Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

'annoying pop ups;think I am infected'

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby curlylad » January 23rd, 2007, 4:02 pm

Good Evening Chloe Pessoa

Chloe Said
I hate to say this - but my patience is wearing thin - and I am sure yours must be also.


Do not worry, I will not let this beat me.
It is proving to be stubborn but we will get there. ;)

Ok, here's how we go from here:-

STEP 1

Norton Removal Tool



STEP 2

Previous Post Instructions

Although using the Norton Removal Tool will mean that the Norton Internet Security 2007 should be completely removed, I would now like you to refer back to my previous post.
Please can you now perform all of the steps in my previous post.
You will find that some of the things that you are asked to look for and remove or delete are no longer there, this is because the Norton Removal tool has done its job, however I would still like you to attempt the previous steps as a precaution.

When you have completed the steps please post back with the required information.
User avatar
curlylad
Retired Graduate
 
Posts: 1829
Joined: February 5th, 2006, 5:07 pm
Location: Birmingham
Advertisement
Register to Remove

Unread postby Chloe Pessoa » January 23rd, 2007, 5:21 pm

Hi Curlylad

The only one that gave a problem was Symantec Core LC which still said 'The Service you entered is system critical! It can't be deleted'

So as far as I know everything for Norton/Symantec has been uninstalled. 'Symantec Technical Support Web Controls' I had to remove in normal mode as it would not do it in 'Safe Mode'. It said The Windows Installer Service could not be accessed. This can occur if you are running Windows in Safe Mode'
Here are post backs you requested:

HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 21:04:47, on 23/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\PROGRA~1\Yahoo!\YUM\yum.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O4 - Global Startup: HotSync Manager.lnk.disabled
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ ... 586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Uninstall List:

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
AVG Anti-Spyware 7.5
AVG Free Edition
BT Broadband Desktop Help
BT Home Hub
BT Yahoo! Applications
CCleaner (remove only)
Clié Favorites
CLIE MS SCSI Driver
eBay Toolbar
ERUNT 1.1j
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
J2SE Runtime Environment 5.0 Update 10
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
MultiMediaNavigator
Nero 6
NVIDIA Drivers
OpenMG AAC Add-on Module 1.0.00
OpenMG CLIE Additional Module
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
Palm Desktop
Panda ActiveScan
ParetoLogic Privacy Controls
PDF Manual NW-A1000 Series NW-A3000 Series
PowerDVD
PowerISO
RealPlayer
RegCure 1.0.0.43
Registry Mechanic 6.0
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Smart Link 56K Modem
SonicStage 4.0
Spybot - Search & Destroy 1.4
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver

Norton removal complete successfully
AVG and Zone Alarm complete successfully

Computer seems fine - except sometimes double click takes 3-4 double clicks to work.

Word is still up the creek - someone mentioned that this could possibly be a Drive problem. But I can work with it as it is.

Over to you now!!
Regards
Chloe
Chloe Pessoa
Regular Member
 
Posts: 39
Joined: December 25th, 2006, 1:59 pm

Unread postby curlylad » January 24th, 2007, 2:46 pm

Good Evening Chloe Pessoa

It appears that there are a few things that either you haven't done from previous posts or have not been completed properly.

Your Firewall - Zone Alarm does not appear to be running from startup as it should be.
If you have not installed it yet please do so now.

Also we still need to update to the latest version of Java

STEP 1

Enable Firewall
  • Click Start, click Run, type in the box services.msc, click OK
  • Scroll down the list to TrueVector Internet Monitor and double click on it
  • Click the General tab, under Startup type: , change the drop down box to Automatic
  • Click Apply, click OK


Please now reboot your system before moving on to the next step


STEP 2

Update Java

Your Java still has not been updated to the latest definition.
Please do this now

I need you to update Java again as there is a newer version now available.

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of perceived vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 .

To check your version to see if it is the latest version, Please go to this link to verify your version to get the updates needed:

You'll need to use IE and allow ActiveX for this update. Follow the instructions on that page to verify Your Java software.

Or you can get the manual download here:

Once you have installed the latest update, please go to Add/Remove Programs and remove all older instances of Java listed there.



STEP 3

Remove left over Symantec entry
  • Click Start, click Run, type cmd, click OK
  • When the box opens type at the flashing cursor sc delete Symantec Core LC, press the Enter key
  • When done close the window.



Post back a fresh HijackThis log when you are done please.
User avatar
curlylad
Retired Graduate
 
Posts: 1829
Joined: February 5th, 2006, 5:07 pm
Location: Birmingham

Unread postby Chloe Pessoa » January 24th, 2007, 6:08 pm

Hi Curlylad

Obviously didnt do it correctly the first time. My apologies

Step 3: It said 'The specified servies does not exist as an installed service'.

Here is latest HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 22:03:05, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O4 - Global Startup: HotSync Manager.lnk.disabled
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


Questions:

1. Do I purchase Zone Alarm at start up it says I have 15 days free trial. Do I need it to be continuous?
2. In Zone Alarm there is 'Identity Protection' do I put personal info in data?
3. Do I take off Ad-Aware SE Personal off computer? Do I take off SmitfraudFix, ERUNT, NTREGOPT, Fixme, ATF-Cleaner, CCleaner, ParetoLogic Privacy, Spybot Search off computer or just off desktop - seems a hell of a lot of things on there now?
Thanks
Chloe
Thanks
Chloe
Chloe Pessoa
Regular Member
 
Posts: 39
Joined: December 25th, 2006, 1:59 pm

Unread postby curlylad » January 26th, 2007, 1:36 pm

Good Evening Chloe Pessoa

I think we are nearly there now so please stay with me to conclude this.


STEP 1

Zone Alarm

I provided the link for the free version of Zone Alarm.
However looking at your last post it appears that either it is asking if you wish to upgrade to Zone Alarm Pro - the paid version, or you have downloaded the Zone Alarm Pro on a 15 day trial.

Over at Castle Cops they have a forum dedicated to all things Zone Alarm.
You can access it via this link http://www.castlecops.com/f23-Zone_Alarm.html

Simply start a new thread and they will be able to better advise you there.




STEP 2

Microsoft Office Word

I have gone through the usual steps to try to resolve this issue but to no avail.

My suggestion is that you visit a forum that I can recommend that will be able to help you with the problem.

Please go to Castle Cops General Computer Problems Forum

Post a new thread and one of the advisers knowledgeable in such matters will be able to better assist you.




STEP 3

Uninstall/Remove Programs

You mentioned a number of programs that have been installed to help with the fix process.

You could in fact uninstall or remove all of the programs that you stated, however it may be beneficial for you to keep one or two of them to help with your systems security.

I will give a brief description of what the programs are or what they do.
The ones that should be uninstalled I will indicate after them, the others you can decide.
  • Ad-Aware SE Personal - This scans for and removes unwanted Adware - Keep this it is a very good program for removing unwanted junk, update and run regularly.
  • SmitfraudFix - This was purely for the fix process - Uninstall it.
  • HijackThis - Keep this then if there are any problems you know what to do.
  • ERUNT and NTREGOPT - ERUNT and NTREGOPT are a back up program and registry compactor respectively - These can be uninstalled.
  • Fixme - I don't recall having you download this, I believe it may be some sort of script writing tool.
    If you do not recall downloading this or do not use it then uninstall/remove it.
  • ATF-Cleaner - This is a basic tool for removing unwanted junk from your system like TEMP files, cookies, history etc.
    I advise uninstalling this as the next tool does the same as this but slightly more as well - Uninstall this.
  • CCleaner - As above but a better package, see here for information about what it does http://www.ccleaner.com/ - Keep this one.
  • ParetoLogic Privacy - Another program similar to CCleaner and ATF-Cleaner - Uninstall it.
  • Spybot Search & Destroy - Similar to Ad-Aware but this one removes unwanted Spyware - Keep this, update and run regularly.
  • AVG Anti-Spyware - As well as Spyware this program removes a whole host of baddies from your system - Keep this, update and run regularly.



STEP 4

AVG Anti-Spyware

If you have taken my advice above and are keeping AVG Anti-Spyware please read/follow this instruction.

You are using the free version of AVG Anti-Spyware.
This is a 30 day trial which includes real-time protection, after the 30 day trial if you wish to keep the free version then the real-time protection is removed but the service remains on your system.
This service can therefore be removed as it is unnecessary and this will save on system resources.

To disable the service follow this instruction.
  • Click 'Start', click 'Run'
  • Type 'services.msc, click 'OK'
  • Locate and right click over 'AVG Anti-Spyware Guard'
  • Select properties
  • Click on the startup type drop down box
  • Select disabled
  • Click 'Apply' and 'OK'
  • Close the services window.


If in future you wish to upgrade to the full version simply reverse the instructions above.


STEP 5

Report Back

Please post back confirming you are happy with these instructions and the links I provided for help with:-
  • Microsoft Office Word
  • Zone Alarm


I await your reply
User avatar
curlylad
Retired Graduate
 
Posts: 1829
Joined: February 5th, 2006, 5:07 pm
Location: Birmingham

Unread postby Chloe Pessoa » January 26th, 2007, 3:49 pm

Hi Curlylad

I understand all you have said and I have saved the links you have provided. I will deal with the Word problem and Zone Alarm at a later date - thank you.

Regards
Chloe
Chloe Pessoa
Regular Member
 
Posts: 39
Joined: December 25th, 2006, 1:59 pm

Unread postby curlylad » January 26th, 2007, 6:15 pm

Good Evening Chloe Pessoa


Congratulations, good work, your system is now clean.

Now that your system is safe we would like you to keep it that way.

Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Step 1 - Microsoft Windows Update

Click Start > Control Panel > Security Centre and make sure that Automatic Updates are On.


Step 2 – Create a clean system restore point

Now that your system is clean you should SET A NEW RESTORE POINT to prevent reinfection from an old restore point. Any malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to set a new RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.


Step 3 - Make your Internet Explorer more secure

Open Internet Explorer click Tools > Options > Security tab > Internet icon to highlight > Custom Level, then select the following options:-
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
Click OK, then Apply > OK to exit the Internet Properties page.

Step 4 - Anti Virus Software

It is very important that your computer has an anti-virus software running on your machine and that it is kept up to date.
For future reference you could try this other Anti Virus which has a free version for home, non-networked, single user use.
Avast Anti Virus http://www.avast.com/
For more information on anti-virus programs see http://www.malwareremoval.com/forum/viewtopic.php?p=53#53

Step 5 – Firewall

It is very important that you have a Firewall if you are using the Internet.
For your reference here is the link to an alternative very good free firewall
Kerio http://www.sunbelt-software.com/Kerio.cfm
For more information on firewalls see http://www.malwareremoval.com/forum/viewtopic.php?p=56#56

Step 6 – Windows Defender

Download and install Windows Defender from http://www.microsoft.com/athome/securit ... fault.mspx
Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software.


Step 7 - SpywareBlaster

Download and install Javacools SpywareBlaster from http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Hopefully these steps will help keep your computer clean, glad I could be of assistance.

If there are any other questions then feel free to ask or in future do not hesitate to contact us here at The Malware Removal Forums
User avatar
curlylad
Retired Graduate
 
Posts: 1829
Joined: February 5th, 2006, 5:07 pm
Location: Birmingham

Unread postby Chloe Pessoa » January 26th, 2007, 7:14 pm

Hi Curlylad

I cannot thank you enough - both for helping me and being patient with me. Never thought it was going to end!! But you stuck with me and again I thank you. You are wonderful!
Hopefully, I shouldnt have to bother Malware Removal for a long while. Thanks again
Regards
Chloe
Chloe Pessoa
Regular Member
 
Posts: 39
Joined: December 25th, 2006, 1:59 pm

Unread postby NonSuch » February 4th, 2007, 3:22 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware