Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

please examine hjt log slow/good amount of pop-ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

please examine hjt log slow/good amount of pop-ups

Unread postby heat123 » June 26th, 2008, 12:19 pm

I have ran spybot search and destroy and it removed one thing and ran adaware and it removed 1 thing. Here is my hijackthis log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:30 AM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1146774055\ee\AOLSoftware.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: - {62878c95-37a0-45c3-bdff-223c703e5daa} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146774055\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{83E434D0-4092-46B6-B9E9-E6C52AF309EB}: NameServer = 205.188.146.145
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

--
End of file - 7480 bytes
heat123
Regular Member
 
Posts: 26
Joined: June 26th, 2008, 10:41 am
Advertisement
Register to Remove

Re: please examine hjt log slow/good amount of pop-ups

Unread postby mjq424 » June 26th, 2008, 2:05 pm

Hello, and welcome to Malware Removal Forums.
My name is Matt and I will be assisting you with your malware issues.
Please be patient as I need some time to review your HijackThis log and I will post back recommendations for repairs.
As I am still on training, everything that I post to you, must be checked by a Teacher. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any questions or you're stuck in there please reply it to me. I will try my best to help you! Not having symptoms of malware doesn't mean that you are clean!
  • Please do not carry out tasks on your own before I reply as this will only complicate things and may mean that my instructions are useless or dangerous!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK

Re: please examine hjt log slow/good amount of pop-ups

Unread postby mjq424 » June 26th, 2008, 5:01 pm

Hi
Your antiVirus program is not active
It is essential that you have active an AntiVirus program running while you are connected to an internet connection.
Please open PC Tools AntiVirus and make sure that IntelliGuard is on and that PC Tools AntiVirus is set to start with Windows.

:remove McAfee:

You have the remnants of McAfee remaining on your PC. Please run the McAfee Consumer Removal Tool (MCPR.EXE) to ensure successful removal of all McAfee references.

Download the removal tool from:
http://download.mcafee.com/products/lic ... s/MCPR.exe

  • Click Save and save the file to any folder on your computer.
  • Navigate to the folder where the file is saved.
  • Make sure all McAfee windows are closed.
  • Double-click MCPR.EXE to run the removal tool.
  • Restart your computer after receiving the message CleanUp Successful.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
    The log can also be found here: C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Copy and Paste the log into your next reply

===============================
In your next reply can I please see the following:
  • mbam-log-date (time).txt
  • a new HijackThis log
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK

Re: please examine hjt log slow/good amount of pop-ups

Unread postby heat123 » June 26th, 2008, 7:49 pm

Sorry in the delayed response I will respond Friday in the later afternoon early evening. Don't have PC with me. Thank you so far for all your help
heat123
Regular Member
 
Posts: 26
Joined: June 26th, 2008, 10:41 am

Re: please examine hjt log slow/good amount of pop-ups

Unread postby heat123 » June 27th, 2008, 6:05 pm

Hello Matt I hope you are doing well. I opened PC tools antivirus and turned on intelliGuard and it does start with windows I checked. I have removed the remants of McAfee. I did a full scan with Malwarebytes' Anti-Malware and it found nothing. Anyway here is the Malwarebytes' Anti-Malware log below then the new HJT log is also below. Thanks again for all your help so far.


Malwarebytes' Anti-Malware 1.18
Database version: 895

5:53:01 PM 6/27/2008
mbam-log-6-27-2008 (17-53-00).txt

Scan type: Full Scan (C:\|)
Objects scanned: 80433
Time elapsed: 21 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:40 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1146774055\ee\AOLSoftware.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: - {62878c95-37a0-45c3-bdff-223c703e5daa} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146774055\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{83E434D0-4092-46B6-B9E9-E6C52AF309EB}: NameServer = 205.188.146.145
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

--
End of file - 5982 bytes
heat123
Regular Member
 
Posts: 26
Joined: June 26th, 2008, 10:41 am

Re: please examine hjt log slow/good amount of pop-ups

Unread postby mjq424 » June 28th, 2008, 7:57 am

Hi
It may be that your attempts to clean up may have succeeded. How is your PC behaving? Still getting popups?
There are a few other tasks that need to be done now though:

Please open HijackThis
Click Scan Only
Place checkmarks against the following:
  • O2 - BHO: - {62878c95-37a0-45c3-bdff-223c703e5daa} - (no file)
  • O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
  • O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
Close ALL open programs except HijackThis
Click Fix checked
Close HijackThis

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java(TM) SE Runtime Environment 6u6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 8.
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK

Re: please examine hjt log slow/good amount of pop-ups

Unread postby heat123 » June 28th, 2008, 11:21 am

Thank you for all your help. I fixed the things in hijackthis that you asked. I updated Java and uninstalled the older versions. I have downloaded the latest adobe reader then I restarted my computer then I did a HJT log which is below. Thanks again for all your help I hope you are doing good.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:52 AM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1146774055\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\CCleaner\CCleaner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146774055\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

--
End of file - 5736 bytes
heat123
Regular Member
 
Posts: 26
Joined: June 26th, 2008, 10:41 am

Re: please examine hjt log slow/good amount of pop-ups

Unread postby heat123 » June 28th, 2008, 11:35 am

Forgot to ask you some questions. Have you found any infections from the logs I posted for you to examine? If so, what are they? Then my computer is not displaying as many popups as before but still is displaying some. Is PC tools antivirus a good antivirus software to use? Thanks for all you have done so far.
heat123
Regular Member
 
Posts: 26
Joined: June 26th, 2008, 10:41 am

Re: please examine hjt log slow/good amount of pop-ups

Unread postby mjq424 » June 28th, 2008, 6:09 pm

Hi
There are no overt signs of infection, however, if you are still getting popups we'll deal with it! There's nothing wrong with PC Tools AntiVirus, I will suggest some more protection programs when you are clean.

Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK

Re: please examine hjt log slow/good amount of pop-ups

Unread postby heat123 » June 28th, 2008, 6:53 pm

Here is the Deckards system scanner logs of main.txt and extra.txt below. Thanks for all your help so far.


Deckard's System Scanner v20071014.68
Run by CL CLEANING on 2008-06-28 18:40:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 4 Restore Point(s) --
4: 2008-06-29 00:23:00 UTC - RP677 - Deckard's System Scanner Restore Point
3: 2008-06-28 18:01:17 UTC - RP676 - Software Distribution Service 3.0
2: 2008-06-28 16:57:45 UTC - RP675 - Installed Adobe Reader 8.1.2
1: 2008-06-28 16:57:01 UTC - RP674 - Removed Adobe Reader 7.0.9


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as CL CLEANING.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:35 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1146774055\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\CL CLEANING\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\CL CLEANING.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146774055\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

--
End of file - 5347 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080628-080537-705 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20080628-080537-800 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20080628-080537-880 O2 - BHO: - {62878c95-37a0-45c3-bdff-223c703e5daa} - (no file)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-28 18:40:17 0 dr-h----- C:\Documents and Settings\CL CLEANING\Recent
2008-06-28 10:58:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-27 17:27:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-26 11:52:17 0 d-------- C:\Program Files\Trend Micro
2008-06-24 18:55:10 0 d-------- C:\Documents and Settings\CL CLEANING\Application Data\Pointstone
2008-06-24 18:53:15 0 d-------- C:\Program Files\Pointstone
2008-06-24 18:53:14 0 d-------- C:\Program Files\Common Files\Pointstone
2008-06-23 11:17:35 0 d-------- C:\Documents and Settings\CL CLEANING\Application Data\Malwarebytes
2008-06-23 11:17:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 19:46:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 15:09:15 0 d-------- C:\Documents and Settings\Administrator.CINDY.000\Application Data\SUPERAntiSpyware.com
2008-06-09 15:06:28 0 dr------- C:\Documents and Settings\Administrator.CINDY.000\Favorites
2008-06-09 15:06:28 0 d-------- C:\Documents and Settings\Administrator.CINDY.000\Desktop
2008-06-09 15:06:28 0 d---s---- C:\Documents and Settings\Administrator.CINDY.000\Cookies
2008-06-09 15:06:28 0 dr-h----- C:\Documents and Settings\Administrator.CINDY.000\Application Data
2008-06-09 15:06:28 0 d-------- C:\Documents and Settings\Administrator.CINDY.000\Application Data\Sun
2008-06-09 15:06:28 0 d-------- C:\Documents and Settings\Administrator.CINDY.000\Application Data\Real
2008-06-09 15:06:28 0 d---s---- C:\Documents and Settings\Administrator.CINDY.000\Application Data\Microsoft
2008-06-09 15:06:28 0 d-------- C:\Documents and Settings\Administrator.CINDY.000\Application Data\Jasc Software Inc
2008-06-09 15:06:28 0 d-------- C:\Documents and Settings\Administrator.CINDY.000\Application Data\Identities
2008-06-09 15:06:27 0 d--h----- C:\Documents and Settings\Administrator.CINDY.000\Templates
2008-06-09 15:06:27 0 dr------- C:\Documents and Settings\Administrator.CINDY.000\Start Menu
2008-06-09 15:06:27 0 dr-h----- C:\Documents and Settings\Administrator.CINDY.000\SendTo
2008-06-09 15:06:27 0 dr-h----- C:\Documents and Settings\Administrator.CINDY.000\Recent
2008-06-09 15:06:27 0 d--h----- C:\Documents and Settings\Administrator.CINDY.000\PrintHood
2008-06-09 15:06:27 0 d--h----- C:\Documents and Settings\Administrator.CINDY.000\NetHood
2008-06-09 15:06:27 0 dr------- C:\Documents and Settings\Administrator.CINDY.000\My Documents
2008-06-09 15:06:27 0 d--h----- C:\Documents and Settings\Administrator.CINDY.000\Local Settings
2008-06-09 15:06:26 786432 --ah----- C:\Documents and Settings\Administrator.CINDY.000\NTUSER.DAT
2008-06-06 12:10:09 0 d-------- C:\Documents and Settings\CL CLEANING\Application Data\PC Tools
2008-06-06 12:09:38 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 12:09:30 0 d-------- C:\Program Files\Common Files\PC Tools
2008-06-06 12:09:23 0 d-------- C:\Program Files\PC Tools AntiVirus
2008-06-06 12:09:23 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-04 15:57:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-06-28 10:58:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-28 09:22:07 0 d-------- C:\Program Files\Java
2008-06-26 17:20:09 0 d-------- C:\Program Files\Common Files
2008-06-25 15:42:44 0 d-------- C:\Program Files\Online Services
2008-06-25 15:42:44 0 d-------- C:\Program Files\America Online 9.0a
2008-06-25 15:42:44 0 d-------- C:\Program Files\America Online 9.0
2008-06-24 18:55:11 0 d-------- C:\Program Files\NetZero
2008-06-04 15:58:30 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-04 15:58:26 0 d-------- C:\Documents and Settings\CL CLEANING\Application Data\SUPERAntiSpyware.com
2008-05-31 18:43:39 0 d-------- C:\Documents and Settings\CL CLEANING\Application Data\AdobeUM
2008-05-31 18:41:06 0 d-------- C:\Program Files\Common Files\AOL


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/06/2003 11:19 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/06/2003 11:07 PM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 07:12 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [08/26/2003 06:47 PM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [10/06/2003 09:05 AM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/20/2004 08:40 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1146774055\ee\AOLSoftware.exe" [04/12/2007 03:23 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [06/18/2003 11:00 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"AOL Fast Start"="C:\Program Files\America Online 9.0a\AOL.exe" [07/12/2005 05:17 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\CL CLEANING\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 8:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 8:00:00 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot




-- End of Deckard's System Scanner: finished at 2008-06-28 18:42:23 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.66GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 254 MiB / 80.43 MiB
Pagefile Memory (total/avail): 625.13 MiB / 372.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1946.67 MiB

C: is Fixed (NTFS) - 37.21 GiB total, 26.81 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75DEA0 - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: PC Tools AntiVirus 4.0.0.26 v4.0.0.26 (PC Tools Research Pty Ltd)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\CL CLEANING\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CINDY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\CL CLEANING
LOGONSERVER=\\CINDY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CLCLEA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\CLCLEA~1\LOCALS~1\Temp
USERDOMAIN=CINDY
USERNAME=CL CLEANING
USERPROFILE=C:\Documents and Settings\CL CLEANING
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

CL CLEANING (admin)
CALEB (admin)
Administrator.CINDY.000 (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\PC Tools AntiVirus\unins000.exe /LOG
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AOL Coach Version 1.0(Build:20030807.3) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Connectivity Services --> "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Deskbar --> "C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Banctec Service Agreement -->
Banctec Service Agreement -->
Broadcom Management Programs -->
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Business Contact Manager for Outlook 2003 --> MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Networking Guide -->
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
EarthLink MDAC -->
Help and Support Customization -->
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lernout & Hauspie TruVoice for Microsoft Agent --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\cgminst.inf, RemoveCgram
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft XML Parser -->
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
MSSoap -->
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
PC Tools AntiVirus4.0 --> "C:\Program Files\PC Tools AntiVirus\unins000.exe"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebFldrs XP -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type9466 / Error
Event Submitted/Written: 06/28/2008 06:37:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module dss.dll, version 0.0.0.0, fault address 0x00002120.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type9465 / Error
Event Submitted/Written: 06/28/2008 06:34:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module dss.dll, version 0.0.0.0, fault address 0x00002120.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type9464 / Error
Event Submitted/Written: 06/28/2008 06:32:59 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module dss.dll, version 0.0.0.0, fault address 0x00002120.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type9463 / Error
Event Submitted/Written: 06/28/2008 06:30:53 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss[1].exe, version 3.2.8.1, faulting module dss.dll, version 0.0.0.0, fault address 0x00002120.
Processing media-specific event for [dss[1].exe!ws!]

Event Record #/Type9462 / Error
Event Submitted/Written: 06/28/2008 06:28:48 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss[1].exe, version 3.2.8.1, faulting module dss.dll, version 0.0.0.0, fault address 0x00002120.
Processing media-specific event for [dss[1].exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8387 / Error
Event Submitted/Written: 06/28/2008 00:03:53 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.

Event Record #/Type8254 / Error
Event Submitted/Written: 06/27/2008 07:39:33 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type8253 / Error
Event Submitted/Written: 06/27/2008 06:59:44 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
ssmdrv
Tcpip
WS2IFSL

Event Record #/Type8252 / Error
Event Submitted/Written: 06/27/2008 06:59:44 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type8251 / Error
Event Submitted/Written: 06/27/2008 06:59:44 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-06-28 18:42:23 ------------
heat123
Regular Member
 
Posts: 26
Joined: June 26th, 2008, 10:41 am

Re: please examine hjt log slow/good amount of pop-ups

Unread postby heat123 » June 28th, 2008, 7:56 pm

Hi hope you are doing well. Did I do the Deckard's system scanner reports right?
heat123
Regular Member
 
Posts: 26
Joined: June 26th, 2008, 10:41 am

Re: please examine hjt log slow/good amount of pop-ups

Unread postby mjq424 » June 30th, 2008, 5:01 am

Hi
I see no malware in your logs :D
However, from the log it appears that you only have 256MB RAM installed on your system, this will have a massive impact on system performance. In addition to this I think there may be a System/Hardware problem on your PC so I suggest you get some expert help:

Good System/Hardware Help Forums
GeekstoGo here: http://www.geekstogo.com/forum/Windows- ... NT-f5.html
or
Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/

All may require you to register free before posting for help. The System/Hardware help site will be interested in the DSS log that you have posted.
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK

Re: please examine hjt log slow/good amount of pop-ups

Unread postby heat123 » June 30th, 2008, 7:52 am

Hi I got your reply you said early in a reply you would recommend some antivirus protection etc. programs. Can you please do that? THANKS FOR ALL YOUR HELP!
heat123
Regular Member
 
Posts: 26
Joined: June 26th, 2008, 10:41 am

Re: please examine hjt log slow/good amount of pop-ups

Unread postby heat123 » June 30th, 2008, 10:17 am

Specifically what do you think the hardware problem is?
heat123
Regular Member
 
Posts: 26
Joined: June 26th, 2008, 10:41 am

Re: please examine hjt log slow/good amount of pop-ups

Unread postby mjq424 » July 1st, 2008, 10:16 am

Hi
I'm afraid I don't specifically know what the hardware problem may be, which is why I suggest you visit one of the forums I listed before.

Here are some free programs I recommend that could help you improve your computer's security.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Download BlueTack's HOSTS Manager here, using Internet Explorer (Firefox won't work):
http://www.bluetack.co.uk/forums/index.php?act=dscript&CODE=showdetails&f_id=5
A short distance down the page in the center, click on the Download button.
Agree to the license.
On the next page, to the right side of where it says Download Estimates, right click on the underlined word "Hosts Manager" choose "Save Target As" and download the installer Hosts20setup.exe to your desktop.
Double click the Installer on your desktop and let it Install the Hosts Manager

After the installation is complete, click on the Hosts Manager icon on your desktop. (You can right click/delete the other Hosts Switch icon from your desktop).
When the Hosts Manager comes up, click the small down arrows on the Right side of the bar labeled "Options and Tools",
Click Disable DNS Service. This is important
In the Left Pane, click Download.
It will load 70,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save.
You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.

If you have a separate third party Firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note 1: If you are running Windows XP SP2, you should upgrade to SP3.
Note 2: Users of Norton Internet Security 2008 should uninstall the software before they install Service Pack 3.
The security suite can then be reinstalled afterwards.

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 15 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware