Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Laptop has massive problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Laptop has massive problems

Unread postby dan12 » February 16th, 2009, 3:41 pm

There are TONS of files in that My Backup folder...Program Files and Windows folders.


Can you right click that folder click properties and let me know what size were talking about, can you not move that folder (My Backup folder) to some portable media.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 16th, 2009, 5:20 pm

The entire folder is 15.4 GB. Obviously too big for a CD, which is the only portable media option I have. I'm just a simple mom...I have nothing fancy here.
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: Laptop has massive problems

Unread postby dan12 » February 16th, 2009, 5:56 pm

Download and Run Sysclean

  • Create a folder on your desktop called Sysclean.
  • Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.
  • Go to http://www.trendmicro.com/download/pattern.asp and download the Virus Pattern File (Official Pattern Release) to your desktop.
    This file will be called lptXXX.zip (XXX represents the version number)
  • Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX. Read here how to unzip/extract properly.
  • Move the lpt$vpn.XXX to the Sysclean-folder you created on your desktop.
  • Open the sysclean-folder and doubleclick sysclean.com.
  • Check: "Automatically clean or delete detected files".
  • Click scan.
Open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 17th, 2009, 12:39 pm

Ok, it took 5 hours to run that, so sorry for the slow response. Here is the log. Let me know when you want me to attempt the Panda Virus scan again. I've cleaned off what files I know I know I don't need already. It's just that MyBackup folder that I don't think I need, but...I'm leaving it along. Anyway, here's the sysclean log:



/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006-2007, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2009-02-16, 21:52:23, Auto-clean mode specified.
2009-02-16, 21:52:29, Initialized Rootkit Driver version 2.2.0.1004.
2009-02-16, 21:52:29, Running scanner "C:\Documents and Settings\Sheets Family\Desktop\Sysclean\TSC.BIN"...
2009-02-16, 21:54:00, Scanner "C:\Documents and Settings\Sheets Family\Desktop\Sysclean\TSC.BIN" has finished running.
2009-02-16, 21:54:00, TSC Log:

ÿþD a m a g e C l e a n u p E n g i n e ( D C E ) 6 . 0 ( B u i l d 1 0 6 4 )


W i n d o w s X P ( B u i l d 2 6 0 0 : S e r v i c e P a c k 3 )




S t a r t t i m e : M o n F e b 1 6 2 0 0 9 2 1 : 5 2 : 3 6





L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ D o c u m e n t s a n d S e t t i n g s \ S h e e t s F a m i l y \ D e s k t o p \ S y s c l e a n \ T M R D C T . p t n " ( v e r s i o n ) [ f a i l ]


L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ D o c u m e n t s a n d S e t t i n g s \ S h e e t s F a m i l y \ D e s k t o p \ S y s c l e a n \ t s c . p t n " ( v e r s i o n 1 0 1 0 ) [ s u c c e s s ]





C o m p l e t e t i m e : M o n F e b 1 6 2 0 0 9 2 1 : 5 4 : 0 0


E x e c u t e p a t t e r n c o u n t ( 3 0 3 3 ) , V i r u s f o u n d c o u n t ( 0 ) , V i r u s c l e a n c o u n t ( 0 ) , C l e a n f a i l e d c o u n t ( 0 )





2009-02-16, 21:54:00, Running scanner "C:\Documents and Settings\Sheets Family\Desktop\Sysclean\VSCANTM.BIN"...
2009-02-17, 03:30:31, Scanner "C:\Documents and Settings\Sheets Family\Desktop\Sysclean\VSCANTM.BIN" has finished running.
2009-02-17, 03:30:31, VSCANTM Log:

2009-02-17, 03:30:31, Files Detected:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 2/16/2009 21:54:01
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 847 (365755/365755 Patterns) (2009/02/15) (584700)

Command Line: C:\Documents and Settings\Sheets Family\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=C:\Documents and Settings\Sheets Family\Desktop\Sysclean\lpt$vpn.847

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_UACdoympqjw_.sys.zip (1/1 Viruses Found)
175622 files have been read.
175622 files have been checked.
175411 files have been scanned.
332764 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At: 2/17/2009 03:30:31 5 hours 36 minutes 29 seconds (20189.14 seconds) has elapsed.(114.958 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-02-17, 03:30:31, Files Clean:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 2/16/2009 21:54:01
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 847 (365755/365755 Patterns) (2009/02/15) (584700)

Command Line: C:\Documents and Settings\Sheets Family\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=C:\Documents and Settings\Sheets Family\Desktop\Sysclean\lpt$vpn.847

175622 files have been read.
175622 files have been checked.
175411 files have been scanned.
332764 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At: 2/17/2009 03:30:31 5 hours 36 minutes 29 seconds (20189.14 seconds) has elapsed.(114.958 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-02-17, 03:30:31, Clean Fail:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 2/16/2009 21:54:01
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 847 (365755/365755 Patterns) (2009/02/15) (584700)

Command Line: C:\Documents and Settings\Sheets Family\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=C:\Documents and Settings\Sheets Family\Desktop\Sysclean\lpt$vpn.847

175622 files have been read.
175622 files have been checked.
175411 files have been scanned.
332764 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At: 2/17/2009 03:30:31 5 hours 36 minutes 29 seconds (20189.14 seconds) has elapsed.(114.958 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: Laptop has massive problems

Unread postby dan12 » February 17th, 2009, 1:13 pm

Can you give me the file path to the "MyBackup folder" again right click folder right click properties and copy and paste the path.
It may well be C:\Documents and Settings\Sheets Family\Desktop\MyBackup I just want to check.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 17th, 2009, 1:39 pm

It's C:\My Backup -- 07-03-08 0857PM
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: Laptop has massive problems

Unread postby dan12 » February 17th, 2009, 2:19 pm

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir
    C:\My Backup -- 07-03-08 0857PM


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

post the txt,if large you may need several posts
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 17th, 2009, 2:32 pm

That was quick and easy. Here you go:

SystemLook v1.0 by jpshortstuff (11.02.09)
Log created at 12:31 on 17/02/2009 by Sheets Family (Administrator - Elevation successful)

========== dir ==========

C:\My Backup -- 07-03-08 0857PM - Parameters: "(none)"

---Files---
Boot.BAK --ah-- 354 bytes <21:37 03/02/2007> <21:37 03/02/2007>
Boot.ini.saved -rahs- 354 bytes <23:12 03/02/2007> <00:02 04/02/2007>
bootmgr -rahs- 438840 bytes <21:37 03/02/2007> <09:53 02/11/2006>
IO.SYS -rahsc 0 bytes <18:04 26/08/2004> <18:04 26/08/2004>
MSDOS.SYS -rahsc 0 bytes <18:04 26/08/2004> <18:04 26/08/2004>
NTDETECT.COM -rahs- 47564 bytes <16:12 26/08/2004> <19:00 04/08/2004>
ntldr -rahs- 250032 bytes <16:12 26/08/2004> <19:00 04/08/2004>
USER -rahs- 2 bytes <19:19 28/12/2006> <19:19 28/12/2006>

---Folders---
$Recycle.Bin d--hs- <11:17 02/11/2006>
Boot d--hs- <21:37 03/02/2007>
Config.Msi d--h-- <00:56 09/01/2007>
Documents and Settings d--hs- <13:02 02/11/2006>
f3363735b4d4cd2fd7d7f50b d----- <09:01 10/01/2007>
MSOCache dr-h-- <22:29 28/12/2006>
Program Files dr---- <11:18 02/11/2006>
ProgramData d--h-- <11:18 02/11/2006>
RECYCLER d----- <22:49 03/02/2007>
Users dr---- <11:18 02/11/2006>
Windows d----- <11:18 02/11/2006>

-=End Of File=-
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: Laptop has massive problems

Unread postby dan12 » February 18th, 2009, 12:41 am

Hi,
I have given "C:\my backups" quite a bit of thought,hence my delay in posting to you. I'm very reluctant to delete that folder,there are files that are vital to a system's ability to boot up, e.g., ntldr, bootmgr, Boot.ini.
Normally, when you create a back-up, it consists of data files and system settings, favorites and maybe e-mail.
When one does a back-up or an image, it would in my opinion not be placed in the root of a drive as that would defeat the whole purpose of a back up.
You stated that you moved the entire folder from your other computer.
It looks like you may have moved a little bit more than just the Program Files folder.
It appears as though you may well have moved the entire contents of the root drive of your old computer to a folder on the root drive of your current computer.

I was a little concerned when you received a message that bootmgr.exe.mui is in use.I have no idea why that file would be in use, or if the current system is utilizing files from that folder in order to boot up, hence my reluctance to remove it.
Your old computer may have been a Windows 98 machine. If so, those files are from an older Fat32 file system, not XP, not NTFS.Therefore your system is a bit confused about which set of files are running the show, that may explain why there's been some difficulty performing scans, being caused by the large number of files that you have on your system.

My best advice for the future would be to be backing up (data only!) and reformatting the HD and doing a clean install of the operating system in the near future. Ultimately, that may be the only way, without borking the system, that you can have a properly running computer that's not being bogged down by gigabytes of unnecessary files.

I will post soon to tidy up tools used on the machine during the malware removal.
Regards dan



edit typo error
Last edited by dan12 on February 18th, 2009, 1:12 am, edited 1 time in total.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 18th, 2009, 12:53 am

Ok. I had a feeling that's what you would probably suggest in the end, so I was prepared for such. I'll look for my XP cd over the next few days and do that someday. :)
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: Laptop has massive problems

Unread postby dan12 » February 18th, 2009, 4:40 am

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.


  • Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.


Let me know when done and post one more HJT log.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 18th, 2009, 9:32 pm

Done. Here is the latest HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:04 PM, on 2/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sheets Family\Desktop\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/a ... Atchmt.ocx
O20 - AppInit_DLLs:
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10269 bytes
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 18th, 2009, 11:17 pm

By the way, I've found my recovery disk and have backed up my files (data only :) ) and am ready to re-format anytime you give me the go ahead.
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: Laptop has massive problems

Unread postby dan12 » February 19th, 2009, 4:01 am

Fix ths line in HJT

O20 - AppInit_DLLs:


--------------------------

As far as malware goes on this machine we are done. My closing speech will assist you in keeping sucure for the future.
Now you have decided to reformat I can only point you to some advice as my area of expertice is only malware.
You can read about reformatting here:

Reformatting windows xp



-------------------------

You don't need to put all of these programs on your system unlike your Antivirus and firewall of which you can only have one of each.
However you can have several Antimalware programs

Congratulations you are clean! :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Create a new System Restore Point
This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6.2
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
Find here changes from older version 1.4 here

Install Spyware Guard
Download it from here
Find here the tutorial on how to use Spyware Guard here

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article here

Read some information here how to prevent Malware.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions.

>> Here << you can see how you can help us.

Happy safe surfing!

Dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Laptop has massive problems

Unread postby ndmmxiaomayi » February 23rd, 2009, 8:23 am

As this issue appears to be resolved, this topic is now closed.

If you require help, please start a new topic in the Malware Removal forum and wait for a helper to assist you.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations for Malware Removal.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware