Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

A HijackThis log and related information about problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

A HijackThis log and related information about problems

Unread postby Eagle » February 23rd, 2010, 11:37 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:34 PM, on 2/23/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 8646850718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8646834468
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 7603 bytes
_____________________________________________________________________
SYSTEM INFORMATION:
Dell Precision 340 Workstation
_______________________________________
Windows 2000 Professional
5.00.2195
Service Pack 4
_______________________________________
Mozilla FireFox
Version: 3.6
_______________________________________
Internet Explorer
Version: 6.0.2800.1106
_______________________________________
ESET NOD32 Antivirus 4.0.467.0
_______________________________________
SUPERAntiSpyware
_______________________________________
Malwarebytes' Anti-Malware
_______________________________________
SpywareBlaster
version 4.2
_______________________________________
SpyBot
version: 1.6.2.46
______________________________________________________________
Hi:
My system appears to be repeatedly infected.
Please see the following images of "Spybot" and "SpywareBlaster" results:

Image

Image

I typically start by opening "HostsXpert" version 4.3. I then click on: "Make Writeable?"
Then I start Spybot Search and destroy.
After seeing there are problems (Please, see the image above) ........I then click on "Immunize". It then appears to solve the problems.
-------------------------------- and or ----------------------------------
Then I start SpywareBlaster and I see there are problems. (Please, see the image above): I enable all protection and or (on two occasions) check boxes on the custom list.
After doing the above the problems appear to be solved.
Then, I click on "Make read only" in "HostXpert".
However, after re-starting the computer the problems appear to be returning.
Please provide me with Step by Step Instructions that a computing Novice can follow in order to understand and fix these problems.
Thank you in advance.
Eagle
Active Member
 
Posts: 11
Joined: September 27th, 2009, 5:47 pm
Advertisement
Register to Remove

Re: A HijackThis log and related information about problems

Unread postby MWR 3 day Mod » February 27th, 2010, 12:54 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: A HijackThis log and related information about problems

Unread postby Wingman » February 28th, 2010, 12:23 pm

Hello... Eagle ... Welcome to the forum.

I apologize for the delay getting to your log but as you can see the forum is very busy.

My name is Wingman, and I'll be helping you with any malware problems.
The logs I request can take a while to research, so please be patient.

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. DO NOT run any other fix or removal tools unless instructed to do so!
  3. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
HJT - Uninstall Manager Log
    Please run HijackThis Located in: C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
      If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  1. From the Main Menu...Press the "Open the Misc Tools"...button.
  2. Press the "Open Uninstall Manager... button.
  3. Press only the Save List...button.
  4. Press the "Save" button. The file "uninstall_list.txt" will be saved in your HJT folder.
  5. Copy and paste the contents of "uninstall_list.txt' in your next reply.

Step 2.
Please include in your next reply:
  1. HJT uninstall_list.txt file contents
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14115
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: A HijackThis log and related information about problems

Unread postby Wingman » February 28th, 2010, 8:13 pm

Hi Eagle,
You asked:
I already have a shortcut icon to HijackThis located on my desktop. Is it OK to run it from there?
When HJT fixes anything, it makes backups, in the folder where (hijackthis.exe) it's located. If your "shortcut" points to:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe... which is where your log says HJT is located... then it would be fine to use the shortcut. Thanks for double checking. It's always best to ask first, then to try to "recover" later. :)
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14115
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: A HijackThis log and related information about problems

Unread postby Eagle » February 28th, 2010, 9:47 pm

To: Wingman (Mike)
Hi,
There have been changes since I ran HijackThis (as posted on this web forum)........Just out of curiosity.....Do you want me to run HijackThis again and post the results?
Following is the list you requested.:

ACDSee 5.0 PowerPack
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Ahead Nero Burning ROM
AI RoboForm (All Users)
Apple Software Update
Canon Camera Support Core Library
Canon Camera TWAIN Driver 6.6
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon ScanGear Toolbox CS 2.2
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CCleaner
DirectX 9 Hotfix - KB839643
Diskeeper Professional Edition
ERUNT 1.1j
ESET Online Scanner v3
FastStone Image Viewer 3.9
HijackThis 2.0.2
Hotfix for MDAC 2.53 (KB927779)
Hotfix for Microsoft .NET Framework 2.0 Service Pack 1 (KB953300)
Hotfix for Microsoft .NET Framework 2.0 Service Pack 1 (KB971110)
hp LaserJet 2300 Uninstaller
Java(TM) 6 Update 17
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NVIDIA Windows 2000/XP Display Drivers
Online Armor 3.1
QuickTime
Rosetta Stone Version 3
Security Update for DirectX 9 (KB941568)
Security Update for DirectX 9 (KB951698)
Security Update for DirectX 9.0 (KB971633)
Security Update for DirectX 9.0 (KB975560)
Security Update for DirectX 9.0 (KB976138)
Security Update for DirectX 9.0b (KB961373)
Security Update for Windows 2000 (KB941569)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 6.4 (KB954600)
Security Update for Windows Media Player 6.4 (KB974112)
Security Update for Windows Media Player 7.1 (KB936782)
Shipping Assistant 3.6
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Ulead GIF Animator 5
Update Rollup 1 for Windows 2000 SP4
VideoLAN VLC media player 0.8.5
ViewSonic Monitor Drivers
Windows 2000 Hotfix - KB833407
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923561
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB933729
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Hotfix - KB936021
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938127
Windows 2000 Hotfix - KB938464
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB941202
Windows 2000 Hotfix - KB941568
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB941693
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944338
Windows 2000 Hotfix - KB945553
Windows 2000 Hotfix - KB947864
Windows 2000 Hotfix - KB948590
Windows 2000 Hotfix - KB948881
Windows 2000 Hotfix - KB950749
Windows 2000 Hotfix - KB950759
Windows 2000 Hotfix - KB950760
Windows 2000 Hotfix - KB950974
Windows 2000 Hotfix - KB951066
Windows 2000 Hotfix - KB951748
Windows 2000 Hotfix - KB951748-V2
Windows 2000 Hotfix - KB952004
Windows 2000 Hotfix - KB952954
Windows 2000 Hotfix - KB953838
Windows 2000 Hotfix - KB953839
Windows 2000 Hotfix - KB954211
Windows 2000 Hotfix - KB955069
Windows 2000 Hotfix - KB955759
Windows 2000 Hotfix - KB956390
Windows 2000 Hotfix - KB956391
Windows 2000 Hotfix - KB956802
Windows 2000 Hotfix - KB956844
Windows 2000 Hotfix - KB957095
Windows 2000 Hotfix - KB957097
Windows 2000 Hotfix - KB958215
Windows 2000 Hotfix - KB958470
Windows 2000 Hotfix - KB958644
Windows 2000 Hotfix - KB958687
Windows 2000 Hotfix - KB958690
Windows 2000 Hotfix - KB958869
Windows 2000 Hotfix - KB959426
Windows 2000 Hotfix - KB960225
Windows 2000 Hotfix - KB960714
Windows 2000 Hotfix - KB960715
Windows 2000 Hotfix - KB960803
Windows 2000 Hotfix - KB960859
Windows 2000 Hotfix - KB961371
Windows 2000 Hotfix - KB961371-V2
Windows 2000 Hotfix - KB961501
Windows 2000 Hotfix - KB963027
Windows 2000 Hotfix - KB967715
Windows 2000 Hotfix - KB968537
Windows 2000 Hotfix - KB969059
Windows 2000 Hotfix - KB969897
Windows 2000 Hotfix - KB969898
Windows 2000 Hotfix - KB969947
Windows 2000 Hotfix - KB970238
Windows 2000 Hotfix - KB971468
Windows 2000 Hotfix - KB971486
Windows 2000 Hotfix - KB971557
Windows 2000 Hotfix - KB971961
Windows 2000 Hotfix - KB972260
Windows 2000 Hotfix - KB972270
Windows 2000 Hotfix - KB973346
Windows 2000 Hotfix - KB973354
Windows 2000 Hotfix - KB973507
Windows 2000 Hotfix - KB973525
Windows 2000 Hotfix - KB973869
Windows 2000 Hotfix - KB973904
Windows 2000 Hotfix - KB974318
Windows 2000 Hotfix - KB974392
Windows 2000 Hotfix - KB974455
Windows 2000 Hotfix - KB974571
Windows 2000 Hotfix - KB976325
Windows 2000 Hotfix - KB976749
Windows 2000 Hotfix - KB977165
Windows 2000 Hotfix - KB977914
Windows 2000 Hotfix - KB978037
Windows 2000 Hotfix - KB978207
Windows 2000 Hotfix - KB978251
Windows 2000 Hotfix - KB978262
Windows 2000 Hotfix - KB978706
Windows Installer 3.1 (KB893803)
Windows Media Player 7.1
Windows Media Player Hotfix [See Q828026 for more information]
WinRAR archiver
WinZip

Regards, Eagle
Image
Eagle
Active Member
 
Posts: 11
Joined: September 27th, 2009, 5:47 pm

Re: A HijackThis log and related information about problems

Unread postby Wingman » March 1st, 2010, 8:24 am

Hello Eagle,
If there have been changes, yes please post a new HJT log... see instruction below. For the future reference:
Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please tell me is this machine used for business purposes, personal use or both?

