Guest K.Sawyer Posted September 23, 2007 Posted September 23, 2007 My friend bought a computer but didn't realize that she needed to "purchase" the anti-virus after it's trial period ran. They use cable internet service. There was no anti-virus or firewall protection shortly after purchasing the computer. Kids accessed internet and MySpace frequently. I've run Trend Micro and it found over 615 virus's. 2 MS Dos virus's and 1 internet worm. I thought of formatting the drive and reinstalling everything, they have basically nothing on the computer. They are running XP Home Edition. Any advice on how to clean? Should I just format and reinstall from scratch? Below is a report from HiJackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:34:37 PM, on 9/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\acs.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\NavNT\defwatch.exe C:\WINDOWS\system32\cba\pds.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\cba\xfr.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\NavNT\vptray.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\AOL\1127817622\ee\AOLSoftware.exe C:\Program Files\Roxio\Media Experience\DMXLauncher.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe c:\program files\common files\aol\1127817622\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE C:\Documents and Settings\Ruby Sawyer\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127817622\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [superAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe O4 - Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ? O4 - Global Startup: D-Link REG Utility.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .html: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141747084644 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175458045265 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10794 bytes -- K.Sawyer
Guest Shenan Stanley Posted September 23, 2007 Posted September 23, 2007 Re: over 600 virus's found! ran anti-virus but still not working K.Sawyer wrote: > My friend bought a computer but didn't realize that she needed to > "purchase" the anti-virus after it's trial period ran. They use > cable internet service. There was no anti-virus or firewall > protection shortly after purchasing the computer. Kids accessed > internet and MySpace frequently. I've run Trend Micro and it found > over 615 virus's. 2 MS Dos virus's and 1 internet worm. > I thought of formatting the drive and reinstalling everything, they > have basically nothing on the computer. They are running XP Home > Edition. Any advice on how to clean? Should I just format and > reinstall from scratch? Below is a report from HiJackThis: <snip> Please - if you feel your post is relevant to multiple groups - cross-post instead of multi-posting. Better for yourself as well as those who might answer you. Please see your other post for my suggestions... -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html
Guest Lil' Dave Posted September 23, 2007 Posted September 23, 2007 Re: over 600 virus's found! ran anti-virus but still not working "K.Sawyer" <KSawyer@discussions.microsoft.com> wrote in message news:1DDAA1A0-8A26-4EA9-9131-01938F2308B5@microsoft.com... > My friend bought a computer but didn't realize that she needed to > "purchase" > the anti-virus after it's trial period ran. They use cable internet > service. > There was no anti-virus or firewall protection shortly after purchasing > the > computer. Kids accessed internet and MySpace frequently. I've run Trend > Micro and it found over 615 virus's. 2 MS Dos virus's and 1 internet > worm. > I thought of formatting the drive and reinstalling everything, they have > basically nothing on the computer. They are running XP Home Edition. > Any > advice on how to clean? Should I just format and reinstall from scratch? > Below is a report from HiJackThis: > Logfile of Trend Micro HijackThis v2.0.2 > Scan saved at 9:34:37 PM, on 9/22/2007 > Platform: Windows XP SP2 (WinNT 5.01.2600) > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) > Boot mode: Normal > > Running processes: > C:\WINDOWS\System32\smss.exe > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\System32\acs.exe > C:\WINDOWS\system32\spoolsv.exe > C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe > C:\WINDOWS\system32\cisvc.exe > C:\WINDOWS\System32\CTsvcCDA.exe > C:\Program Files\NavNT\defwatch.exe > C:\WINDOWS\system32\cba\pds.exe > C:\Program Files\NavNT\rtvscan.exe > C:\WINDOWS\system32\nvsvc32.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\wanmpsvc.exe > C:\WINDOWS\System32\MsPMSPSv.exe > C:\WINDOWS\system32\cba\xfr.exe > C:\WINDOWS\system32\MsgSys.EXE > C:\WINDOWS\Explorer.EXE > C:\Program Files\NavNT\vptray.exe > C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe > C:\Program Files\Logitech\MouseWare\system\em_exec.exe > C:\Program Files\Real\RealPlayer\RealPlay.exe > C:\Program Files\Common Files\AOL\1127817622\ee\AOLSoftware.exe > C:\Program Files\Roxio\Media Experience\DMXLauncher.exe > C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe > C:\Program Files\HP\HP Software Update\HPWuSchd.exe > C:\Program Files\HP\hpcoretech\hpcmpmgr.exe > C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe > C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe > C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe > C:\Program Files\Nikon\PictureProject\NkbMonitor.exe > C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe > c:\program files\common > files\aol\1127817622\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP > Scheduler.exe > C:\WINDOWS\system32\HPZipm12.exe > C:\WINDOWS\system32\cidaemon.exe > C:\Program Files\Common Files\LightScribe\LSSrvc.exe > C:\WINDOWS\System32\msiexec.exe > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE > C:\Documents and Settings\Ruby Sawyer\Desktop\HiJackThis.exe > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > http://www.dellnet.com/ > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = > http://home.peoplepc.com/search/ > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = > http://www.comcast.net/home.html > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = > http://www.dellnet.com/ > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet > Settings,ProxyOverride = http://localhost > O2 - BHO: SuperAdBlockerBHO Class - > {00000000-6C30-11D8-9363-000AE6309654} - > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll > O2 - BHO: Adobe PDF Reader Link Helper - > {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat > 7.0\ActiveX\AcroIEHelper.dll > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - > C:\PROGRA~1\SPYBOT~1\SDHelper.dll > O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - > C:\Program Files\AOL Toolbar\toolbar.dll > O3 - Toolbar: Super Ad Blocker Toolbar - > {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program > Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE > C:\WINDOWS\system32\NvCpl.dll,NvStartup > O4 - HKLM\..\Run: [diagent] "C:\Program > Files\Creative\SBLive\Diagnostics\diagent.exe" startup > O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE > O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe > O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe > O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe > /embedding > O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe > O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe > O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common > Files\AOL\ACS\AOLDial.exe > O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe > SYSTEMBOOTHIDEPLAYER > O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common > Files\AOL\1127817622\ee\AOLSoftware.exe > O4 - HKLM\..\Run: [Pure Networks Port Magic] > "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run > O4 - HKLM\..\Run: [nwiz] nwiz.exe /install > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" > -atboottime > O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media > Experience\DMXLauncher.exe" > O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program > Files\Roxio\Drag-to-Disc\DrgToDsc.exe > O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software > Update\HPWuSchd.exe" > O4 - HKLM\..\Run: [HP Component Manager] "C:\Program > Files\HP\hpcoretech\hpcmpmgr.exe" > O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" > /background > O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat > 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 > O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & > Destroy\TeaTimer.exe > O4 - HKCU\..\Run: [superAdBlocker] C:\Program > Files\SuperAdBlocker.com\Super > Ad Blocker\SAdBlock.exe > O4 - Startup: PictureProject In Touch.lnk = C:\Program > Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe > O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program > Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe > O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program > Files\America Online 9.0b\aoltray.exe > O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ? > O4 - Global Startup: D-Link REG Utility.lnk = ? > O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program > Files\HP\Digital Imaging\bin\hpqtra08.exe > O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft > Office\Office10\OSA.EXE > O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program > Files\Nikon\PictureProject\NkbMonitor.exe > O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program > Files\AOL Toolbar\toolbar.dll/SEARCH.HTML > O8 - Extra context menu item: E&xport to Microsoft Excel - > res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 > O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - > C:\Program Files\AOL Toolbar\toolbar.dll > O9 - Extra 'Tools' menuitem: AOL Toolbar - > {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL > Toolbar\toolbar.dll > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - > C:\WINDOWS\System32\Shdocvw.dll > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - > C:\Program Files\Messenger\msmsgs.exe > O9 - Extra 'Tools' menuitem: Windows Messenger - > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program > Files\Messenger\msmsgs.exe > O12 - Plugin for .html: C:\Program Files\Netscape\Netscape > Browser\PLUGINS\npTrident.dll > O12 - Plugin for .spop: C:\Program Files\Internet > Explorer\Plugins\NPDocBox.dll > O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - > http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab > O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - > http://photos.walmart.com/WalmartActivia.cab > O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj > Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab > O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - > http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141747084644 > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175458045265 > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} > (MsnMessengerSetupDownloadControl Class) - > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab > O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - > http://www.popcap.com/games/popcaploader_v6.cab > O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - > http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab > O20 - Winlogon Notify: !SABWinLogon - C:\Program > Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL > O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - > C:\WINDOWS\System32\acs.exe > O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - > C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe > O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown > owner - > C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) > O23 - Service: Creative Service for CDROM Access - Creative Technology > Ltd - > C:\WINDOWS\System32\CTsvcCDA.exe > O23 - Service: DefWatch - Symantec Corporation - C:\Program > Files\NavNT\defwatch.exe > O23 - Service: DSBrokerService - Unknown owner - C:\Program > Files\DellSupport\brkrsvc.exe > O23 - Service: Google Updater Service (gusvc) - Google - C:\Program > Files\Google\Common\Google Updater\GoogleUpdaterService.exe > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision > Corporation - C:\Program Files\Common > Files\InstallShield\Driver\1050\Intel > 32\IDriverT.exe > O23 - Service: Intel File Transfer - Intel® Corporation - > C:\WINDOWS\system32\cba\xfr.exe > O23 - Service: Intel PDS - Intel® Corporation - > C:\WINDOWS\system32\cba\pds.exe > O23 - Service: LightScribeService Direct Disc Labeling Service > (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common > Files\LightScribe\LSSrvc.exe > O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - > Unknown > owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) > O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - > C:\WINDOWS\System32\NMSSvc.exe > O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - > Symantec > Corporation - C:\Program Files\NavNT\rtvscan.exe > O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA > Corporation - > C:\WINDOWS\system32\nvsvc32.exe > O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe > O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program > Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe > O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program > Files\Common Files\Sonic Shared\RoxioUpnpService9.exe > O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - > C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe > O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common > Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe > O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE > O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program > Files\Common Files\SureThing Shared\stllssvr.exe > O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America > Online, Inc. - C:\WINDOWS\wanmpsvc.exe > > -- > End of file - 10794 bytes > > > > > > > -- > K.Sawyer In your situation, I would wipe the entire partition. Not just format it. A restore type of install for a factory PC does this. A windows CD install, you have to instruct it to do so at the beginning of the setup program. But, I don't know where the 3rd party apps originated in the situation you presented. That needs to be sourced from something. Verify existence of same and any needed product codes/IDs. I've had one really bad problem with AOL using same password to get online via AOL with a new install of OS and AOL from its CD. Tell your friend that the latest virus defintions is like knowing what to shop for. The older definitions are no longer all in style. She might end up putting something in the closet that will wreck her wardrobe as a result. Dave
Guest dobey Posted September 23, 2007 Posted September 23, 2007 Re: over 600 virus's found! ran anti-virus but still not working "Lil' Dave" <spamyourself@virus.net> wrote in message news:%<snip> > Tell your friend that the latest virus defintions is like knowing what to > shop for. The older definitions are no longer all in style. She might > end up putting something in the closet that will wreck her wardrobe as a > result. > Dave > That has to be the worst analogy ever. I doubt his friend it totally stupid, but like many people they just don't read messages properly, because there are either so many, or whenever they ask advice they are told, "Oh don't worry about that message just click OK", so eventually they OK everything till the PC stops working. I'm sure if he just explains new viruses arrive on a regular basis, and the anti-virus needs to download the information to recognize the new viruses she will understand. It sounds like a format and re-install would be the way to go, then make an image after programs are installed and XP is activated. The OP doesn't say if it's a new PC or second hand, but make sure you have all appropriate drivers and settings etc.., and that if it is an OEM version it can be reactivated.
Guest GHalleck Posted September 23, 2007 Posted September 23, 2007 Re: over 600 virus's found! ran anti-virus but still not working K.Sawyer wrote: > My friend bought a computer but didn't realize that she needed to "purchase" > the anti-virus after it's trial period ran. They use cable internet service. > There was no anti-virus or firewall protection shortly after purchasing the > computer. Kids accessed internet and MySpace frequently. I've run Trend > Micro and it found over 615 virus's. 2 MS Dos virus's and 1 internet worm. > I thought of formatting the drive and reinstalling everything, they have > basically nothing on the computer. They are running XP Home Edition. Any > advice on how to clean? Should I just format and reinstall from scratch? > Below is a report from HiJackThis: > Logfile of Trend Micro HijackThis v2.0.2 > Scan saved at 9:34:37 PM, on 9/22/2007 > Platform: Windows XP SP2 (WinNT 5.01.2600) > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) > Boot mode: Normal > > Running processes: > C:\WINDOWS\System32\smss.exe > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\System32\acs.exe > C:\WINDOWS\system32\spoolsv.exe > C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe > C:\WINDOWS\system32\cisvc.exe > C:\WINDOWS\System32\CTsvcCDA.exe > C:\Program Files\NavNT\defwatch.exe > C:\WINDOWS\system32\cba\pds.exe > C:\Program Files\NavNT\rtvscan.exe > C:\WINDOWS\system32\nvsvc32.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\wanmpsvc.exe > C:\WINDOWS\System32\MsPMSPSv.exe > C:\WINDOWS\system32\cba\xfr.exe > C:\WINDOWS\system32\MsgSys.EXE > C:\WINDOWS\Explorer.EXE > C:\Program Files\NavNT\vptray.exe > C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe > C:\Program Files\Logitech\MouseWare\system\em_exec.exe > C:\Program Files\Real\RealPlayer\RealPlay.exe > C:\Program Files\Common Files\AOL\1127817622\ee\AOLSoftware.exe > C:\Program Files\Roxio\Media Experience\DMXLauncher.exe > C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe > C:\Program Files\HP\HP Software Update\HPWuSchd.exe > C:\Program Files\HP\hpcoretech\hpcmpmgr.exe > C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe > C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe > C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe > C:\Program Files\Nikon\PictureProject\NkbMonitor.exe > C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe > c:\program files\common > files\aol\1127817622\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP > Scheduler.exe > C:\WINDOWS\system32\HPZipm12.exe > C:\WINDOWS\system32\cidaemon.exe > C:\Program Files\Common Files\LightScribe\LSSrvc.exe > C:\WINDOWS\System32\msiexec.exe > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE > C:\Documents and Settings\Ruby Sawyer\Desktop\HiJackThis.exe > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > http://www.dellnet.com/ > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = > http://home.peoplepc.com/search/ > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = > http://www.comcast.net/home.html > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = > http://www.dellnet.com/ > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet > Settings,ProxyOverride = http://localhost > O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll > O2 - BHO: Adobe PDF Reader Link Helper - > {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat > 7.0\ActiveX\AcroIEHelper.dll > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - > C:\PROGRA~1\SPYBOT~1\SDHelper.dll > O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - > C:\Program Files\AOL Toolbar\toolbar.dll > O3 - Toolbar: Super Ad Blocker Toolbar - > {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program > Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE > C:\WINDOWS\system32\NvCpl.dll,NvStartup > O4 - HKLM\..\Run: [diagent] "C:\Program > Files\Creative\SBLive\Diagnostics\diagent.exe" startup > O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE > O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe > O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe > O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe > /embedding > O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe > O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe > O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common > Files\AOL\ACS\AOLDial.exe > O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe > SYSTEMBOOTHIDEPLAYER > O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common > Files\AOL\1127817622\ee\AOLSoftware.exe > O4 - HKLM\..\Run: [Pure Networks Port Magic] > "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run > O4 - HKLM\..\Run: [nwiz] nwiz.exe /install > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" > -atboottime > O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media > Experience\DMXLauncher.exe" > O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program > Files\Roxio\Drag-to-Disc\DrgToDsc.exe > O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software > Update\HPWuSchd.exe" > O4 - HKLM\..\Run: [HP Component Manager] "C:\Program > Files\HP\hpcoretech\hpcmpmgr.exe" > O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" > /background > O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat > 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 > O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & > Destroy\TeaTimer.exe > O4 - HKCU\..\Run: [superAdBlocker] C:\Program Files\SuperAdBlocker.com\Super > Ad Blocker\SAdBlock.exe > O4 - Startup: PictureProject In Touch.lnk = C:\Program > Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe > O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program > Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe > O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program > Files\America Online 9.0b\aoltray.exe > O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ? > O4 - Global Startup: D-Link REG Utility.lnk = ? > O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program > Files\HP\Digital Imaging\bin\hpqtra08.exe > O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft > Office\Office10\OSA.EXE > O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program > Files\Nikon\PictureProject\NkbMonitor.exe > O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program > Files\AOL Toolbar\toolbar.dll/SEARCH.HTML > O8 - Extra context menu item: E&xport to Microsoft Excel - > res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 > O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - > C:\Program Files\AOL Toolbar\toolbar.dll > O9 - Extra 'Tools' menuitem: AOL Toolbar - > {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL > Toolbar\toolbar.dll > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - > C:\WINDOWS\System32\Shdocvw.dll > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - > C:\Program Files\Messenger\msmsgs.exe > O9 - Extra 'Tools' menuitem: Windows Messenger - > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe > O12 - Plugin for .html: C:\Program Files\Netscape\Netscape > Browser\PLUGINS\npTrident.dll > O12 - Plugin for .spop: C:\Program Files\Internet > Explorer\Plugins\NPDocBox.dll > O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - > http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab > O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - > http://photos.walmart.com/WalmartActivia.cab > O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj > Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab > O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - > http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141747084644 > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175458045265 > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} > (MsnMessengerSetupDownloadControl Class) - > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab > O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - > http://www.popcap.com/games/popcaploader_v6.cab > O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - > http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab > O20 - Winlogon Notify: !SABWinLogon - C:\Program > Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL > O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - > C:\WINDOWS\System32\acs.exe > O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - > C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe > O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - > C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) > O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - > C:\WINDOWS\System32\CTsvcCDA.exe > O23 - Service: DefWatch - Symantec Corporation - C:\Program > Files\NavNT\defwatch.exe > O23 - Service: DSBrokerService - Unknown owner - C:\Program > Files\DellSupport\brkrsvc.exe > O23 - Service: Google Updater Service (gusvc) - Google - C:\Program > Files\Google\Common\Google Updater\GoogleUpdaterService.exe > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision > Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel > 32\IDriverT.exe > O23 - Service: Intel File Transfer - Intel® Corporation - > C:\WINDOWS\system32\cba\xfr.exe > O23 - Service: Intel PDS - Intel® Corporation - > C:\WINDOWS\system32\cba\pds.exe > O23 - Service: LightScribeService Direct Disc Labeling Service > (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common > Files\LightScribe\LSSrvc.exe > O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown > owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) > O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - > C:\WINDOWS\System32\NMSSvc.exe > O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec > Corporation - C:\Program Files\NavNT\rtvscan.exe > O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - > C:\WINDOWS\system32\nvsvc32.exe > O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe > O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program > Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe > O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program > Files\Common Files\Sonic Shared\RoxioUpnpService9.exe > O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - > C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe > O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common > Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe > O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE > O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program > Files\Common Files\SureThing Shared\stllssvr.exe > O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America > Online, Inc. - C:\WINDOWS\wanmpsvc.exe > > -- > End of file - 10794 bytes > > As a general rule, one should always wipe the hard drive clean and do a fresh install of Windows XP and all of the applications after receiving a previously owned computer. In this way, one can always be assured of starting afresh and also knowingly installing all of the applications that will be used without having renmants of someone else's problems. In looking at the list from HiJackThis, this Dell system appears typical and does include several anti-virus and anti-malware applications. But as noted by Dave, these need to be subscribed to and their definitions kept current. But they may also be in conflict, such as McAfee and Norton AV being both present. For starters, it should be possible to exercise the option from Housecall TrendMicro to remove all of the malware that has been detected. Once this has been done, remove the computer from the Internet. Elect what anti-virus, anti-malware and anti-spyware applications to keep (at least one from each class) and update. If there are better applications than those present, then acquire them. Remove the superfluous ones and duplicate services. How many adblocking services are really needed? Set up schedules for regular anti- virus, anti-malware and anti-spyware scans. Once the housecleaning has been performed and the security services put into place, obtain and install a two-way (inbound/outbound) firewall, such as ZoneAlarm. If the above plus a lesson in safe Internet surfing does not solve the problems, then go ahead with a clean installation.
Guest Lil' Dave Posted September 23, 2007 Posted September 23, 2007 Re: over 600 virus's found! ran anti-virus but still not working "dobey" <a@v.nox> wrote in message news:%23cJfbEb$HHA.4324@TK2MSFTNGP02.phx.gbl... > > "Lil' Dave" <spamyourself@virus.net> wrote in message news:%<snip> > >> Tell your friend that the latest virus defintions is like knowing what to >> shop for. The older definitions are no longer all in style. She might >> end up putting something in the closet that will wreck her wardrobe as a >> result. >> Dave >> > > That has to be the worst analogy ever. > I agree, its bad. In some cases, the only one that will make the user understand the concept. Dave
Guest K.Sawyer Posted September 23, 2007 Posted September 23, 2007 Re: over 600 virus's found! ran anti-virus but still not working Thanks everyone for your help. (I didn't know how to "cross-post", so that is why it is posted twice... I'll learn how to do that) I've installed and ran Dr. Web Anti-virus and TrendMicro Pc-cillin, that is what found all the virus's. I'll run the TrendMicro Housecall and see what else I can clean up but I'll probably have to do a clean install. It was a new computer and there's nothing on it to backup. Thanks again for all your help. Now I need to learn how to do a clean install. -- K.Sawyer "GHalleck" wrote: > > K.Sawyer wrote: > > > My friend bought a computer but didn't realize that she needed to "purchase" > > the anti-virus after it's trial period ran. They use cable internet service. > > There was no anti-virus or firewall protection shortly after purchasing the > > computer. Kids accessed internet and MySpace frequently. I've run Trend > > Micro and it found over 615 virus's. 2 MS Dos virus's and 1 internet worm. > > I thought of formatting the drive and reinstalling everything, they have > > basically nothing on the computer. They are running XP Home Edition. Any > > advice on how to clean? Should I just format and reinstall from scratch? > > Below is a report from HiJackThis: > > Logfile of Trend Micro HijackThis v2.0.2 > > Scan saved at 9:34:37 PM, on 9/22/2007 > > Platform: Windows XP SP2 (WinNT 5.01.2600) > > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) > > Boot mode: Normal > > > > Running processes: > > C:\WINDOWS\System32\smss.exe > > C:\WINDOWS\system32\winlogon.exe > > C:\WINDOWS\system32\services.exe > > C:\WINDOWS\system32\lsass.exe > > C:\WINDOWS\system32\svchost.exe > > C:\WINDOWS\System32\svchost.exe > > C:\WINDOWS\System32\acs.exe > > C:\WINDOWS\system32\spoolsv.exe > > C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe > > C:\WINDOWS\system32\cisvc.exe > > C:\WINDOWS\System32\CTsvcCDA.exe > > C:\Program Files\NavNT\defwatch.exe > > C:\WINDOWS\system32\cba\pds.exe > > C:\Program Files\NavNT\rtvscan.exe > > C:\WINDOWS\system32\nvsvc32.exe > > C:\WINDOWS\System32\svchost.exe > > C:\WINDOWS\wanmpsvc.exe > > C:\WINDOWS\System32\MsPMSPSv.exe > > C:\WINDOWS\system32\cba\xfr.exe > > C:\WINDOWS\system32\MsgSys.EXE > > C:\WINDOWS\Explorer.EXE > > C:\Program Files\NavNT\vptray.exe > > C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe > > C:\Program Files\Logitech\MouseWare\system\em_exec.exe > > C:\Program Files\Real\RealPlayer\RealPlay.exe > > C:\Program Files\Common Files\AOL\1127817622\ee\AOLSoftware.exe > > C:\Program Files\Roxio\Media Experience\DMXLauncher.exe > > C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe > > C:\Program Files\HP\HP Software Update\HPWuSchd.exe > > C:\Program Files\HP\hpcoretech\hpcmpmgr.exe > > C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe > > C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe > > C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe > > C:\Program Files\Nikon\PictureProject\NkbMonitor.exe > > C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe > > c:\program files\common > > files\aol\1127817622\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP > > Scheduler.exe > > C:\WINDOWS\system32\HPZipm12.exe > > C:\WINDOWS\system32\cidaemon.exe > > C:\Program Files\Common Files\LightScribe\LSSrvc.exe > > C:\WINDOWS\System32\msiexec.exe > > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe > > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE > > C:\Documents and Settings\Ruby Sawyer\Desktop\HiJackThis.exe > > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > > http://www.dellnet.com/ > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = > > http://home.peoplepc.com/search/ > > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = > > http://www.comcast.net/home.html > > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = > > http://www.dellnet.com/ > > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet > > Settings,ProxyOverride = http://localhost > > O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - > > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll > > O2 - BHO: Adobe PDF Reader Link Helper - > > {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat > > 7.0\ActiveX\AcroIEHelper.dll > > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - > > C:\PROGRA~1\SPYBOT~1\SDHelper.dll > > O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - > > C:\Program Files\AOL Toolbar\toolbar.dll > > O3 - Toolbar: Super Ad Blocker Toolbar - > > {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program > > Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll > > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE > > C:\WINDOWS\system32\NvCpl.dll,NvStartup > > O4 - HKLM\..\Run: [diagent] "C:\Program > > Files\Creative\SBLive\Diagnostics\diagent.exe" startup > > O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE > > O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe > > O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe > > O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe > > /embedding > > O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe > > O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe > > O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common > > Files\AOL\ACS\AOLDial.exe > > O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe > > SYSTEMBOOTHIDEPLAYER > > O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common > > Files\AOL\1127817622\ee\AOLSoftware.exe > > O4 - HKLM\..\Run: [Pure Networks Port Magic] > > "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run > > O4 - HKLM\..\Run: [nwiz] nwiz.exe /install > > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" > > -atboottime > > O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media > > Experience\DMXLauncher.exe" > > O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program > > Files\Roxio\Drag-to-Disc\DrgToDsc.exe > > O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software > > Update\HPWuSchd.exe" > > O4 - HKLM\..\Run: [HP Component Manager] "C:\Program > > Files\HP\hpcoretech\hpcmpmgr.exe" > > O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" > > /background > > O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat > > 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 > > O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & > > Destroy\TeaTimer.exe > > O4 - HKCU\..\Run: [superAdBlocker] C:\Program Files\SuperAdBlocker.com\Super > > Ad Blocker\SAdBlock.exe > > O4 - Startup: PictureProject In Touch.lnk = C:\Program > > Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe > > O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program > > Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe > > O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program > > Files\America Online 9.0b\aoltray.exe > > O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ? > > O4 - Global Startup: D-Link REG Utility.lnk = ? > > O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program > > Files\HP\Digital Imaging\bin\hpqtra08.exe > > O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft > > Office\Office10\OSA.EXE > > O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program > > Files\Nikon\PictureProject\NkbMonitor.exe > > O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program > > Files\AOL Toolbar\toolbar.dll/SEARCH.HTML > > O8 - Extra context menu item: E&xport to Microsoft Excel - > > res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 > > O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - > > C:\Program Files\AOL Toolbar\toolbar.dll > > O9 - Extra 'Tools' menuitem: AOL Toolbar - > > {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL > > Toolbar\toolbar.dll > > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - > > C:\WINDOWS\System32\Shdocvw.dll > > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - > > C:\Program Files\Messenger\msmsgs.exe > > O9 - Extra 'Tools' menuitem: Windows Messenger - > > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe > > O12 - Plugin for .html: C:\Program Files\Netscape\Netscape > > Browser\PLUGINS\npTrident.dll > > O12 - Plugin for .spop: C:\Program Files\Internet > > Explorer\Plugins\NPDocBox.dll > > O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - > > http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab > > O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - > > http://photos.walmart.com/WalmartActivia.cab > > O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj > > Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab > > O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - > > http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141747084644 > > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - > > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175458045265 > > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} > > (MsnMessengerSetupDownloadControl Class) - > > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab > > O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - > > http://www.popcap.com/games/popcaploader_v6.cab > > O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - > > http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab > > O20 - Winlogon Notify: !SABWinLogon - C:\Program > > Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL > > O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - > > C:\WINDOWS\System32\acs.exe > > O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - > > C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe > > O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - > > C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) > > O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - > > C:\WINDOWS\System32\CTsvcCDA.exe > > O23 - Service: DefWatch - Symantec Corporation - C:\Program > > Files\NavNT\defwatch.exe > > O23 - Service: DSBrokerService - Unknown owner - C:\Program > > Files\DellSupport\brkrsvc.exe > > O23 - Service: Google Updater Service (gusvc) - Google - C:\Program > > Files\Google\Common\Google Updater\GoogleUpdaterService.exe > > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision > > Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel > > 32\IDriverT.exe > > O23 - Service: Intel File Transfer - Intel® Corporation - > > C:\WINDOWS\system32\cba\xfr.exe > > O23 - Service: Intel PDS - Intel® Corporation - > > C:\WINDOWS\system32\cba\pds.exe > > O23 - Service: LightScribeService Direct Disc Labeling Service > > (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common > > Files\LightScribe\LSSrvc.exe > > O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown > > owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) > > O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - > > C:\WINDOWS\System32\NMSSvc.exe > > O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec > > Corporation - C:\Program Files\NavNT\rtvscan.exe > > O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - > > C:\WINDOWS\system32\nvsvc32.exe > > O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe > > O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program > > Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe > > O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program > > Files\Common Files\Sonic Shared\RoxioUpnpService9.exe > > O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - > > C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe > > O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common > > Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe > > O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - > > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE > > O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program > > Files\Common Files\SureThing Shared\stllssvr.exe > > O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America > > Online, Inc. - C:\WINDOWS\wanmpsvc.exe > > > > -- > > End of file - 10794 bytes > > > > > > As a general rule, one should always wipe the hard drive clean and do a > fresh install of Windows XP and all of the applications after receiving > a previously owned computer. In this way, one can always be assured of > starting afresh and also knowingly installing all of the applications that > will be used without having renmants of someone else's problems. > > In looking at the list from HiJackThis, this Dell system appears typical > and does include several anti-virus and anti-malware applications. But as > noted by Dave, these need to be subscribed to and their definitions kept > current. But they may also be in conflict, such as McAfee and Norton AV > being both present. > > For starters, it should be possible to exercise the option from Housecall > TrendMicro to remove all of the malware that has been detected. Once this > has been done, remove the computer from the Internet. Elect what anti-virus, > anti-malware and anti-spyware applications to keep (at least one from each > class) and update. If there are better applications than those present, then > acquire them. Remove the superfluous ones and duplicate services. How many > adblocking services are really needed? Set up schedules for regular anti- > virus, anti-malware and anti-spyware scans. > > Once the housecleaning has been performed and the security services put > into place, obtain and install a two-way (inbound/outbound) firewall, such > as ZoneAlarm. > > If the above plus a lesson in safe Internet surfing does not solve the > problems, then go ahead with a clean installation. >
Guest Shenan Stanley Posted September 23, 2007 Posted September 23, 2007 Re: over 600 virus's found! ran anti-virus but still not working K.Sawyer wrote: > Thanks everyone for your help. (I didn't know how to "cross-post", > so that is why it is posted twice... I'll learn how to do that) > I've installed and ran Dr. Web Anti-virus and TrendMicro Pc-cillin, > that is what found all the virus's. I'll run the TrendMicro > Housecall and see what else I can clean up but I'll probably have > to do a clean install. It was a new computer and there's nothing > on it to backup. Thanks again for all your help. Now I need to > learn how to do a clean install. ** You may want to print this ** 1) Download and install Belarc Advisor onto the current Windows XP machine. Use it to get a list of hardware from the machine as well as the CD Key used to install it. Print it if you like. http://www.belarc.com/ You may be able to obtain other product keys from here as well. You will see everything that is installed listed here - so you have a record of what you will be putting back - if you have the installation media. Now is the time to find the installation media! 2) Using the list of hardware you obtained - visit the hardware manufacturer(s) web page(s) and download the software drivers for each of the components. If it is a "vendor" computer (Dell, HP, IBM, Gateway, etc..) - simply visit the vendor's page and go to the support/downloads for the particular model and download all hardware drivers. Write those to external (to that computer) media. CD/DVD/USB/Network. If it is a piece-meal computer, take the Belarc list and visit each manufacturer's web page. Be sure - at a minimum - to obtain the motherboard chipset drivers, the hard drive controller card drivers, the video card drivers, the modem drivers, the network card drivers and the sound card drivers. Technically - if you have the drivers for the hardware that will allow you to access the Internet, everything else can be gotten later. However - there is something to be said about going in prepared. 3) Now that you have the software and hardware drivers covered - you can get to the business of obtaining Service Pack 2 and most of the post-sp2 updates you will need. I have a list with links below this - if you grabbed everything on this list - installed them (after installing Windows XP) in numerical (by KB Article #) order - rebooting when asked to - before ever connecting to the Internet - you might (at this time) have 5-10 more to grab from the update web page. Essentially - visit each of these pages, download the update for Windows XP (32bit) w/SP2 and save them to an external location. CD/DVD/USB/Network. Consider yourself an "IT Professional" in order to get to the page with the actual file download link for each update. You could get away with (pretty much) installing them in the order given. Direct Download of Service Pack 2 (SP2) for Windows XP http://snipurl.com/8bqy Critical Updates ---------------------- Released: -- [ Web Page Address ] -- Description: 9/14/2004 -- [ http://support.microsoft.com/kb/885626 ] -- Critical Update for Windows XP 11/22/2004 -- [ http://support.microsoft.com/kb/887742 ] -- Update for Windows XP 12/13/2004 -- [ http://support.microsoft.com/kb/885835 ] -- Security Update for Windows XP 12/13/2004 -- [ http://support.microsoft.com/kb/885836 ] -- Security Update for Windows XP 12/13/2004 -- [ http://support.microsoft.com/kb/886185 ] -- Critical Update for Windows XP 12/13/2004 -- [ http://support.microsoft.com/kb/873339 ] -- Security Update for Windows XP 2/7/2005 -- [ http://support.microsoft.com/kb/891781 ] -- Security Update for Windows XP 2/7/2005 -- [ http://support.microsoft.com/kb/888302 ] -- Security Update for Windows XP 2/7/2005 -- [ http://support.microsoft.com/kb/887472 ] -- Security Update for Windows Messenger 4/11/2005 -- [ http://support.microsoft.com/kb/890859 ] -- Security Update for Windows XP 5/18/2005 -- [ http://support.microsoft.com/kb/894391 ] -- Update for Windows XP 5/24/2005 -- [ http://support.microsoft.com/kb/896344 ] -- Update for Windows XP 6/13/2005 -- [ http://support.microsoft.com/kb/896358 ] -- Security Update for Microsoft Windows XP 6/13/2005 -- [ http://support.microsoft.com/kb/896428 ] -- Security Update for Windows XP 6/24/2005 -- [ http://support.microsoft.com/kb/900930 ] -- Update for Windows XP 6/27/2005 -- [ http://support.microsoft.com/kb/898461 ] -- Update for Windows XP 7/11/2005 -- [ http://support.microsoft.com/kb/901214 ] -- Security Update for Windows XP 8/8/2005 -- [ http://support.microsoft.com/kb/896423 ] -- Security Update for Windows XP 8/8/2005 -- [ http://support.microsoft.com/kb/899587 ] -- Security Update for Windows XP 8/8/2005 -- [ http://support.microsoft.com/kb/899591 ] -- Security Update for Windows XP 8/8/2005 -- [ http://support.microsoft.com/kb/893756 ] -- Security Update for Windows XP 10/10/2005 -- [ http://support.microsoft.com/kb/901017 ] -- Security Update for Windows XP 10/10/2005 -- [ http://support.microsoft.com/kb/902400 ] -- Security Update for Windows XP 10/10/2005 -- [ http://support.microsoft.com/kb/905749 ] -- Security Update for Windows XP 10/10/2005 -- [ http://support.microsoft.com/kb/905414 ] -- Security Update for Windows XP 10/10/2005 -- [ http://support.microsoft.com/kb/900725 ] -- Security Update for Windows XP 12/12/2005 -- [ http://support.microsoft.com/kb/910437 ] -- Update for Windows XP 12/13/2005 -- [ http://support.microsoft.com/kb/904706 ] -- Security Update for Windows XP 1/9/2006 -- [ http://support.microsoft.com/kb/908519 ] -- Security Update for Windows XP 2/13/2006 -- [ http://support.microsoft.com/kb/911927 ] -- Security Update for Windows XP 4/10/2006 -- [ http://support.microsoft.com/kb/911562 ] -- Security Update for Windows XP 4/18/2006 -- [ http://support.microsoft.com/kb/904942 ] -- Update for Windows XP 4/25/2006 -- [ http://support.microsoft.com/kb/900485 ] -- Update for Windows XP 4/25/2006 -- [ http://support.microsoft.com/kb/908531 ] -- Security Update for Windows XP 5/9/2006 -- [ http://support.microsoft.com/kb/913580 ] -- Security Update for Windows XP 6/6/2006 -- [ http://support.microsoft.com/kb/916595 ] -- Update for Windows XP 6/8/2006 -- [ http://support.microsoft.com/kb/918439 ] -- Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Windows XP SP2 6/12/2006 -- [ http://support.microsoft.com/kb/914389 ] -- Security Update for Windows XP 6/12/2006 -- [ http://support.microsoft.com/kb/917953 ] -- Security Update for Windows XP 6/13/2006 -- [ http://support.microsoft.com/kb/917344 ] -- JScript 5.6 Security Update for Windows XP SP1 and SP2 6/27/2006 -- [ http://support.microsoft.com/kb/911280 ] -- Security Update for Windows XP 7/10/2006 -- [ http://support.microsoft.com/kb/917159 ] -- Security Update for Windows XP 7/10/2006 -- [ http://support.microsoft.com/kb/914388 ] -- Security Update for Windows XP 8/7/2006 -- [ http://support.microsoft.com/kb/917422 ] -- Security Update for Windows XP 8/7/2006 -- [ http://support.microsoft.com/kb/920670 ] -- Security Update for Windows XP 8/7/2006 -- [ http://support.microsoft.com/kb/922616 ] -- Security Update for Windows XP 8/7/2006 -- [ http://support.microsoft.com/kb/920683 ] -- Security Update for Windows XP 8/17/2006 -- [ http://support.microsoft.com/kb/920872 ] -- Update for Windows XP 9/11/2006 -- [ http://support.microsoft.com/kb/920685 ] -- Security Update for Windows XP 9/11/2006 -- [ http://support.microsoft.com/kb/922582 ] -- Update for Windows XP 9/11/2006 -- [ http://support.microsoft.com/kb/919007 ] -- Security Update for Windows XP 10/9/2006 -- [ http://support.microsoft.com/kb/922819 ] -- Security Update for Windows XP 10/9/2006 -- [ http://support.microsoft.com/kb/924496 ] -- Security Update for Windows XP 10/9/2006 -- [ http://support.microsoft.com/kb/923414 ] -- Security Update for Windows XP 10/9/2006 -- [ http://support.microsoft.com/kb/923191 ] -- Security Update for Windows XP 11/14/2006 -- [ http://support.microsoft.com/kb/920213 ] -- Vulnerability in Microsoft Agent could allow remote code execution 11/14/2006 -- [ http://support.microsoft.com/kb/923789 ] -- Vulnerabilities in Macromedia Flash Player from Adobe could allow remote code execution 11/14/2006 -- [ http://support.microsoft.com/kb/924270 ] -- Vulnerability in Workstation Service could allow remote code execution 11/14/2006 -- [ http://support.microsoft.com/kb/928088 ] -- Vulnerability in Microsoft XML Core Services could allow remote code execution 11/14/2006 -- [ http://support.microsoft.com/kb/923980 ] -- Vulnerability in the Client Service could allow remote code execution 12/12/2006 -- [ http://support.microsoft.com/kb/926247 ] -- Vulnerability in Simple Network Management Protocol (SNMP) could allow remote code execution 12/12/2006 -- [ http://support.microsoft.com/kb/926255 ] -- Vulnerability in Windows could allow elevation of privilege 12/12/2006 -- [ http://support.microsoft.com/kb/923694 ] -- Cumulative security update for Outlook Express 1/9/2007 -- [ http://support.microsoft.com/kb/929969 ] -- Vulnerability in Vector Markup Language Could Allow Remote Code Execution * If you have installed IE7, also install the IE7 version of this patch! 2/13/2007 -- [ http://support.microsoft.com/kb/928255 ] -- Vulnerability in Windows Shell Could Allow Elevation of Privilege 2/13/2007 -- [ http://support.microsoft.com/kb/927802 ] -- Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege 2/13/2007 -- [ http://support.microsoft.com/kb/928843 ] -- Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution 2/13/2007 -- [ http://support.microsoft.com/kb/927779 ] -- Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution 2/13/2007 -- [ http://support.microsoft.com/kb/926436 ] -- Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution 2/13/2007 -- [ http://support.microsoft.com/kb/924667 ] -- Vulnerability in Microsoft MFC Could Allow Remote Code Execution 2/13/2007 -- [ http://support.microsoft.com/kb/918118 ] -- Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution 2/13/2007 -- [ http://support.microsoft.com/kb/928090 ] -- Cumulative Security Update for Internet Explorer * If you have IE7, obtain that version of this update. 4/3/2007 -- [ http://support.microsoft.com/kb/925902 ] -- Vulnerabilities in GDI Could Allow Remote Code Execution 4/10/2007 -- [ http://support.microsoft.com/kb/931261 ] -- Vulnerability in Universal Plug and Play Could Allow Remote Code Execution 4/10/2007 -- [ http://support.microsoft.com/kb/932168 ] -- Vulnerability in Microsoft Agent Could Allow Remote Code Execution 4/10/2007 -- [ http://support.microsoft.com/kb/930178 ] -- Vulnerabilities in CSRSS Could Allow Remote Code Execution 4/10/2007 -- [ http://support.microsoft.com/kb/931784 ] -- Vulnerability in Windows Kernel Could Allow Elevation of Privilege Media Player: ------------------- Released: -- [ Web Page Address: ] -- Description: 9/2/2004 -- [ http://go.microsoft.com/fwlink/?LinkId=30984 ] -- Windows Media Player 10 11/7/2005 -- [ http://support.microsoft.com/kb/902344 ] -- Update for WMDRM-enabled Media Players 2/13/2006 -- [ http://support.microsoft.com/kb/911564 ] -- Security Update for Windows Media Player Plug-in 4/11/2006 -- [ http://support.microsoft.com/kb/911565 ] -- Security Update for Windows Media Player 10 for Windows XP 6/12/2006 -- [ http://support.microsoft.com/kb/917734 ] -- Security Update for Windows Media Player 10 for Windows XP 12/12/2006 -- [ http://support.microsoft.com/kb/923689 ] -- Vulnerability in Windows Media Format Could Allow Remote Code Execution ..NET Framework: ------------------------ Released: -- [ Web Page Address: ] -- Description: 3/30/2004 -- [ http://snipurl.com/10bde ] -- Microsoft .NET Framework Version 1.1 Redistributable Package 8/30/2004 -- [ http://support.microsoft.com/kb/885055 ] -- Microsoft .NET Framework 1.1 Service Pack 1 2/8/2005 -- [ http://support.microsoft.com/kb/887219 ] -- ASP.NET Security Update for Microsoft NET Framework 1.1 Service Pack 1 3/22/2006 -- [ http://snipurl.com/10bdv ] -- Microsoft .NET Framework Version 2.0 Redistributable Package (x86) 7/11/2006 -- [ http://support.microsoft.com/kb/917283 ] -- NDP 2.0 ASP.Net Security Update 10/10/2006 -- [ http://support.microsoft.com/kb/922770 ] -- NET Framework 2.0 SYSTEM.WEB.DLL Security Update Other Updates: --------------------- Released: -- [ Web Page Address: ] -- Description: 9/14/2004 -- [ http://support.microsoft.com/kb/873374 ] -- Microsoft GDI+ Detection Tool 9/2/2005 -- [ http://support.microsoft.com/kb/893803 ] -- Windows Installer 3.1 Redistributable (v2) 10/14/2005 -- [ http://snipurl.com/10bex ] -- Windows Media Connect 2.0 11/29/2005 -- [ http://support.microsoft.com/kb/909520 ] -- Microsoft Base Smart Card Cryptographic Service Provider Package: x86 10/10/2006 -- [ http://support.microsoft.com/kb/890830 ] -- Microsoft® Windows® Malicious Software Removal Tool - November 2006 Purely OPTIONAL: ---------------------- 10/18/2006 -- [ http://www.microsoft.com/windows/ie/downloads/ ] -- Internet Explorer 7.0 10/30/2006 -- [ http://snipurl.com/167ea ] -- Media Player 11 12/8/2006 -- [ http://support.microsoft.com/kb/925876 ] -- Remote Desktop Connection 6.0 client 4) Now that you have all the updates you will need to install Windows XP, all the hardware drivers you will need to get the operating system to communicate with your hardware, all your installation media and product keys in a pile - you can install Windows XP by simply changing the boot order in the system BIOS to CD first, putting in your Windows XP CD and following the prompts. When it asks where you would like to install - delete the partitions shown and create a new partition to install on. Format it NTFS. Continue following the prompts. Want something a little more pictographic? http://www.michaelstevenstech.com/cleanxpinstall.html 5) Once the installation is done - break out whatever external media you saved all the 2nd & 3rd list items to and connect/insert it into the system and begin installing all the hardware drivers (1st) and then all the patches and such. It'll take a while and probably 10+ reboots. 6) Install your favorite AntiVirus software (I am including a tips list that has several free alternatives as tip (9)) and immunize your system against most spyware (see tip (10) in the same list below) and connect to the Internet. Visit http://windowsupdate.microsoft.com/ and scan your system for more updates. Do not install hardware drivers from here. 7) Install whatever other software you need this system to have. Plugins like quicktime, flash, shockwave, real player (or real alternative), acrobat reader and so on... Full applications like Microsoft Office, WordPerfect, Photoshop, etc. Any special software for cameras/scanners/printers. Anything and everything you want this computer to have. 8) Create an additional administrative user. Log out and log in as that user. Make sure it has a password that is good and that you can remember. Log out and log back in as the original user. That new user is your 'just in case' account. Good luck to you! Microsoft has these suggestions for Protecting your computer from the various things that could happen to you/it: Protect your PC http://www.microsoft.com/athome/security/ Outfitting a new computer for the Net http://www.microsoft.com/athome/security/update/newcomputer.mspx Getting started with a new PC http://www.microsoft.com/athome/moredone/yournewpc.mspx Although those tips are fantastic, there are many things you should know above and beyond that. Below I have detailed out many tips that can not only help you clean-up a problem PC but keep it clean, secure and running at its best. I know this text can seem intimidating - it is quite long and a lot to take in for a novice - however I can assure you that one trip through this list and you will understand your computer and the options available to you for protecting your data much better - and that the next time you go through these steps, the time it takes will be greatly reduced. Let's take the cleanup of your computer step-by-step. Yes, it will take up some of your time - but consider what you use your computer for and how much you would dislike it if all of your stuff on your computer went away because you did not "feel like" performing some simple maintenance tasks - think of it like taking out your garbage, collecting and sorting your postal mail, paying your bills on time, etc. I'll mainly work around Windows XP, as that is what the bulk of this document is about; however, here is some places for you poor souls still stuck in Windows 98/ME where you can get information on maintaining your system: Windows 98 and 'Maintaining Your Computer': http://www.microsoft.com/windows98/usingwindows/maintaining/ Windows ME Computer Health: http://www.microsoft.com/windowsME/using/computerhealth/articles/ Pay close attention to the sections: (in order) - Clean up your hard disk - Check for errors by running ScanDisk - Defragment your hard disk - Roll back the clock with System Restore Also - now is a good time to point you to one of the easiest ways to find information on problems you may be having and solutions others have found: Search using Google! http://www.google.com/ (How-to: http://www.google.com/intl/en/help/basics.html ) Now, let's go through some maintenance first that should only have to be done once (mostly): Tip (1): Locate all of the software you have installed on your computer. (the installation media - CDs, downloaded files, etc) Collect these CDs and files together in a central and safe place along with their CD keys and such. Make backups of these installation media sets using your favorite copying method (CD/DVD Burner and application, Disk copier, etc.) You'll be glad to know that if you have a CD/DVD burner, you may be able to use a free application to make a duplicate copy of your CDs. One such application is ISORecorder: ISORecorder page (with general instructions on use): http://isorecorder.alexfeinman.com/isorecorder.htm More full function applications (free) for CD/DVD burning would be: CDBurnerXP Pro http://www.cdburnerxp.se/ DeepBurner Free http://www.deepburner.com/ ImgBurn (burn ISO images) http://www.imgburn.com/ Final Burner http://www.protectedsoft.com/products.php Another Option would be to search the web with Pricewatch.com or Dealsites.net and find deals on Products like Ahead Nero and/or Roxio. Ahead Nero http://www.nero.com/ Roxio Easy Media Creator http://www.roxio.com/ Tip (2): Empty your Temporary Internet Files and shrink the size it stores to a size between 128MB and 512MB.. - Open ONE copy of Internet Explorer. - Select TOOLS -> Internet Options. - Under the General tab in the "Temporary Internet Files" section, do the following: - Click on "Delete Cookies" (click OK) - Click on "Settings" and change the "Amount of disk space to use:" to something between 128MB and 512MB. (Betting it is MUCH larger right now.) - Click OK. - Click on "Delete Files" and select to "Delete all offline contents" (the checkbox) and click OK. (If you had a LOT, this could take 2-10 minutes or more.) - Once it is done, click OK, close Internet Explorer, re-open Internet Explorer. Tip (3): If things are running a bit sluggish and/or you have an older system (1.5GHz or less and 256MB RAM or less) then you may want to look into tweaking the performance by turning off some of the 'resource hogging' Windows XP "prettifications". The fastest method is: Control Panel --> System --> Advanced tab --> Performance section, Settings button. Then choose "adjust for best performance" and you now have a Windows 2000/98 look which turned off most of the annoying "prettifications" in one swift action. You can play with the last three checkboxes to get more of an XP look without many of the other annoyances. You could also grab and install/use one (or more) of the Microsoft Powertoys - TweakUI in particular: http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx Another viable (decently inexpensive) option is to increase the amount of memory (RAM) your computer has. You can get an idea of what you need by visiting: Crucial Memory AdvisorT Tool http://www.crucial.com/ Then either buy direct from there or write down the specs you get and visit: http://www.pricewatch.com/ and locate the best price on what you need. 512MB up to 1GB total memory should be more than enough for the normal home user. Tip (4): Understanding what a good password might be is vital to your personal and system security. You may think you do not need to password your home computer, as you may have it in a locked area (your home) where no one else has access to it. Remember, however, you aren't always "in that locked area" when using your computer online - meaning you likely have usernames and passwords associated with web sites and the likes that you would prefer other people do not discover/use. This is why you should understand and utilize good passwords. Good passwords are those that meet these general rules (mileage may vary): Passwords should contain at least six characters, and the character string should contain at least three of these four character types: - uppercase letters - lowercase letters - numerals - nonalphanumeric characters (e.g., *, %, &, !, :) Passwords should not contain your name/username. Passwords should be unique to you and easy to remember. One method many people are using today is to make up a phrase that describes a point in their life and then turning that phrase into their password by using only certain letters out of each word in that phrase. It's much better than using your birthday month/year or your anniversary in a pure sense. For example, let's say my phrase is: 'Great new job in November 2006' I could come up with this password from that: 'Gr8n3wj0bNOV2006' The password tip is in the one time section, but I highly recommend you periodically change your passwords. The suggested time varies, but I will throw out a 'once in every 3 to 6 months for every account you have.' Also - many people complain that they just cannot remember the passwords for all the sites they have - so they choose one password and use it for everything. Not a good idea. A much better method would be to use a Password Management tool - so you only have to remember one password, but it opens an application that stores your username/passwords for everything else - plus other valuable information. One that I can recommend: KeePass Password Safe http://keepass.sourceforge.net/ It can even generate passwords for you. Tip (5): This tip is also 'questionable' in the one time section; however - if properly setup - this one can be pretty well ignored for most people after the initial 'fiddle-with' time. Why you should use a computer firewall.. http://www.microsoft.com/athome/security/viruses/fwbenefits.mspx You should, in some way, use a firewall. Hardware (like a nice Cable Modem/DSL router) or software is up to you. Many use both of these. The simplest one to use is the hardware one, as most people don't do anything that they will need to configure their NAT device for and those who do certainly will not mind fiddling with the equipment to make things work for them. Next in the line of simplicity would have to be the built-in Windows Firewall of Windows XP. In SP2 it is turned on by default. It is not difficult to turn on in any case, however: More information on the Internet Connection Firewall (Pre-SP2): http://support.microsoft.com/kb/320855 Post-SP2 Windows Firewall Information/guidance: http://snipurl.com/atal The trouble with the Windows Firewall is that it only keeps things out. For most people who maintain their system in other ways, this is MORE than sufficient. You may feel otherwise. If you want to know when one of your applications is trying to obtain access to the outside world so you can stop it, then you will have to install a third-party application and configure/maintain it. I have compiled a list with links of some of the better known/free firewalls you can choose from: BlackICE PC Protection (~$39.95 and up) http://blackice.iss.net/ Comodo Free Fireall (Free) http://www.personalfirewall.comodo.com/ Jetico Personal Firewall (Free) http://www.jetico.com/index.htm#/jpfirewall.htm Outpost Firewall from Agnitum (Free and up) http://www.agnitum.com/products/outpostfree/ Sunbelt Kerio Personal Firewall (KPF) (Free and up) http://www.kerio.com/kpf_download.html Symantec's Norton Personal Firewall (~$49.95 and up) http://www.symantec.com/sabu/nis/npf/ ZoneAlarm (Free and up) http://www.zonelabs.com/ You should find the right firewall for your situation in that list and set it up if you feel the Windows XP firewall is insufficient. Every firewall WILL require some maintenance. Essentially checking for patches or upgrades (this goes for hardware and software solutions) is the extent of this maintenance - you may also have to configure your firewall to allow some traffic depending on your needs. ** Don't stack the software firewalls! Running more than one software firewall will not make you safer - it would possibly negate some protection you gleamed from one or the other firewall you run. It is fine (and in many ways better) to have the software firewall as well as a NAT router. Now that you have some of the more basic things down.. Let's go through some of the steps you should take periodically to maintain a healthy and stable windows computer. If you have not done some of these things in the past, they may seem tedious - however, they will become routine and some can even be scheduled. Tip (6): The system restore feature is only a useful feature if you keep it maintained and use it to your advantage. Remember that the system restore pretty much tells you in the name what it protects which is 'system' files. Your documents, your pictures, your stuff is NOT system files - so you should also look into some backup solution. Whenever you think about it (after doing a once-over on your machine once a month or so would be optimal) - clear out your System Restore and create a manual restoration point. 'Why?' Too many times have I seen the system restore files go corrupt or get a virus in them, meaning you could not or did not want to restore from them. By clearing it out periodically you help prevent any corruption from happening and you make sure you have at least one good "snapshot". (*This, of course, will erase any previous restore point you have.*) - Turn off System Restore. http://support.microsoft.com/kb/310405 - Reboot the Computer. - Review the first bullet to turn on System Restore - Make a Manual Restoration Point. http://snipurl.com/68nx That covers your system files, but doesn't do anything for the files that you are REALLY worried about - yours! For that you need to look into backups. You can either manually copy your important files, folders, documents, spreadsheets, emails, contacts, pictures, drawings and so on to an external location (CD/DVD - any disk of some sort, etc) or you can use the backup tool that comes with Windows XP: How To Use Backup to Back Up Files and Folders on Your Computer http://support.microsoft.com/kb/308422 Yes - you still need some sort of external media to store the results on, but you could schedule the backup to occur when you are not around, then burn the resultant data onto CD or DVD or something when you are (while you do other things!) Another option that seems to still be going strong: Cobian Backup http://www.educ.umu.se/~cobian/cobianbackup.htm A lot of people have wondered about how to completely backup their system so that they would not have to go through the trouble of a reinstall.. I'm going to voice my opinion here and say that it would be worthless to do for MOST people. Unless you plan on periodically updating the image backup of your system (remaking it) - then by the time you use it (something goes wrong) - it will be so outdated as to be more trouble than performing a full install of the operating system and all applications. Having said my part against it, you can clone/backup your hard drive completely using many methods - by far the simplest are using disk cloning applications: Symantec/Norton Ghost http://snipurl.com/13e00 Acronis True Image http://www.acronis.com/homecomputing/products/trueimage/ BootItT NG http://terabyteunlimited.com/bootitng.html Tip (7): You should sometimes look through the list of applications that are installed on your computer. The list may surprise you. There are more than likely things in there you know you never use - so why have them there? There may even be things you know you did *not* install and certainly do not use (maybe don't WANT to use.) This web site should help you get started at looking through this list: How to Uninstall Programs http://snipurl.com/8v6b How to change or remove a program in Windows XP http://support.microsoft.com/kb/307895 A word of warning - Do NOT uninstall anything you think you MIGHT need in the future unless you have completed Tip (1) and have the installation media and proper keys for use backed up somewhere safe! Tip (8): Patches and Updates! This one cannot be stressed enough. It is SO simple, yet so neglected by many people. It is really simple for the critical Microsoft patches! Microsoft put in an AUTOMATED feature for you to utilize so that you do NOT have to worry yourself about the patching of the Operating System: How to configure and use Automatic Updates in Windows XP http://support.microsoft.com/kb/306525 However, not everyone wants to be a slave to automation, and that is fine. Admittedly, I prefer this method on some of my more critical systems. Windows Update http://windowsupdate.microsoft.com/ Go there and scan your machine for updates. Always get the critical ones as you see them. Write down the KB###### or Q###### you see when selecting the updates and if you have trouble over the next few days, go into your control panel (Add/Remove Programs), insure that the 'Show Updates' checkbox is checked and match up the latest numbers you downloaded recently (since you started noticing an issue) and uninstall them. If there was more than one (usually is), uninstall them one by one with a few hours of use in between, to see if the problem returns. Yes - the process is not perfect (updating) and can cause trouble like I mentioned - but as you can see, the solution isn't that bad - and is MUCH better than the alternatives. Windows is not the only product you likely have on your PC. The manufacturers of the other products usually have updates. New versions of almost everything come out all the time - some are free, some are pay and some you can only download if you are registered - but it is best to check. Just go to their web pages and look under their support and download sections. For example, for Microsoft Office you should visit: Microsoft Office Updates http://office.microsoft.com/ (and select 'Check for Updates' and/or 'Downloads' for more) You also have hardware on your machine that requires drivers to interface with the operating system. You have a video card that allows you to see on your screen, a sound card that allows you to hear your PCs sound output and so on. Visit those manufacturer web sites for the latest downloadable drivers for your hardware/operating system. Always get the manufacturers' hardware driver over any Microsoft offers. On the Windows Update site I mentioned earlier, I suggest NOT getting their hardware drivers - no matter how tempting. How do you know what hardware you have in your computer? Break out the invoice or if it is up and working now - take inventory: Belarc Advisor http://belarc.com/free_download.html Once you know what you have, what next? Go get the latest driver for your hardware/OS from the manufacturer's web page. For example, let's say you have an NVidia chipset video card or ATI video card, perhaps a Creative Labs sound card or C-Media chipset sound card... NVidia Video Card Drivers http://www.nvidia.com/content/drivers/drivers.asp ATI Video Card Drivers http://ati.amd.com/support/driver.html Creative Labs Sound Device http://us.creative.com/support/downloads/ C-Media Sound Device http://www.cmedia.com.tw/?q=en/driver Then install these drivers. Updated drivers are usually more stable and may provide extra benefits/features that you really wished you had before. As for Service Pack 2 (SP2) for Windows XP, Microsoft has made this particular patch available in a number of ways. First, there is the Windows Update web page above. Then there is a direct download site. Direct Download of Service Pack 2 (SP2) for Windows XP http://snipurl.com/8bqy Order Windows XP Service Pack 2 on CD http://snipurl.com/d41v If all else fails - grab the full download above and try to use that. In this case - consider yourself a 'IT professional or developer'. Tip (9): What about the dreaded word in the computer world, VIRUS? Well, there are many products to choose from that will help you prevent infections from these horrid little applications. Many are FREE to the home user and which you choose is a matter of taste, really. Many people have emotional attachments or performance issues with one or another AntiVirus software. Try some out, read reviews and decide for yourself which you like more: ( Good Comparison Page for AV software: http://www.av-comparatives.org/ ) AntiVir (Free and up) http://www.free-av.com/ avast! (Free and up) http://www.avast.com/ AVG Anti-Virus System (Free and up) http://free.grisoft.com/ ca Anti-Virus (~$49.99 and up) http://snipurl.com/13e0u eset NOD32 (~$39.00 and up) http://www.eset.com/products/ Kaspersky Anti-Virus (~$39.95 and up) http://www.kaspersky.com/kav6 McAfee VirusScan (~$39.99 and up) http://www.mcafee.com/ Panda Antivirus Titanium (~$39.95 and up) http://www.pandasoftware.com/products/antivirus2007.htm (Free Online Scanner: http://www.pandasoftware.com/activescan/) Symantec (Norton) AntiVirus (~$39.99 and up) http://snipurl.com/13e12 Trend Micro (~$44.95 and up) http://www.trendmicro.com/en/products/desktop/tav/ (Free Online Scanner: http://housecall.trendmicro.com/housecall/start_corp.asp) Most of them have automatic update capabilities. You will have to look into the features of the one you choose. Whatever one you finally settle with - be SURE to keep it updated (I recommend at least daily) and perform a full scan periodically (yes, most protect you actively, but a full scan once a month at 4AM probably won't bother you.) Tip (10): The most rampant infestation at the current time concerns SPYWARE/ADWARE. You need to eliminate it from your machine. There is no one software that cleans and immunizes you against everything. Antivirus software - you only needed one. Firewall, you only needed one. AntiSpyware - you will need several. I have a list and I recommend you use at least the first five. First - make sure you have NOT installed "Rogue AntiSpyware". There are people out there who created AntiSpyware products that actually install spyware of their own! You need to avoid these: Rogue/Suspect Anti-Spyware Products & Web Sites http://www.spywarewarrior.com/rogue_anti-spyware.htm Also, you can always visit this site.. http://mvps.org/winhelp2002/unwanted.htm For more updated information. Install the first five of these: (Install, Run, Update, Scan with..) (If you already have one or more - uninstall them and download the LATEST version from the page given!) Lavasoft AdAware (Free and up) http://www.lavasoft.de/products/ad-aware_se_personal.php (How-to: http://snipurl.com/atdn ) Spybot Search and Destroy (Free!) http://www.safer-networking.net/en/download/ (How-to: http://snipurl.com/atdk ) SpywareBlaster (Free!) http://www.javacoolsoftware.com/sbdownload.html (How-to: http://snipurl.com/ate6 ) IE-SPYAD2 (Free!) http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD (How-to: http://snipurl.com/ate7 ) SuperAntiSpyware (Free and up) http://www.superantispyware.com/ CWShredder Stand-Alone (Free!) http://www.trendmicro.com/cwshredder/ Hijack This! (Free!) http://www.spywareinfo.com/~merijn/downloads.html (Log Analyzer: http://hjt.networktechs.com/ ) Bazooka Adware and Spyware Scanner (Free!) http://www.kephyr.com/spywarescanner/ (How-to: http://snipurl.com/ate3 ) ToolbarCop (Free!) http://windowsxp.mvps.org/toolbarcop.htm Ccleaner (Free!) http://www.ccleaner.com/ Browser Security Tests (Free Tester) http://www.jasons-toolbox.com/BrowserSecurity/ Popup Tester (Free Tester) http://www.popuptest.com/ The Cleaner (~$49.95 and up) http://www.moosoft.com/ Sometimes you need to install the application and reboot into SAFE MODE in order to thoroughly clean your computer. Many applications also have (or are) immunization applications. Spybot Search and Destroy and SpywareBlaster are two that currently do the best job at passively protecting your system from malware. None of these programs (in these editions) run in the background unless you TELL them to. The space they take up and how easy they are to use greatly makes up for any inconvenience you may be feeling. Please notice that Windows XP SP2 does help stop popups as well. Another option is to use an alternative Web browser. I suggest 'Mozilla Firefox', as it has some great features and is very easy to use: Mozilla Firefox http://www.mozilla.com/firefox/ So your machine is pretty clean and up to date now. If you use the sections above as a guide, it should stay that way as well! There are still a few more things you can do to keep your machine running in top shape. Tip (11): You should periodically check your hard drive(s) for errors and defragment them. Only defragment after you have cleaned up your machine of outside parasites and never defragment as a solution to a quirkiness in your system. It may help speed up your system, but it should be clean before you do this. Do these things IN ORDER... How to use Disk Cleanup http://support.microsoft.com/kb/310312 How to scan your disks for errors http://support.microsoft.com/kb/315265 How to Defragment your hard drives http://support.microsoft.com/kb/314848 I would personally perform the above steps at least once every three months. For most people this should be sufficient, but if the difference you notice afterwards is greater than you think it should be, lessen the time in between its schedule.. If the difference you notice is negligible, you can increase the time. Tip (12): SPAM! JUNK MAIL! This one can get annoying, just like the rest. You get 50 emails in one sitting and 2 of them you wanted. NICE! (Not.) What can you do? Well, although there are services out there to help you, some email servers/services that actually do lower your spam with features built into their servers - I still like the methods that let you be the end-decision maker on what is spam and what is not. I have a few products to suggest to you, look at them and see if any of them suite your needs. Again, if they don't, Google is free and available for your perusal. SpamBayes (Free!) http://spambayes.sourceforge.net/ Spamihilator (Free!) http://www.spamihilator.com/ MailWasher http://www.mailwasher.net/ As I said, those are not your only options, but are reliable ones I have seen function for hundreds+ people. Tip (13): ADVANCED TIP! Only do this once you are comfortable under the hood of your computer! There are lots of services on your PC that are probably turned on by default you don't use. Why have them on? Check out these web pages to see what all of the services you might find on your computer are and set them according to your personal needs. Be CAREFUL what you set to manual, and take heed and write down as you change things! Also, don't expect a large performance increase or anything - especially on today's 2+ GHz machines, however - I look at each service you set to manual as one less service you have to worry about someone exploiting. Service Configuration Tips http://www.tweakhound.com/xp/xptweaks/supertweaks6.htm Configuring Services http://smallvoid.com/tweak/winnt/services.html Task List Programs http://www.answersthatwork.com/Tasklist_pages/tasklist.htm Processes in Windows NT/2000/XP http://www.reger24.de/prozesse/ There are also applications that AREN'T services that startup when you start up the computer/logon. One of the better description on how to handle these I have found here: Startups http://www.pacs-portal.co.uk/startup_content.php If you follow the advice laid out above (and do some of your own research as well, so you understand what you are doing) - your computer will stay fairly stable and secure and you will have a more trouble-free system. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html
Guest Malke Posted September 23, 2007 Posted September 23, 2007 Re: over 600 virus's found! ran anti-virus but still not working K.Sawyer wrote: > Thanks everyone for your help. (I didn't know how to "cross-post", so that > is why it is posted twice... I'll learn how to do that) I've installed and > ran Dr. Web Anti-virus and TrendMicro Pc-cillin, that is what found all the > virus's. I'll run the TrendMicro Housecall and see what else I can clean up > but I'll probably have to do a clean install. It was a new computer and > there's nothing on it to backup. Thanks again for all your help. Now I need > to learn how to do a clean install. Recommended antivirus programs: NOD32, Kasperksy, and Avast if you want a free one. In your case I wouldn't bother with trying to clean this machine. Here are instructions for a clean install: http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows - What you will need on-hand Note that if you have an OEM (Dell, HP, etc.) machine, the OEM may have specific restore-to-factory-condition steps. In that case, refer to your user manual or the OEM's website. Malke -- Elephant Boy Computers http://www.elephantboycomputers.com "Don't Panic!" MS-MVP Windows - Shell/User
Guest Ken Blake, MVP Posted September 23, 2007 Posted September 23, 2007 Re: over 600 virus's found! ran anti-virus but still not working On Sat, 22 Sep 2007 19:34:01 -0700, K.Sawyer <KSawyer@discussions.microsoft.com> wrote: > My friend bought a computer but didn't realize that she needed to "purchase" > the anti-virus after it's trial period ran. They use cable internet service. > There was no anti-virus or firewall protection shortly after purchasing the > computer. Answered in another newsgroup. Please do not send the same message separately to more than one newsgroup (called multiposting). Doing so just fragments the thread, so someone who answers in one newsgroup doesn't get to see answers from others in another newsgroup. And for those who read all the newsgroups the message is multiposted to, they see the message multiple times instead of once (they would see it only once if you correctly crossposted instead). This wastes everyone's time, and gets you poorer help than you should get. If you must send the same message to more than one newsgroup, please do so by crossposting (but only to a *few* related newsgroups). Please see "What is the accepted way to share a message across multiple newsgroups?" at http://smjg.port5.com/faqs/usenet/xpost.html -- Ken Blake, Microsoft MVP Windows - Shell/User Please Reply to the Newsgroup
Guest Curt Christianson Posted September 23, 2007 Posted September 23, 2007 Re: over 600 virus's found! ran anti-virus but still not working Hi, Even if you *think* you have cleaned your machine of all viruses, malware, and nasties of the like, can you **ever** be sure you got them all, or all of their remnants? I think most practical souls would say no, as do I. Time for a complete fresh install. You'll be glad you did. -- HTH, Curt Windows Support Center http://www.aumha.org Practically Nerded,... http://dundats.mvps.org/Index.htm "K.Sawyer" <KSawyer@discussions.microsoft.com> wrote in message news:96AEC982-7781-4687-91B3-D8FE970BF7B4@microsoft.com... | Thanks everyone for your help. (I didn't know how to "cross-post", so that | is why it is posted twice... I'll learn how to do that) I've installed and | ran Dr. Web Anti-virus and TrendMicro Pc-cillin, that is what found all the | virus's. I'll run the TrendMicro Housecall and see what else I can clean up | but I'll probably have to do a clean install. It was a new computer and | there's nothing on it to backup. Thanks again for all your help. Now I need | to learn how to do a clean install. | -- | K.Sawyer | | | "GHalleck" wrote: | | > | > K.Sawyer wrote: | > | > > My friend bought a computer but didn't realize that she needed to "purchase" | > > the anti-virus after it's trial period ran. They use cable internet service. | > > There was no anti-virus or firewall protection shortly after purchasing the | > > computer. Kids accessed internet and MySpace frequently. I've run Trend | > > Micro and it found over 615 virus's. 2 MS Dos virus's and 1 internet worm. | > > I thought of formatting the drive and reinstalling everything, they have | > > basically nothing on the computer. They are running XP Home Edition. Any | > > advice on how to clean? Should I just format and reinstall from scratch? | > > Below is a report from HiJackThis: | > > Logfile of Trend Micro HijackThis v2.0.2 | > > Scan saved at 9:34:37 PM, on 9/22/2007 | > > Platform: Windows XP SP2 (WinNT 5.01.2600) | > > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) | > > Boot mode: Normal | > > | > > Running processes: | > > C:\WINDOWS\System32\smss.exe | > > C:\WINDOWS\system32\winlogon.exe | > > C:\WINDOWS\system32\services.exe | > > C:\WINDOWS\system32\lsass.exe | > > C:\WINDOWS\system32\svchost.exe | > > C:\WINDOWS\System32\svchost.exe | > > C:\WINDOWS\System32\acs.exe | > > C:\WINDOWS\system32\spoolsv.exe | > > C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe | > > C:\WINDOWS\system32\cisvc.exe | > > C:\WINDOWS\System32\CTsvcCDA.exe | > > C:\Program Files\NavNT\defwatch.exe | > > C:\WINDOWS\system32\cba\pds.exe | > > C:\Program Files\NavNT\rtvscan.exe | > > C:\WINDOWS\system32\nvsvc32.exe | > > C:\WINDOWS\System32\svchost.exe | > > C:\WINDOWS\wanmpsvc.exe | > > C:\WINDOWS\System32\MsPMSPSv.exe | > > C:\WINDOWS\system32\cba\xfr.exe | > > C:\WINDOWS\system32\MsgSys.EXE | > > C:\WINDOWS\Explorer.EXE | > > C:\Program Files\NavNT\vptray.exe | > > C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe | > > C:\Program Files\Logitech\MouseWare\system\em_exec.exe | > > C:\Program Files\Real\RealPlayer\RealPlay.exe | > > C:\Program Files\Common Files\AOL\1127817622\ee\AOLSoftware.exe | > > C:\Program Files\Roxio\Media Experience\DMXLauncher.exe | > > C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe | > > C:\Program Files\HP\HP Software Update\HPWuSchd.exe | > > C:\Program Files\HP\hpcoretech\hpcmpmgr.exe | > > C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe | > > C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe | > > C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe | > > C:\Program Files\Nikon\PictureProject\NkbMonitor.exe | > > C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe | > > c:\program files\common | > > files\aol\1127817622\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP | > > Scheduler.exe | > > C:\WINDOWS\system32\HPZipm12.exe | > > C:\WINDOWS\system32\cidaemon.exe | > > C:\Program Files\Common Files\LightScribe\LSSrvc.exe | > > C:\WINDOWS\System32\msiexec.exe | > > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe | > > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE | > > C:\Documents and Settings\Ruby Sawyer\Desktop\HiJackThis.exe | > > | > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = | > > http://www.dellnet.com/ | > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = | > > http://home.peoplepc.com/search/ | > > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = | > > http://www.comcast.net/home.html | > > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = | > > http://www.dellnet.com/ | > > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet | > > Settings,ProxyOverride = http://localhost | > > O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - | > > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll | > > O2 - BHO: Adobe PDF Reader Link Helper - | > > {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat | > > 7.0\ActiveX\AcroIEHelper.dll | > > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - | > > C:\PROGRA~1\SPYBOT~1\SDHelper.dll | > > O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - | > > C:\Program Files\AOL Toolbar\toolbar.dll | > > O3 - Toolbar: Super Ad Blocker Toolbar - | > > {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program | > > Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll | > > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE | > > C:\WINDOWS\system32\NvCpl.dll,NvStartup | > > O4 - HKLM\..\Run: [diagent] "C:\Program | > > Files\Creative\SBLive\Diagnostics\diagent.exe" startup | > > O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE | > > O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe | > > O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe | > > O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe | > > /embedding | > > O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe | > > O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe | > > O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common | > > Files\AOL\ACS\AOLDial.exe | > > O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe | > > SYSTEMBOOTHIDEPLAYER | > > O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common | > > Files\AOL\1127817622\ee\AOLSoftware.exe | > > O4 - HKLM\..\Run: [Pure Networks Port Magic] | > > "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run | > > O4 - HKLM\..\Run: [nwiz] nwiz.exe /install | > > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" | > > -atboottime | > > O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media | > > Experience\DMXLauncher.exe" | > > O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program | > > Files\Roxio\Drag-to-Disc\DrgToDsc.exe | > > O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software | > > Update\HPWuSchd.exe" | > > O4 - HKLM\..\Run: [HP Component Manager] "C:\Program | > > Files\HP\hpcoretech\hpcmpmgr.exe" | > > O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" | > > /background | > > O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat | > > 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 | > > O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & | > > Destroy\TeaTimer.exe | > > O4 - HKCU\..\Run: [superAdBlocker] C:\Program Files\SuperAdBlocker.com\Super | > > Ad Blocker\SAdBlock.exe | > > O4 - Startup: PictureProject In Touch.lnk = C:\Program | > > Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe | > > O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program | > > Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe | > > O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program | > > Files\America Online 9.0b\aoltray.exe | > > O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ? | > > O4 - Global Startup: D-Link REG Utility.lnk = ? | > > O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program | > > Files\HP\Digital Imaging\bin\hpqtra08.exe | > > O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft | > > Office\Office10\OSA.EXE | > > O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program | > > Files\Nikon\PictureProject\NkbMonitor.exe | > > O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program | > > Files\AOL Toolbar\toolbar.dll/SEARCH.HTML | > > O8 - Extra context menu item: E&xport to Microsoft Excel - | > > res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 | > > O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - | > > C:\Program Files\AOL Toolbar\toolbar.dll | > > O9 - Extra 'Tools' menuitem: AOL Toolbar - | > > {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL | > > Toolbar\toolbar.dll | > > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - | > > C:\WINDOWS\System32\Shdocvw.dll | > > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - | > > C:\Program Files\Messenger\msmsgs.exe | > > O9 - Extra 'Tools' menuitem: Windows Messenger - | > > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe | > > O12 - Plugin for .html: C:\Program Files\Netscape\Netscape | > > Browser\PLUGINS\npTrident.dll | > > O12 - Plugin for .spop: C:\Program Files\Internet | > > Explorer\Plugins\NPDocBox.dll | > > O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - | > > http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab | > > O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - | > > http://photos.walmart.com/WalmartActivia.cab | > > O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj | > > Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab | > > O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - | > > http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141747084644 | > > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - | > > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175458045265 | > > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} | > > (MsnMessengerSetupDownloadControl Class) - | > > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab | > > O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - | > > http://www.popcap.com/games/popcaploader_v6.cab | > > O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - | > > http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab | > > O20 - Winlogon Notify: !SABWinLogon - C:\Program | > > Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL | > > O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - | > > C:\WINDOWS\System32\acs.exe | > > O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - | > > C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe | > > O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - | > > C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) | > > O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - | > > C:\WINDOWS\System32\CTsvcCDA.exe | > > O23 - Service: DefWatch - Symantec Corporation - C:\Program | > > Files\NavNT\defwatch.exe | > > O23 - Service: DSBrokerService - Unknown owner - C:\Program | > > Files\DellSupport\brkrsvc.exe | > > O23 - Service: Google Updater Service (gusvc) - Google - C:\Program | > > Files\Google\Common\Google Updater\GoogleUpdaterService.exe | > > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision | > > Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel | > > 32\IDriverT.exe | > > O23 - Service: Intel File Transfer - Intel® Corporation - | > > C:\WINDOWS\system32\cba\xfr.exe | > > O23 - Service: Intel PDS - Intel® Corporation - | > > C:\WINDOWS\system32\cba\pds.exe | > > O23 - Service: LightScribeService Direct Disc Labeling Service | > > (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common | > > Files\LightScribe\LSSrvc.exe | > > O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown | > > owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) | > > O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - | > > C:\WINDOWS\System32\NMSSvc.exe | > > O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec | > > Corporation - C:\Program Files\NavNT\rtvscan.exe | > > O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - | > > C:\WINDOWS\system32\nvsvc32.exe | > > O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe | > > O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program | > > Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe | > > O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program | > > Files\Common Files\Sonic Shared\RoxioUpnpService9.exe | > > O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - | > > C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe | > > O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common | > > Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe | > > O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - | > > C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE | > > O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program | > > Files\Common Files\SureThing Shared\stllssvr.exe | > > O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America | > > Online, Inc. - C:\WINDOWS\wanmpsvc.exe | > > | > > -- | > > End of file - 10794 bytes | > > | > > | > | > As a general rule, one should always wipe the hard drive clean and do a | > fresh install of Windows XP and all of the applications after receiving | > a previously owned computer. In this way, one can always be assured of | > starting afresh and also knowingly installing all of the applications that | > will be used without having renmants of someone else's problems. | > | > In looking at the list from HiJackThis, this Dell system appears typical | > and does include several anti-virus and anti-malware applications. But as | > noted by Dave, these need to be subscribed to and their definitions kept | > current. But they may also be in conflict, such as McAfee and Norton AV | > being both present. | > | > For starters, it should be possible to exercise the option from Housecall | > TrendMicro to remove all of the malware that has been detected. Once this | > has been done, remove the computer from the Internet. Elect what anti-virus, | > anti-malware and anti-spyware applications to keep (at least one from each | > class) and update. If there are better applications than those present, then | > acquire them. Remove the superfluous ones and duplicate services. How many | > adblocking services are really needed? Set up schedules for regular anti- | > virus, anti-malware and anti-spyware scans. | > | > Once the housecleaning has been performed and the security services put | > into place, obtain and install a two-way (inbound/outbound) firewall, such | > as ZoneAlarm. | > | > If the above plus a lesson in safe Internet surfing does not solve the | > problems, then go ahead with a clean installation. | >
Guest Curt Christianson Posted September 24, 2007 Posted September 24, 2007 Re: over 600 virus's found! ran anti-virus but still not working Hi Sawyer, I realize you didn't receive a whole lot of good news in this thread unfortunately. The idea of "Flatten and Rebuild" in this case is sound. For a detailed explanation of *why* this is the best route, can best be summed up in one of the finest articles on the subject I've seen. It's written by MS-MVP Bill Castner, and I hope you take the time to read it. The link is: http://aumha.net/viewtopic.php?t=28580&sid=0b26253606d3ba8a184ed9e22649b164 -- HTH, Curt Windows Support Center http://www.aumha.org Practically Nerded,... http://dundats.mvps.org/Index.htm "K.Sawyer" <KSawyer@discussions.microsoft.com> wrote in message news:1DDAA1A0-8A26-4EA9-9131-01938F2308B5@microsoft.com... | My friend bought a computer but didn't realize that she needed to "purchase" | the anti-virus after it's trial period ran. They use cable internet service. | There was no anti-virus or firewall protection shortly after purchasing the | computer. Kids accessed internet and MySpace frequently. I've run Trend | Micro and it found over 615 virus's. 2 MS Dos virus's and 1 internet worm. | I thought of formatting the drive and reinstalling everything, they have | basically nothing on the computer. They are running XP Home Edition. Any | advice on how to clean? Should I just format and reinstall from scratch? | Below is a report from HiJackThis: | Logfile of Trend Micro HijackThis v2.0.2 | Scan saved at 9:34:37 PM, on 9/22/2007 | Platform: Windows XP SP2 (WinNT 5.01.2600) | MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) | Boot mode: Normal | | Running processes: | C:\WINDOWS\System32\smss.exe | C:\WINDOWS\system32\winlogon.exe | C:\WINDOWS\system32\services.exe | C:\WINDOWS\system32\lsass.exe | C:\WINDOWS\system32\svchost.exe | C:\WINDOWS\System32\svchost.exe | C:\WINDOWS\System32\acs.exe | C:\WINDOWS\system32\spoolsv.exe | C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe | C:\WINDOWS\system32\cisvc.exe | C:\WINDOWS\System32\CTsvcCDA.exe | C:\Program Files\NavNT\defwatch.exe | C:\WINDOWS\system32\cba\pds.exe | C:\Program Files\NavNT\rtvscan.exe | C:\WINDOWS\system32\nvsvc32.exe | C:\WINDOWS\System32\svchost.exe | C:\WINDOWS\wanmpsvc.exe | C:\WINDOWS\System32\MsPMSPSv.exe | C:\WINDOWS\system32\cba\xfr.exe | C:\WINDOWS\system32\MsgSys.EXE | C:\WINDOWS\Explorer.EXE | C:\Program Files\NavNT\vptray.exe | C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe | C:\Program Files\Logitech\MouseWare\system\em_exec.exe | C:\Program Files\Real\RealPlayer\RealPlay.exe | C:\Program Files\Common Files\AOL\1127817622\ee\AOLSoftware.exe | C:\Program Files\Roxio\Media Experience\DMXLauncher.exe | C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe | C:\Program Files\HP\HP Software Update\HPWuSchd.exe | C:\Program Files\HP\hpcoretech\hpcmpmgr.exe | C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe | C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe | C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe | C:\Program Files\Nikon\PictureProject\NkbMonitor.exe | C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe | c:\program files\common | files\aol\1127817622\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP | Scheduler.exe | C:\WINDOWS\system32\HPZipm12.exe | C:\WINDOWS\system32\cidaemon.exe | C:\Program Files\Common Files\LightScribe\LSSrvc.exe | C:\WINDOWS\System32\msiexec.exe | C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe | C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE | C:\Documents and Settings\Ruby Sawyer\Desktop\HiJackThis.exe | | R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = | http://www.dellnet.com/ | R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = | http://home.peoplepc.com/search/ | R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = | http://www.comcast.net/home.html | R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = | http://www.dellnet.com/ | R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet | Settings,ProxyOverride = http://localhost | O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - | C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll | O2 - BHO: Adobe PDF Reader Link Helper - | {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat | 7.0\ActiveX\AcroIEHelper.dll | O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - | C:\PROGRA~1\SPYBOT~1\SDHelper.dll | O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - | C:\Program Files\AOL Toolbar\toolbar.dll | O3 - Toolbar: Super Ad Blocker Toolbar - | {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program | Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll | O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE | C:\WINDOWS\system32\NvCpl.dll,NvStartup | O4 - HKLM\..\Run: [diagent] "C:\Program | Files\Creative\SBLive\Diagnostics\diagent.exe" startup | O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE | O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe | O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe | O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe | /embedding | O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe | O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe | O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common | Files\AOL\ACS\AOLDial.exe | O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe | SYSTEMBOOTHIDEPLAYER | O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common | Files\AOL\1127817622\ee\AOLSoftware.exe | O4 - HKLM\..\Run: [Pure Networks Port Magic] | "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run | O4 - HKLM\..\Run: [nwiz] nwiz.exe /install | O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" | -atboottime | O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media | Experience\DMXLauncher.exe" | O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program | Files\Roxio\Drag-to-Disc\DrgToDsc.exe | O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software | Update\HPWuSchd.exe" | O4 - HKLM\..\Run: [HP Component Manager] "C:\Program | Files\HP\hpcoretech\hpcmpmgr.exe" | O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" | /background | O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat | 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 | O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & | Destroy\TeaTimer.exe | O4 - HKCU\..\Run: [superAdBlocker] C:\Program Files\SuperAdBlocker.com\Super | Ad Blocker\SAdBlock.exe | O4 - Startup: PictureProject In Touch.lnk = C:\Program | Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe | O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program | Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe | O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program | Files\America Online 9.0b\aoltray.exe | O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ? | O4 - Global Startup: D-Link REG Utility.lnk = ? | O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program | Files\HP\Digital Imaging\bin\hpqtra08.exe | O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft | Office\Office10\OSA.EXE | O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program | Files\Nikon\PictureProject\NkbMonitor.exe | O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program | Files\AOL Toolbar\toolbar.dll/SEARCH.HTML | O8 - Extra context menu item: E&xport to Microsoft Excel - | res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 | O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - | C:\Program Files\AOL Toolbar\toolbar.dll | O9 - Extra 'Tools' menuitem: AOL Toolbar - | {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL | Toolbar\toolbar.dll | O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - | C:\WINDOWS\System32\Shdocvw.dll | O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - | C:\Program Files\Messenger\msmsgs.exe | O9 - Extra 'Tools' menuitem: Windows Messenger - | {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe | O12 - Plugin for .html: C:\Program Files\Netscape\Netscape | Browser\PLUGINS\npTrident.dll | O12 - Plugin for .spop: C:\Program Files\Internet | Explorer\Plugins\NPDocBox.dll | O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - | http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab | O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - | http://photos.walmart.com/WalmartActivia.cab | O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj | Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab | O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - | http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141747084644 | O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - | http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175458045265 | O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} | (MsnMessengerSetupDownloadControl Class) - | http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab | O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - | http://www.popcap.com/games/popcaploader_v6.cab | O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - | http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab | O20 - Winlogon Notify: !SABWinLogon - C:\Program | Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL | O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - | C:\WINDOWS\System32\acs.exe | O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - | C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe | O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - | C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) | O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - | C:\WINDOWS\System32\CTsvcCDA.exe | O23 - Service: DefWatch - Symantec Corporation - C:\Program | Files\NavNT\defwatch.exe | O23 - Service: DSBrokerService - Unknown owner - C:\Program | Files\DellSupport\brkrsvc.exe | O23 - Service: Google Updater Service (gusvc) - Google - C:\Program | Files\Google\Common\Google Updater\GoogleUpdaterService.exe | O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision | Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel | 32\IDriverT.exe | O23 - Service: Intel File Transfer - Intel® Corporation - | C:\WINDOWS\system32\cba\xfr.exe | O23 - Service: Intel PDS - Intel® Corporation - | C:\WINDOWS\system32\cba\pds.exe | O23 - Service: LightScribeService Direct Disc Labeling Service | (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common | Files\LightScribe\LSSrvc.exe | O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown | owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) | O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - | C:\WINDOWS\System32\NMSSvc.exe | O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec | Corporation - C:\Program Files\NavNT\rtvscan.exe | O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - | C:\WINDOWS\system32\nvsvc32.exe | O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe | O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program | Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe | O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program | Files\Common Files\Sonic Shared\RoxioUpnpService9.exe | O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - | C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe | O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common | Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe | O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - | C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE | O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program | Files\Common Files\SureThing Shared\stllssvr.exe | O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America | Online, Inc. - C:\WINDOWS\wanmpsvc.exe | | -- | End of file - 10794 bytes | | | | | | | -- | K.Sawyer
Guest Leythos Posted September 24, 2007 Posted September 24, 2007 Re: over 600 virus's found! ran anti-virus but still not working In article <1DDAA1A0-8A26-4EA9-9131-01938F2308B5@microsoft.com>, KSawyer@discussions.microsoft.com says... > My friend bought a computer but didn't realize that she needed to "purchase" > the anti-virus after it's trial period ran. They use cable internet service. > There was no anti-virus or firewall protection shortly after purchasing the > computer. Kids accessed internet and MySpace frequently. I've run Trend > Micro and it found over 615 virus's. You can't fix this, it's best to wipe and reinstall from scratch. In general, once a machine is compromised you can't clean it - you might think, if you're one of the EGO types, that you've cleaned it, but the simple fact is that you can't be honestly sure that it's clean. Do them a favor, wipe the machine in a clean network, reinstall, add AV, enabled the firewall, created a LIMITED USER ACCOUNT, don't give them the password to the ADMIN account (or password it), and then install FireFox and Thunderbird. -- Leythos - Igitur qui desiderat pacem, praeparet bellum. - Calling an illegal alien an "undocumented worker" is like calling a drug dealer an "unlicensed pharmacist" spam999free@rrohio.com (remove 999 for proper email address)
Recommended Posts