03 October 2009 - 01:03 PM

Hi this is the link with the results

http://www.pcpitstop...?conid=22768305

#14 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 03 October 2009 - 10:55 PM

Hi,

PCPitStop noted several things that you can do to improve the shape your computer is in.

Pay particular attention to these items:


• Delete Temporary Files:

Please download CCleaner and save it to your desktop.
  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!
Now, open CCleaner:
  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.
  • Then, click the "Applications" tab:
    • CHECK everything there.
  • Next, click the "Options" button in the left pane, then click the "Advanced" button:
    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".
  • Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
  • When done, please exit CCleaner.
CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.


• Reduce System Restore space (Drive C):
Right click My Computer and click Properties. Select the System Restore tab, and move the slider to 3%. You're pretty much wasting disk space otherwise.


• Defragment files (Drive C)
Defragmenting is a must. It's one of the large reasons for system slowdowns. I use JkDefrag to defragment. You can use it forever. I recommend installing it and defragmenting as soon as possible


• Update outdated device drivers:
Right click My Computer, click Properties, click the Hardware tab, and then click Device Manager. Update the drivers for your Sound card, Video card, Ethernet card. Use the trial of Driver Alert from PCPitStop (click • Update outdated device drivers), to see which drivers should be updated.


Also take the time to take a look at the other tips PCPitStop reported. I've just highlighted some of the more important ones.


After doing all of that, restart your computer, use it normally for a while, and let me know what issues remain.

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 12 October 2009 - 05:34 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users