Step 1.
ERUNT - Emergency Recovery Utility NT
Please run this again, as changes may have occurred between the last run and now. Better to be safe than to be sorry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Malwarebytes' Anti-Malware
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
  2. Press the Update tab.. then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.
Step 3.
Post a New HJT Log
  1. Run HijackThis
    • If you are on the "scan & fix stuff" page... Press the Main Menu...button.
  2. On the Main Menu...click on the "Do a system scan and save a Log file"...button.
  3. When the scan is finished... Notepad will open with a saved log file called "hijackthis.log"
  4. Paste the contents of hijackthis.log file in your next reply.
Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Computer use: business, personal or both?,
  3. MBAM scan results.
  4. New HJT log.
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14115
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: A HijackThis log and related information about problems

Unread postby Eagle » March 1st, 2010, 6:16 pm

To: Wingman (Mike):
Hi:
Thank you for your timely reply.
I have a shortcut icon for "ERUNT" on my desk top............................................................
1) Is it OK for me to double left click on that in order to run "ERUNT"?
You wrote:
Computer use: business, personal or both?

2) I'm a bit confused..........Why this is being asked?
Regards,
Eagle
Image
Eagle
Active Member
 
Posts: 11
Joined: September 27th, 2009, 5:47 pm

Re: A HijackThis log and related information about problems

Unread postby Wingman » March 1st, 2010, 7:03 pm

Hello Eagle,

Yes, it is OK for you to use the shorcut you have for Erunt.
If you have a shorcut for MBAM you may also, use it... just make sure you check for updates before running the scan.

I ask about the computer use, based on what I have seen in your logs.
There are specific rules about working on a computer used for business purposes. So please let me know if this machine is used for business purposes.

Please include in your next reply:
  1. Any problem executing the instructions?
  2. Computer use: business, personal or both?
  3. MBAM scan results.
  4. New HJT log.
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14115
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: A HijackThis log and related information about problems

Unread postby Eagle » March 2nd, 2010, 1:43 am

To: Wingman (Mike):
Thanks again for your timely reply.
Before we get started......I’m a bit confused by something you wrote:

I ask about the computer use, based on what I have seen in your logs.
Exactly what does that mean?
_______________________________________________________________________
Step 1.
I ran “ERUNT” and the data was stored at the following:
C:\WINNT\ERDNT\3-1-2010
1) Is that OK?

_______________________________________________________________________
Step 2.
Malwarebytes' Anti-Malware:
I ran a full scan on both C:\ and D:\ hard drives as using “Malwarebytes' Anti-Malware”.
Following is an image of the initial results:

Image
You wrote:
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
I don’t understand.......
2) What does this mean?
Please note: I did not see: “C:\System Volume Information folder”.
Therefore, I left all of the boxes checked and re-started the computer.
Then, as a safety measure I ran another scan using “Malwarebytes” in order to learn if the problems re-appeared.

Following are the results following the second scan using “Malwarebytes”:
Malwarebytes' Anti-Malware 1.44
Database version: 3811
Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

3/2/2010 12:01:38 AM
mbam-log-2010-03-02 (00-01-38).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 195352
Time elapsed: 58 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_______________________________________________________________________
Step 3.
You wrote:
If you are on the "scan & fix stuff" page... Press the Main Menu...button.
Please note: This is a confusing instruction. Only by luck was I able to (eventually) locate the “Main Menu” button.

New HJT Log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:49 AM, on 3/2/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 8646850718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8646834468
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 7658 bytes
_______________________________________________________________________
Step 4.
You asked:
Computer use: business, personal or both?
Answer: Kind of a combination I guess as I’m a volunteer for a grass roots tiny program that’s essentially run out of a bedroom.
I hope that answers your question. If not: Please, re phrase your question.

You asked:
How is the computer behaving?
Answer: Please see the following images:

Please note: I (again) ran Spybot Search and Destroy as well as SpywareBlaster and the following images show the results:

Image

Image

Regards,
Eagle

Image
Eagle
Active Member
 
Posts: 11
Joined: September 27th, 2009, 5:47 pm

Re: A HijackThis log and related information about problems

Unread postby Wingman » March 2nd, 2010, 12:17 pm

Hello Eagle,

Thank you for answering my question regarding the use of the computer.

Are you saying that you have a problem because Spybot Immunization process shows it is covering the Firefox entries... but when you run SpywareBlaster the Firefox entries don't appear to be updated or included in the protection?
If so, let me try to explain...

Spybot's Immunization feature updates the HOSTS file, with web site entries that are known bad sites.
With the entries in the HOSTS file, if you attempt to open a "target" web address, found in the HOSTS it will basically causes you to see a message that your browser couldn't open the page.

SpywareBlaster updates the "Restricted Zone" entries, found in the Internet Options, under the Security tab. This is entirely different than the Spybot Immunization. It involves a totally different set of protection parameters, found in the system registry.

Updating one of these processes, has no bearing on what will be reflected in the other. Both essentially offer similar protection, from known bad web sites... but are accessed and processed differently.
It's very possible that Spybot's TeaTimer process is preventing the SpywareBlaster process from updating the Internet Options.
From the Spybot site:
In addition, TeaTimer detects when something wants to change some critical registry keys. TeaTimer can protect you against such changes again giving you an option: You can either Allow or Deny the change.
As SpywareBlaster attempt to update the system registry, there could be conflicts. Please turn TeaTimer protection OFF and then "download latest protection updates" with SpywareBlaster and enable all protection. See if this causes the Firefox entries to be included.

FYI: I have Spybot on one of my computers and run the Immunization process. I don't need to run the HostsXpert process to make the HOSTS file accessible. I believe Spybot handles that (read-only) condition on it's own.

Let me know if this is what you are seeing and if I explained things well enough.

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14115
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: A HijackThis log and related information about problems

Unread postby Eagle » March 2nd, 2010, 9:05 pm

To: Wingman (Mike):
Hi:
Thanks again for your timely reply. Sadly there appears to have been a miscommunication as my questions were left unanswered.
I (eventually found) “Tea Timer” inside of “Spybot”. (Please note: Detailed instructions clearly explaining exactly how-to accomplish a task would have saved me a lot of time and stress.)
I opened "Spybot, Search and Destroy" and then I then changed from "Default mode" to "Advanced mode".
Then, I clicked (On the left side) on "Resident".
Then inside of the "Resident protection status" area..........I unchecked the box next to:
[Resident "Tea Timer" (Protection of over-all system settings) active.]
Then, I opened “SpywareBlaster” and clicked on “Enable all protection”.
Then, I re-opened “Spybot” and re-enabled the “Tea Timer”.
Please note: While looking inside of “Spybot” -- “Tools” section……..I noticed that the box next to “Hosts File” was empty (No checkmark inside of that box). Is that OK?
Please note: I’ve been running both “Spybot” and “SpywareBlaster” on this machine
for a while as without any apparent problems. It appears that the computer has recently became infected…………..Otherwise, Why is this suddenly occurring?
Please note: I did my best to understand and follow your instructions; However, I experienced difficulty fully understanding your prior explanation and or instructions.
In conclusion: The above actions have sadly (apparently) failed to solve the aforementioned problems or issues.
Regards,
Eagle

Image
PS. I usually update all of the aforementioned programs on a daily basis.
Eagle
Active Member
 
Posts: 11
Joined: September 27th, 2009, 5:47 pm

Re: A HijackThis log and related information about problems

Unread postby Wingman » March 3rd, 2010, 10:48 am

Hello Eagle,
Let me try to answer your questions:
Eagle wrote:Before we get started......I’m a bit confused by something you wrote:
I ask about the computer use, based on what I have seen in your logs.
Exactly what does that mean?
I saw the program: Shipping Assistant 3.6 ... Which could be used by a business or company. As I stated earlier, we have policies about working on business machines. I hope that answers your question.
Eagle wrote:
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
I don’t understand.......
2) What does this mean?
Please note: I did not see: “C:\System Volume Information folder”.
I'm sorry if this confused you... it is meant to make sure the person running the scan does not remove any entries (if found) located in the System Information folder. This is where (in Windows XP version and up) the System Restore Point files are stored. As you are using an older version of Windows, there are no "System Restore" entries... so this line should have been adjusted to say:
Check all items... then click on Remove Selected.
Eagle wrote:(Please note: Detailed instructions clearly explaining exactly how-to accomplish a task would have saved me a lot of time and stress.)
I apologize, I will attempt to do a better job.
Eagle wrote:Please note: While looking inside of “Spybot” -- “Tools” section……..I noticed that the box next to “Hosts File” was empty (No checkmark inside of that box). Is that OK?
That's fine. The option is there if you want to see the contents of the HOSTS file, as it indicates.
Eagle wrote:Please note: I’ve been running both “Spybot” and “SpywareBlaster” on this machine for a while as without any apparent problems. It appears that the computer has recently became infected…………..Otherwise, Why is this suddenly occurring?
That's what we are attempting to find out. We need to see if there is any signs of malware present, that could be causing any problems.

OK... Let's check your system with some scans.

Please print these instructions... you may be asked to reboot your machine during some of these steps!.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Please run this again, as changes may have occurred between the last run and now. Better to be safe than to be sorry.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
MS Malicious Software Removal Tool (MSRT)
Please download the MS Malicious Software Removal Tool (Press the Download button) and save it to your Desktop.
  1. Double click on the windows-kb890830.vx.x.exe file to begin the process. (vx.x = a version number as part of the file name).
    If prompted with "Do you want to run this file?" Please run it. Otherwise it should start automatically.
    The process will begin... eventually (less than 1 minute) you will see the "Welcome to the Microsoft Malicious Software Removal Tool" window.
  2. Press the Next> button.
  3. Choose Quick scan (the default) and press the Next> button.
    The scanning process will begin, showing files being scanned and a progress bar. Be patient and let the scan finish.
    When the detection and removal process is complete, the tool displays a window describing the outcome.
    Regardless of the scan results... the report will be saved to the file "C:\WINDOWS\Debug\mrt.log". If MSRT has been run before, the current report information will be added or appended to the existing file.
  4. Double click on the mrt.log file to open it in Notepad or other text editor. Scroll to the end of the log.
  5. Copy and paste the most recent scan results (most recent date) and post them in your next reply.

Step 3.
BitDefender - Online Scan
Please go to the Bitdefender website to perform an online scan.
  1. Click on Start Scanner... check the I Agree to the Terms and Conditions box... then press Start Here.
  2. You will be prompted to install BitDefender software... an ActiveX component. Please allow it and install it.
  3. Click on Folders to Scan
    • Check the Desktop box.
    • Under My Computer... you may have to click on the (+) sign to expand... UNCHECK the following:
      • Floppy Drive, if applicable
      • CD and/or DVD drive box(es)
      • Network drive box(es)
      • My Network Places... then click OK.
    • Click on Cleaning Options, the "Set scan options" window appears... place a CHECK in the following:
        Scanning options (These are normally checked, by default)
      • Scan boot sectors
      • Scan files... also... click the (+) sign and select All Files... leave other defaults as they are.
      • Use heuristic detection
      • Detect incomplete virus bodies
        Action options
      • Select Report only option
      • Click on the + sign next to Second Action.
      • Select Report only option... then click OK.
  4. Click on Click here to scan link.
    The scan engine & virus definitions will load and the scan will begin. (This will take a while, please be patient.)
    When the scan is finished...
  5. Click on Click here to export the scan report... Click on Desktop on your left.
  6. In the File Name box, copy and paste in BDReport.txt
  7. In the Save As Type box, select Text (*.txt) file... then click Save.
    Please copy and paste the contents of the BDReport.txt file, into your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. MSRT mrt.log recent report info.
  3. Bit Defender BDReport.txt file contents.
  4. Besides the discrepancy between Spybot and SpywareBlaster... how is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14115
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: A HijackThis log and related information about problems

Unread postby Eagle » March 3rd, 2010, 6:30 pm

To: Wingman (Mike):
Hi:
Thanks again for your timely reply.
Following are the results as well as answers to your questions.
Note: I realize that you didn't ask this question, However, I thought it might be important to note that: There is important information on this machine.

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v3.4, February 2010
Started On Wed Mar 03 17:10:58 2010

->Scan ERROR: resource process://pid:388 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:768 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1412 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1452 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1616 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:768 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:388 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 03 17:13:39 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Please note:
Contrary to your instructions in Step 3:
I was Unable to run BitDefender – Online Scan, without first Allowing the following Add-on to FireFox:

BitDefender QuickScanner 0.9.9.8
https://quickscan.bitdefender.com/xpi/q ... .9.9.8.xpi
Therefore, I downloaded and installed the above Add-on. Then, I ran BitDefender’s – Online Scanner.
Please note:
Contrary to your instructions in Step 3:

There is No Option to: "choose “Under My Computer”.
There is No Option to: "click on “(+)” to expand.
There is No Option to: “UNCHECK” the following: Floppy Drive; CD and/or DVD drive box(es); Network Drive box(es); My Network Places.
There is No Option to: “then click OK“.
There is No Option to: “Click on Cleaning Options”.
“Set scan options”, does Not appear.
There is No Option to: place a CHECK in the following:
o Scan boot sectors
o Scan files... also... click the (+) sign and select All Files... leave other defaults as they are.
o Use heuristic detection
o Detect incomplete virus bodies
Action options
There is No Option to: “Select Report only option”
There is No Option to: “Click on the + sign next to Second Action.”
There is No Option to: “Select Report only option... then click OK”.
There is No Option to: “Click on Click here to export the scan report... Click on Desktop on your left.”
There is No Option to: “In the File Name box, copy and paste in BDReport.txt”
There is No Option to: “In the Save As Type box, select Text (*.txt) file... then click Save.”

However, there was a link to “View Log”……………………The results follow:

BitDefender QuickScan Beta 32-bit v0.9.9.8
------------------------------------------

Scan date: Wed Mar 03 17:38:01 2010
Machine ID: BCF5D211



No infection found.
---------------------


Processes
---------
<unsigned> Diskeeper (TM) Disk Defragmenter 548 C:\Program Files\Executive Software\Diskeeper\DkService.exe
<unsigned> Microsoft (R) DRM 960 C:\WINNT\system32\mspmspsv.exe
<unsigned> NVIDIA Driver Helper Service, Version 3 748 C:\WINNT\System32\nvsvc32.exe
<unsigned> TeaTimer.exe 1388 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

<verified> ESET Smart Security 1416 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
<verified> ESET Smart Security 564 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
<verified> Firefox 1108 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Java(TM) Platform SE 6 U17 704 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Java(TM) Platform SE 6 U17 1272 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Microsoft Office 2003 1708 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
<verified> Microsoft(R) Windows (R) 2000 Operating 1448 C:\WINNT\Explorer.EXE
<verified> Microsoft(R) Windows (R) 2000 Operating 172 C:\WINNT\system32\csrss.exe
<verified> Microsoft(R) Windows (R) 2000 Operating 232 C:\WINNT\system32\lsass.exe
<verified> Microsoft(R) Windows (R) 2000 Operating 848 C:\WINNT\system32\regsvc.exe
<verified> Microsoft(R) Windows (R) 2000 Operating 220 C:\WINNT\system32\services.exe
<verified> Microsoft(R) Windows (R) 2000 Operating 148 C:\WINNT\System32\smss.exe
<verified> Microsoft(R) Windows (R) 2000 Operating 520 C:\WINNT\system32\spoolsv.exe
<verified> Microsoft(R) Windows (R) 2000 Operating 884 C:\WINNT\system32\stisvc.exe
<verified> Microsoft(R) Windows (R) 2000 Operating 496 C:\WINNT\system32\svchost.exe
<verified> Microsoft(R) Windows (R) 2000 Operating 652 C:\WINNT\System32\svchost.exe
<verified> Microsoft(R) Windows (R) 2000 Operating 976 C:\WINNT\system32\svchost.exe
<verified> Microsoft(R) Windows (R) 2000 Operating 1144 C:\WINNT\system32\svchost.exe
<verified> Microsoft(R) Windows (R) 2000 Operating 192 C:\WINNT\system32\winlogon.exe
<verified> Online Armor Firewall 768 C:\Program Files\Tall Emu\Online Armor\oacat.exe
<verified> Online Armor Firewall 1452 C:\Program Files\Tall Emu\Online Armor\oahlp.exe
<verified> Online Armor Firewall 388 C:\Program Files\Tall Emu\Online Armor\oasrv.exe
<verified> Online Armor Firewall 1412 C:\Program Files\Tall Emu\Online Armor\oaui.exe
<verified> RoboForm 712 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
<verified> Windows Management Instrumentation 940 C:\WINNT\System32\WBEM\WinMgmt.exe


Autoruns and critical files
---------------------------
<unsigned> Ahead Software Gmbh NeroCheck C:\WINNT\system32\NeroCheck.exe
<unsigned> NVIDIA nView Wizard, Version 30.82 C:\WINNT\system32\nwiz.exe
<unsigned> QuickTime C:\Program Files\QuickTime\qttask.exe
<unsigned> SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
<unsigned> SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
<unsigned> TeaTimer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> ESET Smart Security C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
<verified> Java(TM) Platform SE 6 U17 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Microsoft Synchronization Manager C:\WINNT\system32\mobsync.exe
<verified> Microsoft(R) Windows (R) 2000 Operating C:\WINNT\system32\CRYPT32.DLL
<verified> Microsoft(R) Windows (R) 2000 Operating C:\WINNT\system32\CRYPTNET.DLL
<verified> Microsoft(R) Windows (R) 2000 Operating C:\WINNT\system32\cscdll.dll
<verified> Microsoft(R) Windows (R) 2000 Operating C:\WINNT\system32\netshell.dll
<verified> Microsoft(R) Windows (R) 2000 Operating C:\WINNT\system32\sclgntfy.dll
<verified> Microsoft(R) Windows (R) 2000 Operating C:\WINNT\system32\SHELL32.DLL
<verified> Microsoft(R) Windows (R) 2000 Operating C:\WINNT\system32\stobject.dll
<verified> Microsoft(R) Windows (R) 2000 Operating c:\winnt\system32\userinit.exe
<verified> Microsoft(R) Windows (R) 2000 Operating C:\WINNT\system32\wlnotify.dll
<verified> Microsoft(R) Windows (R) 2000 Operating C:\WINNT\system32\wzcdlg.dll
<verified> Microsoft® Windows® Operating System C:\WINNT\system32\BROWSEUI.DLL
<verified> Microsoft® Windows® Operating System C:\WINNT\system32\webcheck.dll
<verified> Online Armor Firewall c:\program files\tall emu\online armor\oaevent.dll
<verified> Online Armor Firewall C:\Program Files\Tall Emu\Online Armor\oaui.exe
<verified> RoboForm C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe


Browser plugins
---------------
<unsigned> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<unsigned> InterTrust Redemption Wizard C:\Program Files\Internet Explorer\plugins\NPDocBox.dll
<unsigned> Java(TM) Platform SE 6 U17 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> NPSWF32.dll C:\WINNT\system32\Macromed\Flash\NPSWF32.dll
<unsigned> QuickTime Plug-in 7.1.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.1.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.1.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.1.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.1.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.1.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.1.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.1.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.1.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.1.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.1.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.1.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.1.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.1.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

<verified> AcroIEHelper Module c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx
<verified> Adobe® Flash® Player ActiveX C:\WINNT\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> BitDefender QuickScan C:\Documents and Settings\v\Application Data\Mozilla\Firefox\Profiles/jzbmtgoq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\v\Application Data\Mozilla\Firefox\Profiles/jzbmtgoq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Java Deployment Toolkit 6.0.170.4 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java(TM) Platform SE 6 U17 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
<verified> Microsoft(R) Windows (R) 2000 Operating C:\WINNT\system32\msafd.dll
<verified> Microsoft(R) Windows (R) 2000 Operating C:\WINNT\system32\RNR20.DLL
<verified> Microsoft(R) Windows (R) 2000 Operating C:\WINNT\system32\rsvpsp.dll
<verified> Microsoft(R) Windows (R) 2000 Operating C:\WINNT\system32\winrnr.dll
<verified> Microsoft® Windows® Operating System C:\WINNT\system32\SHDOCVW.DLL
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> msdxm.ocx c:\winnt\system32\msdxm.ocx
<verified> RoboForm C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
<verified> SDHelper.dll C:\Program Files\Spybot - Search & Destroy\SDHelper.dll


Missing files
-------------
File not found: C:\WINNT\bdoscandel.exe
referenced in: HKLM\Software\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}\"Exec"

File not found: NvQTwk
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"NvCplDaemon"


Scan
----
<unsigned> MD5: 709ef83d1a6af646ff7a067f70cd6107 C:\Program Files\Common Files\Microsoft Shared\PROOF\1033\MSGR3EN.DLL
<unsigned> MD5: f29a80f607703ca1fc5d25993cc7feda C:\Program Files\Common Files\Microsoft Shared\PROOF\MSSPELL3.DLL
<unsigned> MD5: 686b224b4987c22b153fbb545fee9657 C:\Program Files\Eset\ESET NOD32 Antivirus\mfc80u.dll
<unsigned> MD5: 2c41e4bad51173a9dcf232839eba7183 C:\Program Files\Executive Software\Diskeeper\DkLib.dll
<unsigned> MD5: d68aa9d98e5e517b9ec5b445341215a8 C:\Program Files\Executive Software\Diskeeper\DkRes.dll
<unsigned> MD5: 1b7cbbf17c6b2c111a7d516afdb8adf1 C:\Program Files\Executive Software\Diskeeper\DkService.exe
<unsigned> MD5: 9d63f257e9cc6367692b92da4cb4ddac C:\Program Files\Internet Explorer\plugins\NPDocBox.dll
<unsigned> MD5: 4687b6f8cf5f62ddcf21916114142ff7 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<unsigned> MD5: d69a99614e7b565914d4f5f23321f2ba C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: d69a99614e7b565914d4f5f23321f2ba C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: d69a99614e7b565914d4f5f23321f2ba C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: d69a99614e7b565914d4f5f23321f2ba C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: d69a99614e7b565914d4f5f23321f2ba C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: d69a99614e7b565914d4f5f23321f2ba C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: d69a99614e7b565914d4f5f23321f2ba C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Java\jre6\bin\msvcr71.dll
<unsigned> MD5: dee8f03d1eace0c8f914a2c76568ea32 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> MD5: 462e2f4886a0b389d4fda12a15f8219a C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 52d4d6ec27a57313ab9f90e242c3cfa4 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: d69a99614e7b565914d4f5f23321f2ba C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: d69a99614e7b565914d4f5f23321f2ba C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: d69a99614e7b565914d4f5f23321f2ba C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: d69a99614e7b565914d4f5f23321f2ba C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: d69a99614e7b565914d4f5f23321f2ba C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: d69a99614e7b565914d4f5f23321f2ba C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: d69a99614e7b565914d4f5f23321f2ba C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: a87b04299a14747bbcbe8cb4147612c2 C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 30e1f03dcc8825988528d9058312ede2 C:\Program Files\QuickTime\qttask.exe
<unsigned> MD5: ece7733580a55e88e8f06d283bac8902 C:\Program Files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_27.dll
<unsigned> MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
<unsigned> MD5: d617404d119b1db10366692447d8a648 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
<unsigned> MD5: bfbc4be8d6ac6d33ad93f3f5f2e11499 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
<unsigned> MD5: e9c2d75c748c3f0a4c34d6cf2ae1d754 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
<unsigned> MD5: ecd5517a6633826057d4f050927ddf56 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
<unsigned> MD5: 482e8f6fd557d5a0df7363f72df145fe C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
<unsigned> MD5: a070b8c38ceb3a30cc18d1b7c433144c C:\Program Files\WinRAR\RarExt.dll
<unsigned> MD5: badd66f7d8ea1c181398cb868cf1ff83 C:\PROGRA~1\WinZip\WZSHLSTB.DLL
<unsigned> MD5: 5b92ca7afbc5c753381a45fa4d0b7a02 C:\WINNT\System32\DRIVERS\FA311ND5.SYS
<unsigned> MD5: 21ceedfa76170a6cf19ad833aa948393 C:\WINNT\System32\DRIVERS\nv4_mini.sys
<unsigned> MD5: d70cf694e4521a2fbe2563d770fbf7d6 C:\WINNT\system32\hppadt40.dll
<unsigned> MD5: eac35a4ecbb7be994f08c144de0f2817 C:\WINNT\system32\hppamon0.dll
<unsigned> MD5: af619b3908bb1c9336fb6981609018fe C:\WINNT\system32\mspmspsv.exe
<unsigned> MD5: 3e4c03cefad8de135263236b61a49c90 C:\WINNT\system32\NeroCheck.exe
<unsigned> MD5: c40149797d2473e63ecf2c716a75da15 C:\WINNT\System32\nvsvc32.exe
<unsigned> MD5: 655a717438c780f161989db6829a3e7a C:\WINNT\system32\nvtuicpl.cpl
<unsigned> MD5: 9c8e53593480a011d1204e9c058dd919 C:\WINNT\system32\nwiz.exe


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.05 MB sent, 2.17 KB recvd
Scanned 829 files and modules - 145 seconds
-------------------------------------------------------------------------------------
You wrote:
Besides the discrepancy between Spybot and SpywareBlaster... how is the computer behaving?
Please note: The problem is NOT that there’s a discrepancy between Spybot and SpywareBlaster...........................................
The problem is:
a) Within “SpywareBlaster”: Something is REPEATEDLY Disabling Protection for “Mozilla Firefox”. At the time that I made this posting to this malware forum: “230 items have protection disabled”.

b)Within “Spybot”: Something is REPEATEDLY Disabling Protection for 39,734 things.
Just One example: “Global [Hosts]” 169 things are Unprotected.
For other examples: Please see the image in my prior posting.

--------------------------------------------------------------------------------------
You wrote:
Any problem executing the instructions?
Answer: Yes, There were many problems executing the instructions. Please note: The instructions were often in error.
--------------------------------------------------------------------------------------
Regards,
Eagle
Image
PS. "BitDefender Quick Scan" is now appearing constantly in FireFox as a red icon above the clock that's on the task bar...........Why? Should I get rid of this? If yes: How?
PPS. "MS Malicious Software Removal Tool" (windows-kb890830-v3.4.exe) is now on my desktop.......Why? Should I get rid of this? If yes: How?
Eagle
Active Member
 
Posts: 11
Joined: September 27th, 2009, 5:47 pm

Re: A HijackThis log and related information about problems

Unread postby Wingman » March 4th, 2010, 11:15 am

Hello Eagle,

Eagle wrote:Note: I realize that you didn't ask this question, However, I thought it might be important to note that: There is important information on this machine.
I would advise, if there is important information on your machine, I suggest you backup this information immediately. There are too many possible situations that could arise that could cause you to not have access to this data. Having a current backup of the data, is one of the most important safeguards you can provide for yourself. If you have a current backup, great... you are doing better than lots of other folks who don't see the necessity of backups.

Eagle wrote:...There were many problems executing the instructions. Please note: The instructions were often in error.

It appears that my instructions are not satisfactory for you. These instructions have been developed, reviewed and altered as needed, in order for any person using them to understand the various steps required. While there may be some small variations from time to time... as computer setups can be very different, I strive to keep these instructions current.
Would you feel more comfortable with a different helper's instructions? If you can not use my instructions easily, perhaps another helper's instructions would be more to your liking. Having computer problems or issues is stressful enough without stressing over some one's attempt to help resolve those issues.
Requesting another helper is understandable and it happens from time to time. It is not seen as a negative thing. It would not be taken personally by me and hopefully not by yourself.

Eagle wrote:PS. "BitDefender Quick Scan" is now appearing constantly in FireFox as a red icon above the clock that's on the task bar...........Why? Should I get rid of this? If yes: How?
Why?... If you mean it has been added to Firefox's "toolbar" It was probably added, so you can have easy access to BitDefender's Online scan, in the future.
Should you get rid of this? ... that's your decision.
How?... If you want to get rid of it, please see this: http://kb.mozillazine.org/Toolbar_custo ... nd_buttons
Now just so I understand what you're saying and what you mean, because this is unclear to me... you said "taskbar" which to me means the bar at the bottom (default) of your Desktop, with you system clock, your AV product icon, etc... As browsers have toolbars not "taskbars" if you meant your Desktop taskbar, then you should look in your Start>All Programs menu for a BitDefender entry to uninstall BitDefender or in the Add/Remove Programs applet in Control Panel for an entry to uninstall BitDefender.

Eagle wrote:PPS. "MS Malicious Software Removal Tool" (windows-kb890830-v3.4.exe) is now on my desktop.......Why? Should I get rid of this? If yes: How?
Why? ... because that's where you were instructed to download it.
Should I get rid of this? ... again that's your decision. A new version is distributed on the second Tuesday of each month, with MS Automatic Updates.
How?... You can either drag it to your Recycle Bin or right click on it and choose Delete from the menu options presented.

Let me know if you would prefer another helper.

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14115
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: A HijackThis log and related information about problems

Unread postby Gary R » March 5th, 2010, 3:40 am

Hi Eagle,

Reading through this topic it would appear that you have trouble following instructions without asking a number of pointless and trivial questions, none of which will help in getting your computer cleaned.

It would seem that online help is not the media for you, and I would suggest that the best way for you to get your computer cleaned of infection will be for you to deal with someone face to face.

We can no longer help you.

This topic is now closed
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 90 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware