BACK DOOR BOT OR TROJAN

The log shows you have two AV programs on your computer. Only one should be enabled at any given time otherwise, they will cause conflicts.

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  KillAll::
  
  Firefox::
  Trusted Zone: facebook.com\www
  Trusted Zone: GeekPolice.net\www
  
  DDS::
  Trusted Zone: facebook.com\www
  Trusted Zone: GeekPolice.net\www
  
  

  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• I don't need to see the log if you run this script.
  

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Hi Super Dave:

I had briefly installed Zone Alarm on my computer. I thought it would be good because it was a combo virus and firewall. It didnot work well on my computer. I uninstalled it.

Is Zone Alarm still lurking somewhere? I show in the Control Panel that Comodo is in charge of the anti virus and firewall. I have done a search on the computer and can not get any results for Zone Alarm.

I also do not understand how to create CFScript.txt. I do not know how to start notepad. Where is it located?

I will run the ESET in the mean time.
Thanks,
Karen

Hi Super Dave:

ESET scan finished. It is clean. How do I get rid of that Zone Alarm problem? I can not find it anywhere on my machine. I obviously do not want two anti virus programs running at the same time.

Also, when I do the Combo Fix this time after you tell me how to do that script, do I run it in SAFE MODE like last time?

What specifically will this do to my machine? I see the only things listed are GeekPolice and Facebook in the trusted area. How can this be bad?

Thanks,
Karen

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-26 08:31:28
# local_time=2012-11-26 12:31:28 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 71 0 3552049 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=60199
# found=0
# cleaned=0
# scan_time=19069
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=false
# utc_time=2012-12-08 12:22:38
# local_time=2012-12-07 04:22:38 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 71 0 4571820 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 104180 104180 0 0
# scanned=6985
# found=0
# cleaned=0
# scan_time=6761
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-02 11:54:28
# local_time=2013-02-02 03:54:28 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 0 9441870 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 4974230 4974230 0 0
# scanned=62004
# found=7
# cleaned=7
# scan_time=16629
C:\Documents and Settings\Owner\My Documents\Downloads\Unlocker1.9.1.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\cbsidlm-tr1_8-Unlocker-ORG2-10493998.exe Win32/DownloadAdmin.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\duplicate-file-finder-setup.exe a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\registry-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3402\A0554566.exe Win32/DownloadAdmin.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3402\A0554567.exe a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3402\A0554568.exe a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-03 10:24:48
# local_time=2013-02-03 02:24:48 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 0 9514256 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 5046616 5046616 0 0
# scanned=62594
# found=0
# cleaned=0
# scan_time=25252
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-06 05:05:06
# local_time=2013-02-06 09:05:06 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 0 5653527 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 5338983 5338983 0 0
# scanned=64900
# found=0
# cleaned=0
# scan_time=16102
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-08 07:47:06
# local_time=2013-02-08 11:47:06 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 5522530 5522530 0 0
# scanned=63771
# found=0
# cleaned=0
# scan_time=15078
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-15 02:13:21
# local_time=2013-02-15 06:13:21 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 0 6420019 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 6105475 6105475 0 0
# scanned=61998
# found=5
# cleaned=5
# scan_time=16908
C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3453\A0564019.exe probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\13.02.2013_21.06.18\tdlfs0000\tsk0004.dta Win32/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\13.02.2013_21.06.18\tdlfs0000\tsk0008.dta a variant of Win32/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\13.02.2013_21.06.18\tdlfs0000\tsk0016.dta a variant of Win32/Kryptik.QQF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\13.02.2013_21.06.18\tdlfs0000\tsk0017.dta a variant of Win32/Kryptik.QQF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-17 02:05:36
# local_time=2013-02-16 06:05:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 14968 6551388 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 6236844 6236844 0 0
# scanned=61726
# found=7
# cleaned=7
# scan_time=14677
C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{084F2941-A1D6-45AD-A865-5BC86E91645E} Win64/Olmasco.P trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{286A5BF6-8680-43B7-B62D-C69C32C784A5} Win64/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{39D02971-7680-44E2-A1A7-63367093A210} Win64/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{659A37AD-63DB-4035-8822-6986182A0210} a variant of Win32/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{CB2D049E-D698-4553-9D60-2BB8906BD740} a variant of Win32/Kryptik.QQF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{EFC1C5BB-7BBC-4DE4-B516-4C92DEDB0F22} Win32/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{F396A1FF-5F13-41F3-A8FD-BF4F3E0679ED} Win64/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-17 08:55:44
# local_time=2013-02-17 12:55:44 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 0 6576976 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 6262432 6262432 0 0
# scanned=61809
# found=0
# cleaned=0
# scan_time=13693
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-20 03:10:02
# local_time=2013-02-19 07:10:02 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 7502 6814879 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 6500335 6500335 0 0
# scanned=62051
# found=0
# cleaned=0
# scan_time=14251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-23 02:07:11
# local_time=2013-02-22 06:07:11 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 0 7067404 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 6752860 6752860 0 0
# scanned=63821
# found=0
# cleaned=0
# scan_time=17154

Also, when I do the Combo Fix this time after you tell me how to do that script, do I run it in SAFE MODE like last time?

No, you should be able to run it in Normal Mode.

What specifically will this do to my machine? I see the only things listed are GeekPolice and Facebook in the trusted area. How can this be bad?

Please read the warning I provided in red. It will explain why trusted zones are not advisable.

Notepad is found in Start, All Programs, Accessories. I've changed the CF Script to remove ZoneAlarm. Just check the new log after you run CFScript to see if ZoneAlarm has been removed. No need to post the log.

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  
  KillAll::
  
  SecCenter::
  {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
  
  Firefox::
  Trusted Zone: facebook.com\www
  Trusted Zone: GeekPolice.net\www
  
  DDS::
  Trusted Zone: facebook.com\www
  Trusted Zone: GeekPolice.net\www
  
  

  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.
  

Hi Super Dave:

Had to run Combo Fix in SAFE MODE. I hope it did what you were hoping for with that CFScript. I did peek and saw that Facebook and GeekPolice were no longer listed in the Trusted Sites area. I do not know where to look for Zone Alarm as I do not know where it was hiding to begin with. Hopefully it is gone as well.

How does the Combo Fix report look to you now?

ComboFix 13-02-23.01 - Owner 02/23/2013 13:30:10.16.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1608 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-23 to 2013-02-23 )))))))))))))))))))))))))))))))
.
.
2013-02-23 21:14 . 2013-02-23 21:14 -------- dc----w- C:\Combo-Fix
2013-02-22 03:54 . 2013-02-22 03:54 -------- d-----w- c:\windows\system32\wbem\Repository
2013-02-19 22:36 . 2013-02-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2013-02-09 00:23 . 2013-02-09 00:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Comodo
2013-02-08 23:12 . 2013-02-08 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2013-02-08 23:12 . 2013-02-08 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2013-02-08 23:12 . 2013-02-08 23:12 -------- d-----w- c:\program files\COMODO
2013-02-08 23:04 . 2013-02-08 23:04 130846192 ----a-w- c:\program files\cav_installer.exe
2013-02-08 14:23 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-08 14:23 . 2013-02-14 06:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-08 02:21 . 2013-02-08 02:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Avg2013
2013-02-07 01:40 . 2013-02-07 01:40 -------- d-----w- c:\documents and settings\Owner\Application Data\TuneUp Software
2013-02-07 01:11 . 2013-02-07 01:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MFAData
2013-02-06 12:02 . 2013-02-06 20:50 36760 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-02-06 11:15 . 2013-02-06 11:15 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space
2013-02-03 22:08 . 2013-02-03 22:09 -------- d-----w- c:\program files\QuickTime
2013-02-03 22:08 . 2013-02-03 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2013-02-03 22:07 . 2013-02-03 22:07 -------- d-----w- c:\program files\Common Files\Apple
2013-02-03 22:06 . 2013-02-03 22:06 -------- d-----w- c:\program files\Apple Software Update
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-01-29 07:52 . 2012-05-09 02:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-01-29 07:52 . 2010-11-27 02:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-01-29 07:24 . 2013-01-29 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-01-27 20:54 . 2013-01-27 20:54 4189792 ----a-w- c:\program files\ccsetup327.exe
2013-01-25 06:43 . 2013-01-25 06:43 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-01-25 06:43 . 2013-01-25 06:43 354752 ----a-w- c:\windows\system32\guard32.dll
2013-01-25 06:42 . 2013-01-25 06:42 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-01-25 06:42 . 2013-01-25 06:42 263888 ----a-w- c:\windows\system32\cmdvrt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-03 22:03 . 2011-09-14 18:56 40437664 ----a-w- c:\program files\QuickTimeInstaller.exe
2013-01-29 07:21 . 2012-12-28 02:22 21494224 ----a-w- c:\program files\asc-setup.exe
2013-01-26 03:55 . 2003-07-16 20:40 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-17 03:51 . 2013-01-17 03:51 98752 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-01-17 03:51 . 2013-01-17 03:51 586728 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-01-17 03:51 . 2013-01-17 03:51 32824 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-01-17 03:51 . 2013-01-17 03:51 18536 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-01-16 02:49 . 2012-12-28 03:56 23360 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-01-12 21:50 . 2013-01-12 21:50 4178040 ----a-w- c:\program files\ccsetup326.exe
2013-01-12 20:32 . 2012-11-24 22:41 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-12 20:32 . 2011-07-22 08:54 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-10 00:40 . 2012-11-18 00:43 24265736 ----a-w- c:\program files\dotnetfx.exe
2013-01-07 01:16 . 2003-07-16 20:39 2193024 ------w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2002-08-29 01:04 2069760 ------w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2003-07-16 20:51 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2003-07-16 20:34 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2003-05-13 17:28 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2004-02-07 01:05 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2010-10-14 16:46 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2010-10-14 16:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-12-18 19:00 . 2012-11-03 00:40 4976384 ----a-w- c:\program files\defragsetup.exe
2012-12-16 12:23 . 2003-07-16 20:24 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-18 00:57 . 2012-11-18 00:57 2959376 ----a-w- c:\program files\dotnetfx35setup.exe
2012-10-28 00:17 . 2012-10-28 00:17 38984 ----a-w- c:\program files\DellPCDiagnostics.exe
2012-10-27 22:47 . 2012-10-27 22:47 347424 ----a-w- c:\program files\MicrosoftFixit.AudioPlayback.Run.exe
2012-10-27 19:10 . 2012-10-27 19:10 10669896 ----a-w- c:\program files\mbam-setup.exe
2012-02-24 00:50 . 2012-02-24 00:50 8669472 ----a-w- c:\program files\Windows7UpgradeAdvisorSetup.exe
2011-07-23 09:00 . 2011-07-23 09:00 908064 ----a-w- c:\program files\jre-6u26-windows-i586-iftw.exe
2011-07-20 05:55 . 2011-07-20 05:55 684297 ----a-w- c:\program files\unhide.exe
2010-12-26 06:19 . 2010-12-26 06:19 12965392 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2010-12-26 05:03 . 2010-12-26 05:03 12252656 ----a-w- c:\program files\RealPlayer11GOLD.exe
2010-12-25 07:47 . 2010-12-25 07:47 602464 ----a-w- c:\program files\RealPlayer.exe
2010-12-25 03:18 . 2010-12-24 06:45 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2010-09-12 01:42 . 2010-09-12 01:42 6776168 ----a-w- c:\program files\WindowsUpdateAgent30-x86.exe
2010-08-26 19:15 . 2008-06-30 18:11 1625600 -c--a-w- c:\program files\MBSASetup-x86-EN.msi
2010-05-22 22:28 . 2010-05-22 22:28 6108728 ----a-w- c:\program files\picasaweb-current-setup.exe
2010-04-19 18:37 . 2010-04-19 18:37 2270216 ----a-w- c:\program files\advisor.exe
2010-02-05 19:35 . 2008-06-09 02:21 1114576 ----a-w- c:\program files\revosetup.exe
2010-01-07 20:04 . 2009-12-24 18:13 9476032 ----a-w- c:\program files\RevoUninProSetup.exe
2009-10-25 20:03 . 2009-10-20 01:14 747520 -c--a-w- c:\program files\MicrosoftFixit50198.msi
2009-10-20 20:54 . 2009-10-20 20:54 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-09-27 07:35 . 2008-09-19 06:15 1146184 ----a-w- c:\program files\wlsetup-web.exe
2009-07-25 18:24 . 2009-07-25 18:23 2052104 ----a-w- c:\program files\advisor belarc.exe
2009-06-04 21:16 . 2009-06-04 21:15 14243328 -c--a-w- c:\program files\DM510.32.4071221.EN.msi
2009-04-01 03:21 . 2009-03-10 16:45 224 -c--a-w- c:\program files\fix.bat
2009-01-02 22:57 . 2009-01-02 22:57 1945096 -c--a-w- c:\program files\BELARC advisor.exe
2008-06-23 17:11 . 2008-06-23 17:11 2400784 ----a-w- c:\program files\WLinstaller.exe
2008-01-14 20:32 . 2008-04-25 07:31 6957056 -c--a-w- c:\program files\PhotoLibrary.msp
2006-12-29 23:58 . 2006-12-29 23:58 15505200 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-12-18 05:44 . 2006-12-18 05:44 20036629 -c--a-w- c:\program files\eppwin300aus.exe
2006-11-07 00:49 . 2006-11-07 00:49 64512 -c--a-w- c:\program files\Compatibility_Check.exe
2006-10-27 16:50 . 2006-10-27 16:51 317248 -c--a-w- c:\program files\WINDOWS OCT06.exe
2005-12-17 01:24 . 2005-12-15 00:35 561 -c--a-w- c:\program files\os449133.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\JEFF\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PPWebCap"=c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OneTouch Monitor"=c:\program files\Visioneer OneTouch\OneTouchMon.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"PMBVolumeWatcher"=c:\program files\Sony\PMB\PMBVolumeWatcher.exe
"Motive SmartBridge"=c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
"ZoneAlarm Installer"="c:\program files\CheckPoint\Install\Launcher.exe" "c:\program files\CheckPoint\Install\Install.exe" /r install /c "c:\program files\CheckPoint\Install\Install.xml" /l /w
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
"COMODO Internet Security"=c:\program files\COMODO\COMODO Internet Security\cistray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/28/2013 11:52 PM 14776]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/16/2013 7:51 PM 18536]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [1/16/2013 7:51 PM 586728]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/16/2013 7:51 PM 32824]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
R3 ch7009;ch7009;c:\windows\system32\drivers\ch7009.sys [10/27/2012 11:32 AM 20224]
R3 ch7017;ch7017;c:\windows\system32\drivers\ch7017.sys [10/27/2012 11:32 AM 26368]
R3 fs454;fs454;c:\windows\system32\drivers\fs454.sys [10/27/2012 11:32 AM 15616]
R3 igdmini;igdmini;c:\windows\system32\drivers\igdmini.sys [10/27/2012 11:32 AM 256896]
R3 lvds;lvds;c:\windows\system32\drivers\lvds.sys [10/27/2012 11:32 AM 5632]
R3 ns2501;ns2501;c:\windows\system32\drivers\ns2501.sys [10/27/2012 11:32 AM 7424]
R3 ns387;ns387;c:\windows\system32\drivers\ns387.sys [10/27/2012 11:32 AM 5376]
R3 sii164;sii164;c:\windows\system32\drivers\sii164.sys [10/27/2012 11:32 AM 4992]
R3 th164;th164;c:\windows\system32\drivers\th164.sys [10/27/2012 11:32 AM 4736]
R3 ti410;ti410;c:\windows\system32\drivers\ti410.sys [10/27/2012 11:32 AM 4864]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [1/24/2013 10:42 PM 127184]
S3 d3dUtil;d3dutil;c:\windows\system32\drivers\d3dutil.sys [10/27/2012 11:32 AM 2560]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 12:47 PM 14336]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0;PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [9/3/2012 9:54 PM 22640]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys --> c:\documents and settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys [?]
S4 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-23 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-23 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-23 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-23 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 21:52]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 21:52]
.
2013-02-05 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2012-12-18 19:06]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.dogpile.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.0.0.1
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-23 13:46
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,89,37,d4,0f,f6,56,43,88,58,fb,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(744)
c:\windows\system32\cmdcsr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\crypserv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
.
**************************************************************************
.
Completion time: 2013-02-23 13:57:16 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-23 21:57
.
Pre-Run: 16,315,092,992 bytes free
Post-Run: 16,370,515,968 bytes free
.
- - End Of File - - 116E12C9F1A6A2D6CCBAD24515A865FF


Thanks,
Karen

How does the Combo Fix report look to you now?

Yup, all gone.
If there are no other issues, we can do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Hi Super Dave:

Doing clean up now. I see you are having me install Spy Bot. As I told you in my first post the friend that helped me before I asked you to help told me to get rid of Spy Bot, Super Anti Spyware and Advanced System Care. He said they were all snake oil!

Should I add Advanced System Care and Super Antii Spyware back along with Spy Bot?

I also wanted to ask a question about the end of Windows XP. What will that be like for me in 2014? Will my computer stop working? Should I buy and prepare a new computer before then? If I need to get a new computer do you think I can get a good one off Ebay?

Thanks,
Karen

that helped me before I asked you to help told me to get rid of Spy Bot, Super Anti Spyware and Advanced System Care.

I didn't suggest SuperAntiSpyware. I suggested SpywareBlaster. Spybot is an older program but you can find an up-to-date review here. I've used it for years but dumped it when I started using MicroSoft Security Essentials. As for Advanced System Care I'm not sure if it's good or not. You can google it to find some reviews.

I also wanted to ask a question about the end of Windows XP. What will that be like for me in 2014? Will my computer stop working? Should I buy and prepare a new computer before then? If I need to get a new computer do you think I can get a good one off Ebay?

No, your computer will keep on working. I ran Windows 98 for many years after the support was ended and Windows XP will have to be pried from my dead, cold hands.lol Buying anything of Ebay is a crap shoot. If you're talking about a pre-owned computer you may get a good one or you may get a dud.

Hi Super Dave:

You misread my question about Super Anti Spyware. I was telling you that the guy that helped me before you helped me told me, "Karen get rid of Spy Bot, Super Anti Spyware and Advanced System Care 6. They are all snake oil." I have had Advanced System Care on my computer for at least four years. Spy Bot longer than that. Super Anti Spyware I have also had for some time. I have no feelings one way or the other about Super Anti Spyware. But as for Spy Bot and Advanced System Care, I thought they were helping me.

So I am OK with Windows XP coming to an end. I guess I will just see what happens when someone at Microsoft pulls the switch on Windows XP. I wonder if the end of support will be stopped as there are so many businesses with Windows XP.

One thing I also wondered about adding to my life is the Comodo Time Machine. I do back up once per week on two My Book Essential Edition external hard drives. I do not want to take up precious space on my hard drive to install the Time Machine so I thought I would install it both of the hard drives. Each week I would run the program off each of the external hard drives and back up my system. The two external hard drives are each 500 gb. I would think that I could have two back ups on each hard drive and each week delete the oldest back up. If something were to happen to my computer I would have a total of our back ups. Two on each external hard drive. Surely this would keep me safe and I could recreate my life with minimal problems. The only thing I would not be able to take advantage of would be the fact that the write up says that even with a complete computer break down one can boot from the Time Machine.

What are your thoughts about this? I am finishing my clean up and my System Restore.

Thanks,
Karen

I guess I will just see what happens when someone at Microsoft pulls the switch on Windows XP. I wonder if the end of support will be stopped as there are so many businesses with Windows XP.

They won't shut it down; they will just stop with the updates and patches. They've already extended it so they just may extend it again.

The only thing I would not be able to take advantage of would be the fact that the write up says that even with a complete computer break down one can boot from the Time Machine.

Backing up to external hardrives is an excellent idea. I don't see how the Time Machine can boot your computer if the motherboard or harddrive are fried. If something happens to the OS there are many rescue disks that will boot your computer.

Hi Super Dave:

After I sent the note to you the other day I thought about being fried as well. I do have my own OS disk. I also think that the space that Time Machine would take up on the external hard drives would be quite large. Because I do my back up each week to the two externals I think I am fairly safe. Most people probably would do just one external hard drive. I am doing two.

Thanks again for helping me. Take care of yourself.
Karen