Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My HiJack This Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Shaba » September 7th, 2007, 12:47 pm

Hi

Some bad files still, my bad.

Double-click FindAWF.exe to start the tool.

  • Select option #2 - Restore files from bak folders by typing 2 and press 'Enter'
  • A text file will open up. Please copy/paste the following bolded text into the text file:

    "C:\Program Files\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
    "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
    "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe"


  • Close the .txt file and click 'Yes' to save the changes.
  • When the tool has completed, a report will open up in notepad.

Please post the results of the awf.txt here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Unread postby midge81girl » September 7th, 2007, 1:48 pm

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Fri 09/07/2007
The current time is: 13:47:31.61


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

11/16/2004 01:30 AM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\SYMANT~1\BAK

07/07/2004 07:29 PM 124,232 VPTray.exe
1 File(s) 124,232 bytes

Directory of C:\PROGRA~1\WINDOW~4\BAK

04/03/2006 06:12 PM 777,424 MSASCui.exe
1 File(s) 777,424 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 08:00 AM 15,360 ctfmon.exe
10/08/2004 12:27 PM 126,976 hkcmd.exe
10/08/2004 12:31 PM 155,648 igfxtray.exe
3 File(s) 297,984 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

08/06/2004 12:27 PM 860,160 Smax4.exe
07/27/2004 05:48 PM 1,388,544 SMax4PNP.exe
2 File(s) 2,248,704 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

06/09/2004 08:31 PM 66,680 ccApp.exe
1 File(s) 66,680 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

06/23/2007 09:44 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

10/14/2004 06:26 PM 688,218 SynTPEnh.exe
10/14/2004 06:28 PM 98,394 SynTPLpr.exe
2 File(s) 786,612 bytes

Directory of C:\PROGRA~1\TOSHIBA\TO8D15~1\BAK

09/15/2004 07:03 PM 135,168 SmoothView.exe
1 File(s) 135,168 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSCDSPD\BAK

09/05/2003 07:24 AM 65,536 toscdspd.exe
1 File(s) 65,536 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~3\BAK

12/14/2004 11:12 PM 368,640 thotkey.exe
1 File(s) 368,640 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOUCHA~1\BAK

09/07/2004 06:03 PM 1,077,301 PadExe.exe
1 File(s) 1,077,301 bytes

Directory of C:\PROGRA~1\TOSHIBA\TVS\BAK

11/12/2004 09:57 PM 73,728 TvsTray.exe
1 File(s) 73,728 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\TOSHIBA\IVP\ISM\BAK

10/20/2003 12:37 PM 475,136 ivpsvmgr.exe
11/03/2004 03:12 PM 147,456 pinger.exe
2 File(s) 622,592 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

08/03/2004 05:05 AM 122,939 tfswctrl.exe
1 File(s) 122,939 bytes

Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK

10/15/2004 03:31 PM 356,352 EOUWiz.exe
10/15/2004 03:27 PM 385,024 ifrmewrk.exe
2 File(s) 741,376 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

98304 Nov 16 2004 "C:\Program Files\QuickTime\qttask.exe"
98304 Nov 16 2004 "C:\Program Files\QuickTime\bak\qttask.exe"
124232 Jul 7 2004 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
777424 Apr 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
777424 Apr 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
126976 Oct 8 2004 "C:\WINDOWS\system32\hkcmd.exe"
126976 Oct 8 2004 "C:\WINDOWS\system32\bak\hkcmd.exe"
155648 Oct 8 2004 "C:\WINDOWS\system32\igfxtray.exe"
155648 Oct 8 2004 "C:\WINDOWS\system32\bak\igfxtray.exe"
860160 Aug 6 2004 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
860160 Aug 6 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
1388544 Jul 27 2004 "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
1388544 Jul 27 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
66680 Jun 9 2004 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
52272 Jan 25 2007 "C:\Program Files\Google\googletoolbar4user.exe"
446532 Sep 1 2005 "C:\Program Files\Google\Google Earth\GoogleEarth.exe"
68856 Jun 23 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
138168 Jan 25 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Jun 23 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
688218 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
688218 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
688218 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
98394 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
98394 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
98394 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe"
135168 Sep 15 2004 "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
135168 Sep 15 2004 "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe"
65536 Sep 5 2003 "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
65536 Sep 5 2003 "C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe"
368640 Dec 14 2004 "C:\Program Files\TOSHIBA\TOSHIBA Applet\thotkey.exe"
368640 Dec 14 2004 "C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe"
1077301 Sep 7 2004 "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
1077301 Sep 7 2004 "C:\Program Files\TOSHIBA\Touch and Launch\bak\PadExe.exe"
73728 Nov 12 2004 "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe"
73728 Nov 12 2004 "C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe"
475136 Oct 20 2003 "C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe"
475136 Oct 20 2003 "C:\TOSHIBA\IVP\ISM\bak\ivpsvmgr.exe"
147456 Nov 3 2004 "C:\TOSHIBA\IVP\ISM\pinger.exe"
147456 Nov 3 2004 "C:\TOSHIBA\IVP\ISM\bak\pinger.exe"
122939 Aug 3 2004 "C:\WINDOWS\system32\dla\tfswctrl.exe"
122939 Aug 3 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
122939 Aug 3 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
356352 Oct 15 2004 "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
356352 Oct 15 2004 "C:\Program Files\Intel\Wireless\Bin\bak\EOUWiz.exe"
385024 Oct 15 2004 "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe"
385024 Oct 15 2004 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"


end of report
midge81girl
Regular Member
 
Posts: 34
Joined: September 27th, 2006, 5:10 pm

Unread postby Shaba » September 7th, 2007, 1:52 pm

Hi

Double-click FindAWF.exe to start the tool.

  • Select option #3 - Remove bak folders by typing 3 and press 'Enter'
  • A text file will open up. Please copy/paste the following bolded text into the text file:

    C:\Program Files\QuickTime\bak
    C:\Program Files\Windows Defender\bak
    C:\WINDOWS\system32\bak
    C:\Program Files\Analog Devices\SoundMAX\bak
    C:\Program Files\Google\GoogleToolbarNotifier\bak
    C:\Program Files\Synaptics\SynTP\bak
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak
    C:\Program Files\TOSHIBA\TOSCDSPD\bak
    C:\Program Files\TOSHIBA\TOSHIBA Applet\bak
    C:\Program Files\TOSHIBA\Touch and Launch\bak
    C:\Program Files\TOSHIBA\Tvs\bak
    C:\TOSHIBA\IVP\ISM\bak
    C:\WINDOWS\system32\dla\bak
    C:\Program Files\Intel\Wireless\Bin\bak


  • Close the .txt file and click 'Yes' to save the changes.
  • When the tool has completed, a report will open up in notepad.

Please post the results of the awf.txt here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby midge81girl » September 7th, 2007, 1:55 pm

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Fri 09/07/2007
The current time is: 13:54:55.86


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\SYMANT~1\BAK

07/07/2004 07:29 PM 124,232 VPTray.exe
1 File(s) 124,232 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

06/09/2004 08:31 PM 66,680 ccApp.exe
1 File(s) 66,680 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

124232 Jul 7 2004 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
66680 Jun 9 2004 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"


end of report
midge81girl
Regular Member
 
Posts: 34
Joined: September 27th, 2006, 5:10 pm

Unread postby Shaba » September 7th, 2007, 1:58 pm

Hi

Looks much better :)

Open HijackThis, click do a system scan only and checkmark these:

O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com


Close all windows including browser and press fix checked.

Reboot.

Post a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby midge81girl » September 7th, 2007, 2:12 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:58 PM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldnet.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.att.net/ie4/search/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF1CCB49-B72C-40D4-8919-76F90A60585F}: Domain = ad.med.miami.edu
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 10688 bytes
midge81girl
Regular Member
 
Posts: 34
Joined: September 27th, 2006, 5:10 pm

Unread postby Shaba » September 8th, 2007, 4:16 am

Hi

That looks good :)

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby midge81girl » September 8th, 2007, 12:02 pm

Great! It's faster, but when I start my computer it says something about windows defender unable to start. How do I fix that and get rid of windows defender, which is still in my programs?
midge81girl
Regular Member
 
Posts: 34
Joined: September 27th, 2006, 5:10 pm

Unread postby Shaba » September 8th, 2007, 12:04 pm

Hi

You can uninstall it via add/remove programs if you like to.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby midge81girl » September 8th, 2007, 5:23 pm

Add/Remove programs option won't open. I click on it and nothing happens.
midge81girl
Regular Member
 
Posts: 34
Joined: September 27th, 2006, 5:10 pm

Unread postby Shaba » September 9th, 2007, 4:34 am

Hi

Try it in on safe mode.

Does it work there?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby midge81girl » September 9th, 2007, 10:11 am

Shaba, you're awesome! THanks for all your help...it runs great!

McAfee is causing me problems, though. Know of a free anti-virus or anti spyware i can get to keep this from happening again?
midge81girl
Regular Member
 
Posts: 34
Joined: September 27th, 2006, 5:10 pm

Unread postby Shaba » September 9th, 2007, 10:17 am

Hi

Sure :)

Install one antivirus and one firewall from below and post back a fresh HijackThis log:

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo
2) Sunbelt/Kerio
3) Agnitum
4) ZoneAlarm

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby Shaba » September 15th, 2007, 4:48 am

midge81girl?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby Shaba » September 18th, 2007, 1:03 pm

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware