Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HijackThis Log

Unread postby jthompson » August 29th, 2007, 8:02 pm

I used this website once before to remove a problem on a computer of mine, and you did a fantastic job of solving my problems. Now, my mom has been having the same problems - popups from systemdoctor.com, winantiviruspro, and drivecleaner.com to name a few. Her laptop has been going unnecessarily slow when loading websites and doing other computer processess as of late. She plays a bit of games online, and I've tried to remove the ones that she doesn't use or were causing problems. I have also run AdAware 2007, Spybot S&D, a2, and Norton 2007 and there are still some problems that I couldn't take care of (one being Virtumonde, something S&D said it could not remove) and the computer is still running poorly. Below is the HijackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 6:58:51 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kay\Desktop\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: (no name) - {52120F66-F886-40BF-8618-F293C3BBA7F7} - C:\WINDOWS\system32\jkkji.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\njwanhih.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Sen] "C:\PROGRA~1\ASEMBL~1\spoolsv.exe" -vt ndrv
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.bigfishgames.com/online/myst ... uncher.cab
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://atlantis9.bigfishgames.com/Reef/ ... ontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.games.myway.com/online2/b ... der_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: jkkji - C:\WINDOWS\system32\jkkji.dll
O20 - Winlogon Notify: pmnkiif - pmnkiif.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE




Thanks ahead of time for your help!
jthompson
Regular Member
 
Posts: 19
Joined: January 15th, 2007, 10:24 am
Advertisement
Register to Remove

Unread postby turtledove » August 29th, 2007, 11:56 pm

Hello jthompson,
I am turtledove,
Welcome :)

I will be glad to help you with your computer problems.
HijackThis logs take awhile to research. Please be patient with me. I know that you want your problems solved quickly, and I will work hard to help you.

As an Undergraduate, my posts will be checked first by An Admin or Moderator. Please be patient, I'll post a fix soon.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic. Please stay at one forum for help.
3. Please continue reading posts until I give the All Clear. It is important to note this, as a clean looking HijackThis is not always a sign your system is clean.

If you can do these 3 things, everything should go smoothly.
*Please do not run any fixes on your own, as they may interfere with our work.

Thanks for your patience!

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Unread postby turtledove » August 30th, 2007, 11:50 am

Hello jthompson,

Please print or copy to Notepad these instructions.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


Next:
Please make an Uninstall list :
To access the Uninstall Manager, please do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad here on your next reply.


Please post:
C:\vundofix.txt
HiJackThis log
Uninstall list

You will need to post each in a separate post so as not to cut any logs off.
Thank You
TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Unread postby jthompson » August 30th, 2007, 9:56 pm

I hope I read your reply right and you wanted each one of these in a separate reply. So, first, here is the contents of C:\vundofix.txt:


VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:33:30 PM 8/30/2007

Listing files found while scanning....

C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak2
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\jkkji.dll
C:\windows\system32\lnrxgeuw.ini
C:\WINDOWS\system32\njwanhih.dll
C:\WINDOWS\system32\wuegxrnl.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkkj.bak2
C:\WINDOWS\system32\ijkkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.dll Has been deleted!

Attempting to delete C:\windows\system32\lnrxgeuw.ini
C:\windows\system32\lnrxgeuw.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\njwanhih.dll
C:\WINDOWS\system32\njwanhih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wuegxrnl.dll
C:\WINDOWS\system32\wuegxrnl.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:42:36 PM 8/30/2007

Listing files found while scanning....

C:\windows\system32\wuegxrnl.dll

Beginning removal...

Attempting to delete C:\windows\system32\wuegxrnl.dll
C:\windows\system32\wuegxrnl.dll Has been deleted!

Performing Repairs to the registry.
Done!
jthompson
Regular Member
 
Posts: 19
Joined: January 15th, 2007, 10:24 am

Unread postby jthompson » August 30th, 2007, 9:57 pm

Second, here is the new HijackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 8:49:35 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kay\Desktop\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: (no name) - {52120F66-F886-40BF-8618-F293C3BBA7F7} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Sen] "C:\PROGRA~1\ASEMBL~1\spoolsv.exe" -vt ndrv
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.bigfishgames.com/online/myst ... uncher.cab
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://atlantis9.bigfishgames.com/Reef/ ... ontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.games.myway.com/online2/b ... der_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: pmnkiif - pmnkiif.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
jthompson
Regular Member
 
Posts: 19
Joined: January 15th, 2007, 10:24 am

Unread postby jthompson » August 30th, 2007, 10:00 pm

And, finally, here is the Uninstall List from HijackThis:


101 Bally Slots
Ad-Aware 2007
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player
AOLIcon
AppCore
a-squared Anti-Malware 3.0
AV
Big Fish Games Client
Broadcom Management Programs
ccCommon
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X
Corel Photo Album 6
DB CIF Cam
DB CIF Cam
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Wireless WLAN Card
DellSupport
Digital Content Portal
Digital Line Detect
Disney Pix 2.0
Disney Pix Micro Downloader
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
Games, Music, & Photos Launcher
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel(R) Graphics Media Accelerator Driver for Mobile
Internal Network Card Power Management
Internet Service Offers Launcher
Java 2 Runtime Environment, SE v1.4.2_03
LiveUpdate 3.2 (Symantec Corporation)
Masque Slots
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Helper
Mozilla Firefox (2.0.0.6)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
PowerDVD 5.5
Pretty Good Solitaire version 10.1.0
QuickSet
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Slingo Deluxe
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC 32bit
Spybot - Search & Destroy 1.4
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Winamp (remove only)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WordPerfect Office 12



I hope that is everything. Please let me know if I missed anything.
jthompson
Regular Member
 
Posts: 19
Joined: January 15th, 2007, 10:24 am

Unread postby turtledove » August 31st, 2007, 10:50 am

Hello, jthompson, you did great. Thank You.

Please copy/Print All instructions for reference. Read through to be sure you have no questions. Please ask if uncertain.

Your Java is out of date and leaves your system vulnerable to attacks. We will update in a later step.

First Step:
Remove Programs

Please uninstall:
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
highlight any with JRE or J2SE in the name.
java SE v1.4.2_03
Select Remove/Delete.

Viewpoint or Viewpoint Manager <== Optional but recommended
****A Note:****

Viewpoint
Viewpoint components are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting "Disable auto-updating for the Viewpoint Manager", the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

"To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously."

I recommend that you remove the Viewpoint product; however, the decision is yours.

Exit Add/Remove when done removing what you need/want deleted.

Next:

Please Run HijackThis and do Scan only with ALL other windows/Browsers closed.
Place a Check Mark in the following if present:

O2 - BHO: (no name) - {52120F66-F886-40BF-8618-F293C3BBA7F7} - C:\WINDOWS\system32\jkkji.dll (file missing)
O4 - HKCU\..\Run: [Sen] "C:\PROGRA~1\ASEMBL~1\spoolsv.exe" -vt ndrv
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O20 - Winlogon Notify: pmnkiif - pmnkiif.dll (file missing)


Click Fix Checked, Exit when done.

Next:
Update Java:
Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) 6 Update 2 and save it to your desktop.
Scroll down to where it says "Java Runtime Environment (JRE) 6u2...allows end-users to run Java applications".
Click the "Download" button to the right.
Read the License Agreement and then check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.




Next:
Please download next:
ATFCleaner by Atri
**For IE
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Exit the program.

**If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

**If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.


Next:

Please download:
AVG Anti-Spyware.

Install AVG Anti-Spyware.
Launch AVG by double-clicking on the icon.
The program will now open to the main screen.
You will need to update AVG to the latest definition files.

At the top of the main screen click Update.

Then in the Manual Update section, click on Start Update.

The update will start and a progress bar will show the updates being installed.
*When updates are completed, close AVG.

If you are having problems with the updater, you can use this link to manually update AVG.
AVG manual updates

Part 2:

Run a scan with AVG.

Click on Scanner

Click on the Settings tab, and set the following settings.

How to act

***Click on Recommended actions, and set to Quarantine. May not be set at this by default***

How to scan

Check all options.

Possibly unwanted software.

Check all options.

Reports

Check Do Not Automatically generate report after every scan.
Uncheck Only if threats were found.

What to scan

Check Scan every file.

Click on the Scan tab.

Click on Complete System Scan and the scan will begin.
When the scan has finished

Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
At the bottom of the window click on the Apply all Actions button.


Note: Don't save the report before you hit the Apply action button.

Close AVG Anti-Spyware.

AVG will save a report in the following location C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports



Please post separately:
AVG Report

A new HijackThis log and any issues with the computer running, slowness or pop ups for example.
Can you tell me what programs in your uninstall list (Add/Remove) do AV and MC belong to please?


Thank you
TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Unread postby jthompson » September 2nd, 2007, 10:13 am

I apologize for taking a bit long but here are the details from your previous instructions:

- Everything with uninstalling old Java & installing new Java went fine as far as I can tell.
- I went ahead and removed a Viewpoint Media Player.
- I ran ATFCleaner and everything went fine.
- I installed AVG perfectly fine and the scan and quarantine went fine as well (where it found 180+ items, of which I believe 4 or 5 were deemed High threats). However, there was no 'Reports' folder in the location you specified. So, I went back and double checked your instructions and ran the scan a second time. After clicking the 'Apply all Actions' button, I checked the 'Save Report' button to see if I could find it and found a report to be saved in the following location:

C:\Documents and Settings\Kay\Application Data\Grisoft\AVG antispyware 7.5\Reports

However, upon trying to find it in the Windows Explorer, I realized that it is in a hidden folder. So, I wanted to see what you wanted me to do before finding it and posting on my own.


Since I am not posting the AVG report here I will go ahead and post the new HijackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 8:58:20 AM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Kay\Desktop\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.bigfishgames.com/online/myst ... uncher.cab
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://atlantis9.bigfishgames.com/Reef/ ... ontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.games.myway.com/online2/b ... der_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE




As far as I know there have been no more popups from the likes of the ones I mentioned in my first post. And, my mother says everything seems to be running smoother. However, I have still noticed some High threats in the first scans I ran before coming to the forum (e.g. Norton, a2, and Spybot) and in the scans you have been having me to (e.g. AVG). In regards to the two items mentioned in the uninstall list (AV and MCU), I personally have no idea what they are or what they belong to.

Overall, I think we're making progress! So, thanks thus far!
jthompson
Regular Member
 
Posts: 19
Joined: January 15th, 2007, 10:24 am

Unread postby turtledove » September 2nd, 2007, 2:34 pm

Hello jthompson,
You're doing fine.
Yes, please post the report scan from AVG, We will go from there.
Thank you.

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Unread postby jthompson » September 3rd, 2007, 1:31 am

Here is the AVG report:


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:48:11 AM 9/2/2007

+ Scan result:



C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP83\A0014524.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
:mozilla.183:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.294:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.519:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.520:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.521:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.643:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.644:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.645:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.104:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.105:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.106:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.107:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.125:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.126:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.158:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.159:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.696:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.179:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.180:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.599:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.372:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.373:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.374:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.375:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.45:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.108:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.109:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.110:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.131:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.215:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.17:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.18:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.19:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.20:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.21:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.24:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.25:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.26:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.27:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.449:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.450:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.185:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.188:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.660:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.661:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.662:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.651:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.652:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.653:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.654:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.200:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.201:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.55:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.44:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.46:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.47:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.48:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.49:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.50:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.51:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.52:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.53:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.42:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.216:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.217:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.240:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.241:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.242:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.243:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.244:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.218:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.219:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.220:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.221:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.202:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.203:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.204:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.160:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.161:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.162:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.163:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.164:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.127:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.633:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.132:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.133:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.134:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\0m1byhc3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP83\A0014523.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end
jthompson
Regular Member
 
Posts: 19
Joined: January 15th, 2007, 10:24 am

Unread postby turtledove » September 3rd, 2007, 4:16 pm

Hello jthompson,
Please do the following:
Open Notepad and minimize it.
.
* Open HijackThis and select Open the Misc Tools section
* Click on the Open Uninstall Manager…
* Select <program you want uninstall command>
* Copy the contents of the box labelled uninstall command as a reply to this topic

Do This the above for the following items in the list: AV and MC please.
Copy/paste to notepad, then to this thrread.
Are there any other questions you have about items on the system?

Are the ads gone now as well?

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Unread postby jthompson » September 3rd, 2007, 5:01 pm

Here are the two 'Uninstall Commands' from HijackThis, the first is AV and the second is MC:

MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}



MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}



As far as I know, the ads have no longer become a problem. But, after I last posted, my mom told me that Firefox is no longer able to load some of the sites she goes to (mainly loading Flash based games). And I'm pretty sure they were working before I used the AVG scan. I don't know if doing some of these scans and cleaning certain items has rendered them incapable of running of if there is something else wrong. Other than that, I haven't noticed any other major problems.
jthompson
Regular Member
 
Posts: 19
Joined: January 15th, 2007, 10:24 am

Unread postby turtledove » September 4th, 2007, 1:36 pm

Hello jthompson,

Well done. Everything looks well.
The two items in the uninstall list belong to Symantec(the AV), and the other is Dell(MCU).
Here are a few things to do for final steps:
**Please post back that you've read this and are clear to close this topic; or if there are any remaining issues.**


****Please DELETE the Vundo Fix program we installed.

**Turn off System Restore.**
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

Restart your computer

Turn ON System Restore
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Un-Check Turn off System Restore.
    Click Apply, and then click OK.

Before Surfing UPDATE XP

*How on earth did I get infected in the first place?
Read Here

You can help the fight, report it at Malware Complaints
Stand Up and be Counted!

Some of your legitimate programs will leave .tmp files as they run. Clean these out regularly. Before running a scan is a good time.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit
XP Updates

Other Programs that are useful and notes on Protection for the future:
**Only download what protections you do not have**

Java Updates:
Java Update

Antivirus: *Use only one*
AVG FREE
AntiVir

Test open Ports:
SheildsUp (follow the links to Shield's-Up!)



Other Protection:
IE-Spyad
SpywareBlaster
SpywareGuard
WinPatrol

Also use online scanners as well; as some spyware/virus can disable your software. Check out these:

ActiveScan by Panda
Kaspersky Online Scanner

**Keep IE Secure:
Make your Internet Explorer more secure - This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialise and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Last of all: Very Important: Keep All AntiVirus, Antispyware and Firewall UPDATED WEEKLY.

Thank You
Safe and Happy Surfing :)
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Unread postby jthompson » September 5th, 2007, 7:48 am

Well, everything has been done. I turned off and turned on System Restore, set the IE security options, and installed a couple of your suggested programs. As far as I can tell, everything is working fine (including my mom's gaming sites which began to work after I restarted the computer). I'll make sure everything is kept up to date on this computer and will hopefully not having any more problems. As soon as I post this, I will post in the 'Stand Up and Be Counted' forum. Thank you so much for your help!! I genuinely appreciate what this site does.
jthompson
Regular Member
 
Posts: 19
Joined: January 15th, 2007, 10:24 am

Unread postby askey127 » September 14th, 2007, 8:19 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
If you are the topic starter, you will need a valid, working link to the closed topic, along with the user name used.
The user name must match the one in the linked thread linked to avoid having the email deleted.

You can help support this site from this link :
Donations For Malware Removal
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware