Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus burster removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Andy and Navigator

Unread postby Dave7312 » November 24th, 2006, 7:54 am

Dear Andy and Navigator
It is a drag having to work isn't it! However here are the scans
Logfile of HijackThis v1.99.1
Scan saved at 11:39:29, on 24/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\Owner\My Documents\Hijackthis\HJT.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8936829924
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://davidrobinson5.bulldoghome.com/p ... Upload.ocx
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templat ... rol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9C9A73D-42DE-4DEA-A2C4-39FE60A4B6BB}: NameServer = 83.146.21.6 212.158.248.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Scanning Report
Friday, November 24, 2006 10:51:00 - 11:36:08
Computer name: DELL
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ F:\


--------------------------------------------------------------------------------

Result: 5 malware found
Adware.SafetyBar (spyware)
System (Disinfected)
Adware.Searchcolours (spyware)
System (Disinfected)
Coulomb Dialer (spyware)
System (Disinfected)
DriveCleaner (spyware)
System (Disinfected)
Possible Browser Hijack attempt (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 32936
System: 4948
Not scanned: 3
Actions:
Disinfected: 5
Renamed: 0
Deleted: 0
None: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{F104628E-97A3-4777-A1B7-F6171633FC73}.BIN

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2006-11-23
F-Secure AVP: 7.0.171, 2006-11-24
F-Secure Orion: 1.2.37, 2006-11-23
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Draco: 1.0.35, 0260-02-44
F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
I have had some further problems with the computer:
I couldn't get onto the internet yesterday: it appeared that something was blocking the access port. I uninstalled 'Zone alarm' and the two AVG programs because my ip suggested that their updates were causing this.
Now things are back to 'normal' I have managed to download the free AVG virus prog but 'Zone Alarm' stalls because it cannot find or is hampered by 'TrueVector' I have looked in 'services.msc' but TrueVector is not there. I am now without a firewall except for the rudimentary one in XP and have run into the buffers of my knowledge on this.Can you assist pleas
ps What do I do with the saved 'registry' file? Can I safely delete it?
David
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am
Advertisement
Register to Remove

Unread postby Navigator » November 24th, 2006, 12:35 pm

Hello dave...great work. Your HJT log appears 'clean' and that F-Secure scan didn't find much other than leftover strays (which it cleaned).

With regard to your ZA problem, googling zone alarm true vector produced many hits...seems this problem is much reported. The ZA message boards have many topics on the issue...here is a link to one that appears applicable:

http://forums.zonelabs.com/zonelabs/boa ... e.id=14689

The tech guy there in that thread recommends a 'clean' uninstall followed by a fresh install, and he explains exactly how to do that to get ZA back up and running properly. I would try that solution (and limit my time on the internet while without a software firewall) and then let me know if that helps. You could also register at that forum and post a new topic detailing your problem and see if one of their techs can help.

With regard to the backup registry file, if your computer is running well it can be safely deleted.

Let me know if the steps above help with the ZA alarm problem...we have some 'finishing up' steps to do (nothing major) but I'd like to get the firewall thing sorted first...
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Andy and Navigator

Unread postby Dave7312 » November 24th, 2006, 1:55 pm

I accessed the ZA message board but it wasn't much help as the information there is predicated on having ZA installed which I haven't.So I'm not much further forward. I will do a trawl of the computer and delete anything I find relating to ZA and get back to you.
David
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am

Unread postby Navigator » November 24th, 2006, 4:33 pm

OK...

But I'm a bit confused....

You told me that ZA 'stalls....' which would mean you have it on your system, right? If it's not on your system how does it stall? Your most recent HJT log shows it to be on your system

The tech at the link I gave details how to do a 'clean' (I would assume an ENTIRE or complete program) removal after which it can be reinstalled.

If this file is on your system: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe (this is the ZA uninstall program), then I would follow the instructions for the 'clean' removal and reinstall the program.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Andy and Navigator

Unread postby Dave7312 » November 25th, 2006, 6:49 am

I uninstalled ZA using 'start>control panel>Add/remove because I was advised that it could be blocking the port through which I accessed the internet. When I tried to reinstall it, part way through the installation procedure I got an error message which read:'Set up is unable to log into the TrueVector sevice. Install cannot continue without logging into the TrueVector service.
Please use the service manager to shut down the TrueVector service and then restart the installer program'.
I can understand each word because I recognise them as english but what it means is a complete mystery to me. As I said in my previous I have run-up to the buffers in my knowledge of computers and their systems.
There is supposed to be a file suffix ///zauninst.exe/clean on the system but up to now I haven't been able to locate it. Using this is supposed to sort-out the problem?
I am worried that because there is no effective firewall on the system I am exposed to threats etc.
David
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am

Andy and Navigator

Unread postby Dave7312 » November 25th, 2006, 1:55 pm

I have now managed to sort-out the Zone alarm problem .I am now behind a fire wall
I used the Search facility to look for anything with Zon in the title and from the results, guessing what was Zone labs residue, I deleted as much as would delete. Not everything would delete but I must have got rid of something that was hogging the system because the program downloaded without a problem and I can now await your responses with confidence
David
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am

Unread postby Navigator » November 25th, 2006, 4:59 pm

Hey Dave....glad to hear you got the FW situation figured out...

Let's finish up!

Your HJT appears clean and I'm glad your system is running well with out problems!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • THIS IS IMPORTANT! - If you are using Windows XP then you should reset system restore to make sure there are no infected files found in a restore point and that you have a clean restore point should you need one!

    Now let's reset your restore points.

    Click Start Menu >> All Programs >> Accessories >> System Tools >> SystemRestore

    Press OK. Choose 'Create a Restore Point' then Next. Name it and press 'Create' then when the confirmation screen shows the restore point has been created click 'Close'.

    Next go to Start Menu >> Run, then type:

    cleanmgr


    click OK, when Disk Cleanup opens go to the 'More Options' tab and press 'Cleanup' on the system restore area which will remove all the restore points except the one we just created. To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy- Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner by Atribune. This program is for XP and Windows 2000 only. ATF is a new, freeware, temporary file cleaner for Windows, IE, Firefox and Opera with a simple, easy-to-use interface. The main screen allows the user to either clean all temporary files, or select files for cleaning. The program also knows if Firefox and or Opera is being used, and gives the option of cleaning the temporary files associated with those applications.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein. These are excellent reads too: I'm not pulling your leg and Malware: Preventing the Infection



Remember...be careful out there!
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Andy and Navigator

Unread postby Dave7312 » November 26th, 2006, 6:52 am

Thank you for your last response.

Many thanks for your advice and help over this extended matter. I appreciate the good work that you and your colleagues are providing. May I just remind you that I still have this spurious tool bar on IE that I would like to get rid of and re-establish Google which has been relegated to the side.
David
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am

Re: Andy and Navigator

Unread postby Navigator » November 26th, 2006, 12:14 pm

Dave7312 wrote:Thank you for your last response.

Many thanks for your advice and help over this extended matter. I appreciate the good work that you and your colleagues are providing. May I just remind you that I still have this spurious tool bar on IE that I would like to get rid of and re-establish Google which has been relegated to the side.
David


You are welcome.... :D

A few points:

I really need more information about the 'spurious' toolbar other than it being 'spurious' (i.e., it's name/origin etc)....and I need to know what steps you have taken to try and get rid of it...I do not have any information about it from your HJT log or ComboFix log.

We tried to get the HJT uninstall list upfront and were unsuccessful...that may have told us what 'spurious' programs are installed on your computer (and maybe information about the toolbar), so we can try to do that again now that you seem more facile with HJT:

1. Open HijackThis, click Open the Misc Tools section
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Can you now get that list for me?

The other thing you can do is check out these two links:

http://www.microsoft.com/windows/ie/com ... alize.mspx

http://www.winhelponline.com/tbchelp.htm

The first link is a 'general' discussion by a msmvp regarding toolbars etc..it may or may not be useful to you.

The second link is to another MS MVP's site to download a program called ToolBarCop. This program is 'free'. Per the site, ToolBarCop:

ToolbarCop is a browser extensions manager which can disable or eliminate the following browser add-ons selectively from Internet Explorer:

* Browser Helper Objects (BHO)
* Toolbars
* Standard Toolbar buttons
* Context menu Extensions
* Download managers
* Protocol Handlers
* Horizontal / Vertical Explorer Bars (side-search bars)
* Startup applications originating from RUN registry keys.


Since I do not know what toolbar we are dealing with, perhaps this program will help you.

If you can get me the uninstall list, I'll go through it...and if you can give me more information about this toolbar I'll see what I can do.

Otherwise the links I posted might help...let me know!
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Andy and Navigator

Unread postby Dave7312 » November 27th, 2006, 8:56 am

With reference to your last ie the toolbar here is the log of HJT
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9
Adobe Photoshop 7.0
Adobe Photoshop CS
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
AdSubtract PRO
AdSubtract PRO 3
ArcSoft Panorama Maker 3.0
Avery Wizard 2.5
AVG Anti-Spyware 7.5
AVG Free Edition
Broadcom Advanced Control Suite 2
Broadcom Gigabit Integrated Controller
Canon PhotoRecord
Canon PIXMA iP8500
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCScore
CD-LabelPrint
Dell Media Experience
Dell ResourceCD
Dell Solution Center
DoctorPRO 2.3
DoctorPRO 3.0
DriveCleaner 2006 1.0.30.1
Easy CD & DVD Creator 6
Easy-WebPrint
efonica®
Encyclopaedia Britannica Concise Edition CD
EPSON CardMonitor
EPSON PhotoQuicker3.4
EPSON PhotoStarter3.0
EPSON PRINT Image Framer Tool2.0
EPSON Printer Software
EPSON SMART PANEL for Scanner
EPSON TWAIN 5
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
ESSvpaht
ESSvpot
FotoStation 4.5
Free RAW Viewer 1.00
Garmin City Navigator Europe v8
Garmin USB Drivers
Google Toolbar for Internet Explorer
Hauppauge English Help Files and Resources
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Radio
Hauppauge WinTV Scheduler
Hauppauge WinTV Soft PVR
Hauppauge WinTV Source Selector
Hauppauge WinTV2000
HijackThis 1.99.1
HLPIndex
HLPSFO
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9 20040928_12 Plugin Update Patch
Kodak EasyShare software
KSU
leach colour
Macromedia Dreamweaver 4
Macromedia Extension Manager
Macromedia Shockwave Player
MapSource
MapSource - City Navigator Europe v7 Update
MapSource - European City Navigator v6
MediaTickets by OIN
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 Professional
Montage ProVision Spicer Hallfield Version 2.0
Mozilla (1.7.11)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Nero Suite
NetWaiting
Nikon FotoShare
Nikon Message Center
Nikon View 6
NikonCapture
Notifier
OfotoXMI
Online Manuals for WinTV (English)
OTtBP
OTtBPSDK
Panda ActiveScan
Panorama Stitcher Light EPC
PhotoCAL
Picasa 2
PIF DESIGNER2.0
PrintFIX 1.2
QuickTime
RawShooter essentials 2006
RealPlayer
RoadAngel 2
RoadAngel 2 - UK
RoadAngel II USB Drivers
ScanToWeb
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SFR
SHASTA
SKIN0001
SKINXSDK
Skype 2.5
SMWLink3.0
SMWLink3.0 (C:\Program Files\SMWLink3.0\)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sony Ericsson File Manager
Sony Ericsson Image Editor
Sony Ericsson MMS Home Studio
Sony Ericsson Mobile Networking Wizard
Sony Ericsson Sound Editor
Sony Ericsson Sync Station
SoundMAX
SpeedTouch USB Software
SSC Service Utility v4.10
Studio 9
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB Drivers
VMware Workstation
VPRINTOL
VTPlus32 for WinTV (English)
WellPhone
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Series TweakMP PowerToy
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WIRELESS
XnView 1.82.4
Yahoo! Toolbar
ZoneAlarm
Zoom V.92 PCI Voice Faxmodem
Zoomit (11-16-2004 15:45:43)

Detailsof the tool bar are this:-
On opening 'Internet Explorer' the tool bar across the top of the page has the words 'about:blank' already entered in it. The 'Google' toolbar which I wish to use is pushed over to the RHS and is reduced in length. As'about:blank' is not listed in the drop-down pane accessed from the tool bar grey area, I am unable to un-tick it. On going to the 'tools>options Home page' pane; the 'use current' box has 'about;blank' entered therein, the 'use default' box when selected goes to an msn homepage and the 'use blank' box when selected again displays the 'about:blank ' toolbar in IE.
I have taken note of the web pages that you included in your last but have not accessed them yet. Also I have taken note of your recommendations re 'tools and utilities and how and how not to' etc. (to precis your statement.) If you can throw any light on the tool bar saga I would be most grateful; as I take the view that I should be the one who chooses what goes onto my computer and I should not be coerced into having to have what other people think I should have (present company excluded of course)
David
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am

Unread postby Navigator » November 27th, 2006, 10:23 pm

Well, thanks for the info and the uninstall list.

You should go into safe mode and then try and uninstall Drive Cleaner 2006 and Media Tickets by OIN. These are 'bad'. They may or not 'uninstall' since we've already cleaned most of your computer, but I would try.

I'm still confused by the about:blank issue.....it sounds like you mean that about:blank is in the Address box...is that correct? I've never heard of an about:blank toolbar per se..What you seem to be describing to me sounds like you just want to change your homepage from about:blank and then expand the google toolbar.

Your HJT log, combofix logs and AV scans do not show any evidence of an about:blank infection.

To change the about:blank homepage:

First, type in the address bar the website name you want to use (or navigate to it). For example, if you want google as your homepage (that's what I use...it's clean and quick), type www.google.com in the address bar and go to the page. Or, choose any other webpage of your liking. Then, go to tools>>internet options and in the homepage section, choose use current and then select apply.

With regard to the google toolbar not being where you want it, toolbars can be clicked on and 'dragged' to wherever you like.

The first link I gave you in my last post describes all of what I just told you in detail...it's a great link.

Does this help?
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Andy and Navigator

Unread postby Dave7312 » November 29th, 2006, 1:45 pm

Thank you for your last.
I have sorted out the tool bar.
However I had a bit of a fright yesterday because I was downloading an update to 'microsoft media player' when 'Virus Burster' popped-up I could have wept!
However resisting the impulse to push the panic button. I went into 'safe mode' and (hopefully)deleted it. At least is is not making itself a nuisance.
Have a good Christmas and a virus free New Year
David
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am

Unread postby NonSuch » December 24th, 2006, 5:43 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 284 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware