SHOP PRODUCTS
Houzz Logo Print
polarprincess

How do i know if my computer is fully protected and how to clean

15 years ago

I have AVG free, and zone alarm which i just posted a thread on which isn't working for me currently, but i have followed the guidelines on an AVG forum for cleaning out my computer of most parasites/infections but i question whether that is enough? I have a feeling if i knew where else to look i would find I am seriously seriously infected. I know a couple of years back i got a worm/virus-some vundo thing if i remember right, and i kept having pop ups etc.. the AVG forum clean out thing didn't work and i googled what to do and found some cleaners and eventually something worked and i was able to restore my computer to functioning normally, but i often wonder what is left on here.

To feel good about being protected what programs/cleaners etc should i have how often should i be doing them?? thanks

Comments (51)

  • 15 years ago
    last modified: 9 years ago

    ok will search through those.. thanks

  • 15 years ago
    last modified: 9 years ago

    Polarprincess, besides your AVG (anti-virus) I would suggest you add the following programs:
    1)Spywareblaster - this you download, install, and just keep it updated. It helps keep spyware and other malware off your computer. You do not run scans with it.
    2)SUPERantispyware - download and install. Update before you run a scan with this. The first time, run a Complete scan. It will take a while, depending on how big your hard drive is. Use it about once a week if you are online a lot. Be sure to update each time before scanning.
    3)Malwarebytes' Anti Malware - Use very much like #2. It will remove infections that some other programs will not. Again, update before running a scan. Zep has provided detailed instructions in a number of posts. Use the Search function here.
    4)A good firewall. Zone Alarm is probably the easiest to use. You must give permission for anything to use the Internet or your Trusted zone. This means your anti-virus program, your browser(s), and other things. If you deny permission to something, you can always allow it later. At first, it will be popping up asking permission for almost every new thing you do, but if you check "always allow" it will stop doing this and soon will just work without bothering you at all.
    5)CCleaner - this little program helps clean up temporary files and other "stuff" that collects on your computer. Just use it in the default mode, and all should be well.

    This is a good collection of protection and cleanup tools. I would give links for each, but you can easily find these by using Google. Download from a trusted site such as CNet or FileHippo. Be sure to download the FREE version of each, not a trial version. If something else is offered, such as a toolbar, uncheck that, because you want only the named program.

    Good luck, and if some bad stuff shows up when you scan, there is always someone here to help you.

  • Related Discussions

    Do I have to protect my roses for winter, and how so?

    Q

    Comments (13)
    I only have 8 roses, although 4 of them are climbers. I'm probably going all out on them this winter since I only have 8 and I bought them all potted this spring. Climbers: Red Eden White Eden New Dawn Zephirine Drouhin Shrubs: Graham Thomas Pat Austin William Shakespeare 2000 Belinda's Dream I have a relatively large oak tree in front of my house, so I am going to use oak leaves. I'm going to buy some chicken wire or the equivalent of it, then prep with winter fertilizer, dump a bag of top soil over the base of the rose, then place the chicken wire around the rose as a cylinder than fill it with the oak leaves. For the climbers, most people don't do anything. However, I am going to protect them as well as I am in a pretty stingy environement still and Red and White Eden havn't been widely tested in my area. This depends on how large the roses get this year, but I am going to dump a bag of top soil over the base, then chicken wire and put oak leaves around the base as well for the first couple feet...or however wide of a roll of chicen wire I buy. The remainder of the canes, I will wrap in burlap together. I don't expect my climbers to be any taller than 5ft this year though, so it's not very labor intensive. If they were mature huge climber like New Dawn, I would probably just dump a bag of soil over the base and leave it as it is as it would be a mature plant.
    ...See More

    I finished painting my table.. but how do I protect it?

    Q

    Comments (6)
    You should not need to poly your paint in order for it to be "protected". The proper prep job will determine if you have issues with it chipping, and water spots shouldn't occur on fully cured paint. If the prep didn't include TSP, sanding, priming with an alkyd primer, and two top coats, then you will have issues with the finish regardless of if you apply poly. In fact, applying poly could accelerate the issues. Wait a week for the paint to be fully cured, and it should withstand normal wear just fine if you used a quality paint.
    ...See More

    How should I clean my pond? When should I clean my pond?

    Q

    Comments (0)
    Some ponds are never cleaned and the ponds and its occupants survive very well. However, a large number of ponds are created with high fish densities or are built in locations were the pond receives a great deal of debris over the year. Even if you start out with just a few fish initially, in a healthy pond they will breed to the point that the number of fish will push the environmental limits of your pond and biofilter. The debris may be the result of leaves blowing into the pond, the die-back of vegetative pond plants as well as fish wastes. It is these latter types of conditions that will necessitate you cleaning the pond eventually. The two most likely time points for cleaning are in the fall, to reduce the amount of accumulated muck on the bottom of the pond as you head into winter, or in the spring to remove material accumulated over the winter from leaves blowing into the pond, accumulated fish waste or catkins and similar materials shed by trees as they leaf out. Cleaning in the fall reduces wastes in the bottom of the pond which may turn anaerobic if sufficient oxygen is not available, creating a breeding ground for harmful bacteria, or which may decompose, releasing ammonia and other dangerous chemicals that can be trapped under the ice. The build-up of these pollutants can lead to fish kills over the winter months. While keeping a hole in the ice over winter will help alleviate the accumulation of gases, cleaning the pond before winter sets in will reduce the overall potential for problems. Cleaning the pond in the spring may help reduce diseases and parasites that often occur as the pond and its biology warms up for the summer, as well as reduce the overall availability of nutrients that stimulate algae growth. The following are a few approaches that have been successfully used to clean the pond. 1. If the pond has a bottom drain periodic changes of water (typically 10% per week) have been used to evacuate the accumulated debris from the bottom of the pond. This simple approach minimizes the amount of material that is removed at any one time as well as adds water to the pond on a periodic basis. Care must be taken when adding water to be sure that you have minimized the addition of chlorine and chloramines typically present in many municipal water supplies. This can be done either by pre-treating the water with dechlorination agents or by using a whole-house water filter with an activated carbon cartridge. 2. Using a net such as used in swimming pools is helpful for cleaning out large materials that have settled to the bottom of the pond. However, if there is a very large amount of debris in the pond you should be careful to either remove the fish or use supplemental aeration to avoid creating significant oxygen deprivation due to stirring up anaerobic or large amounts of oxygen-consuming muck. If you notice a rotten egg smell this indicates the presence of hydrogen sulfide. You should immediately stop stirring up the bottom and get the fish out of the water as soon as possible before continuing with the cleaning. 3. You can use a variety of devices for vacuuming the bottom of the pond. Some of these use a garden hose to create a suction through a venturi device. The potential problem with these devices is that the pond may fill up with too much water during a prolonged vacuuming and you may have a potential problem of adding chlorine and chloramines to your pond if you do not pretreat the water. Wet/dry shop vacs, specially those with an attachment for a garden hose to provide a continuous drain, have also been used. These devices may drain a large amount of water from the pond in a short time and therefore it is necessary to either replace the water or use the garden hose to add the water back into the pond through the biofilter. Care must be exercised in reintroducing water taken from the bottom of the pond in that it may be depleted of oxygen as well as have very high suspended sediment levels that may create problems for the fish. A third approach is to use a pump capable of handling a moderate level of solids (such as a sump pump) to pull water from the bottom of the pond and pass it through a device to strain out the majority of the solids and then recirculate the water back into the pond. Filtering materials such as old sweaters, panty hose, etc. have all been used with some success in this approach. In any of these approaches, if using an electrically powered device running on house voltage make sure that you have it plugged into a GFI protected circuit for your own safety. Ronaye, Steve and David
    ...See More

    I'm sure I can do it, but I don't know how---a computer type question

    Q

    Comments (6)
    Well, again this wonderful group came through again. I was 'today' old when I knew that iTunes was for everyone. I thought it was strictly an Apple product, for Apple users. Thanks Elmer, I downloaded it, and will play with my cd's tomorrow. Rob, I'll look through your link tomorrow as well. I'm thinking I can just add iTunes to my music list on my Sonos speaker (which has built-in Alexa)
    ...See More
  • 15 years ago
    last modified: 9 years ago

    you most definitely want malwarbytes antimalware, update and run full scan weekly let it clean what it finds, same with superantispyware do it weekly after update.
    a must have is spywareblaster which is not a scanner it simply requires a once a week update and then enable all protection and that is all.
    SUPERAntiSpyware Free Edition
    Malwarebytes' Anti-Malware
    SpywareBlaster

    do the scans weekly update spywareblaster weekly and enable protection.

    Make absolutely certain you have all your current windows updates done, go to windows update site choose custom allow it to scan your pc and install all critical updates, if you choose to skip sp3 if you do not have it that is ok but do all other critical updates. Start> all programs> at top windows update

    these are the directions for malwarebytes if you would run that scan and follow the directions to post your log here we can look at it and see if more needs to be done.

    Please download Malwarebytes' Anti-Malware to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    * Please post contents of that file in your next reply

    one thing you do not want to get and use are any type of registry cleaners stay far away from those.

  • 15 years ago
    last modified: 9 years ago

    Is your machine an XP or Vista??????

  • 15 years ago
    last modified: 9 years ago

    Thanks! good- these are all utilities i have been using except for the malwarebytes one. I noticed on the AVG forum they have all kinds of specific virus/worm removers..how do you know when you need to use those instead of these utilities?

    The windows update is showing me i should be installing service pack 3, but tells me i need to back up my files before installing. I have never backed up my files in the 5 years or so i have had this computer because i don't know how.. i notice dell has an online back up thing.. would it be ok for me to use that??
    so i won't run any of these scans or get the malware thing until i get my files backed up and the service pack 3 installed ..which probably won't be until sunday, but then i will post my results-- thanks again so much

  • 15 years ago
    last modified: 9 years ago

    If AVG should find a virus, worm, etc., it will give the name of it, and that would be the time to use one of the specific removers given on the forum. However, most of the time, AVG will be able to take care of the problem itself.

    As far as SP3, some have had problems with it, and that is why Raven told you to hold off on it. If you have all the other MS critical updates, you really don't have to do SP3. You can check where it says "hide this update" or something to that effect, and it will stop nagging you about it.

  • 15 years ago
    last modified: 9 years ago

    oh for dumn lol i didn't realize that is what the Sp3 meant.. ok then i will be happy to skip it

  • 15 years ago
    last modified: 9 years ago

    ok i searched how to clean out computer on here and did all of the suggestions. Here is my malware antibytes log..it showed 25 infections... how come my avg didn't detect any of these??
    Do i need to do anything else??

    Malwarebytes' Anti-Malware 1.34
    Database version: 1887
    Windows 5.1.2600 Service Pack 2

    3/22/2009 7:32:53 PM
    mbam-log-2009-03-22 (19-32-53).txt

    Scan type: Quick Scan
    Objects scanned: 110204
    Time elapsed: 46 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 17
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 8

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\"40ed8eba-3901-4145-bb5b-4e001586852b> (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\"40ed8eba-3901-4145-bb5b-4e001586852b> (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\"04a38f6b-006f-4247-ba4c-02a139d5531c> (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\"87255c51-cd7d-4506-b9ad-97606daf53f3> (Adware.Coupons) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\"2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c> (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\"3c2d2a1e-031f-4397-9614-87c932a848e0> (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\"9522b3fb-7a2b-4646-8af6-36e7f593073c> (Adware.Coupons) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\"e596df5f-4239-4d40-8367-ebadf0165917> (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\"b64f4a7c-97c9-11da-8bde-f66bad1e3f3a> (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\"2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6> (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\"7149e79c-dc19-4c5e-a53c-a54ddf75eee9> (Adware.MediaMotor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\"9522b3fb-7a2b-4646-8af6-36e7f593073c> (Adware.Coupons) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\"2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c> (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\SYSTEM32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\osmim.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\osrouter.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

  • 15 years ago
    last modified: 9 years ago

    Do this,

    Click Here to download HJTInstall.exe
    Save HJTInstall.exe to your desktop.
    Â Doubleclick on the HJTInstall.exe icon on your desktop.
    Â By default it will install to C:\Program Files\Trend Micro\HijackThis .
    Â Click on Install.
    Â It will create a HijackThis icon on the desktop.
    Â Once installed, it will launch Hijackthis.
    Â Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    Â Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log (no attachments) into your next post.
    DO NOT use the AnalyzeThis button, its findings are dangerous if misinterpreted.
    DO NOT have Hijackthis fix anything yet. Most of what HJT lists will be harmless or even required by your Operating System, a spyware fighter will guide you.

  • 15 years ago
    last modified: 9 years ago

    After you post that log do this:

    Double click the hijackthis Icon on the Desktop, Scroll down to Open the Misc Tools section" Click it at the bottom under System tools click "Open Uninstall Manager" over to the right click "Save List" Save it to your Desktop so you may find it, copy and paste it in your next reply..

  • 15 years ago
    last modified: 9 years ago

    ok here is the hijack this log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:01:17 PM, on 3/22/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\MozyHome\mozystat.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\AVG\AVG8\aAvgApi.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oprah.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - (53707962-6F74-2D53-2644-206D7942484F) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
    O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Google Dictionary Compression sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: (no name) - (E3215F20-3212-11D6-9F8B-00D0B743919D) - (no file)
    O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google Toolbar - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: (0CCA191D-13A6-4E29-B746-314DEE697D83) (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: (193C772A-87BE-4B19-A7BB-445B226FE9A1) (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: (20B845BF-450F-4C1E-AF60-3CC380CDE328) (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPluginNOSSO.ocx
    O16 - DPF: (30528230-99F7-4BB4-88D8-FA1D4F56A2AB) (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: (315B0BFB-2BD4-481B-80A3-A9B80727C61B) (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID=(896A23A1-5821-4609-A6C6-6D5536C585C9)
    O16 - DPF: (406B5949-7190-4245-91A9-30A17DE16AD0) (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: (4C39376E-FA9D-4349-BACC-D305C1750EF3) (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
    O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: (74C861A1-D548-4916-BC8A-FDE92EDFF62C) - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: (90C9629E-CD32-11D3-BBFB-00105A1F0D68) (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: (9600F64D-755F-11D4-A47F-0001023E6D5A) (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: (A17E30C4-A9BA-11D4-8673-60DB54C10000) (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: (A8F2B9BD-A6A0-486A-9744-18920D898429) (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: (BCBC9371-595D-11D4-A96D-00105A1CEF6C) (View22RTE Class) - http://kohler1.view22.com/app/view22RTE.cab
    O16 - DPF: (C02226EB-A5D7-4B1F-BD7E-635E46C2288D) (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.20.19/ttinst.cab
    O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: (CA034DCC-A580-4333-B52F-15F98C42E04C) (Downloader Class) - https://www.stopzilla.com/download/Auto_Installer/dwnldr.cab
    O16 - DPF: (CAFECAFE-0013-0001-0022-ABCDEFABCDEF) (JInitiator 1.3.1.22) - http://207.195.36.138:7778/forms/jinitiator/jinit.exe
    O16 - DPF: (EF99BD32-C1FB-11D2-892F-0090271D4F88) (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_12
    0.cab
    O16 - DPF: (F04A8AE2-A59D-11D2-8792-00C04F8EF29D) (Hotmail Attachments Control) - http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O17 - HKLM\System\CS2\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 0: (no name) - http://www.greys-media.com/main.jpg

    --
    End of file - 14567 bytes

  • 15 years ago
    last modified: 9 years ago

    Please go to the link below on that page CLICK Major Geeks by the American flag and run the McAfee_Consumer_Product_Removal_Tool_

    You have left over McAfee files on here that need to go since your using avg..

  • 15 years ago
    last modified: 9 years ago

    thanks...i thought i had gotten rid of the mcaffee a long time ago.. it showed up again a couple days ago for some odd reason. What do i do with this open hijack this page? is it ok to close even though i haven't fixed anything yet?

  • 15 years ago
    last modified: 9 years ago

    here is the mcaffee log.. it said it couldn't comlpete cleanup
    MCAFEE CLEANUP
    March 22, 2009 20:38:32
    INFO Cleanup will be scheduled and run.
    INFO Product mpfpcu to be removed from system.
    INFO Product mpfp to be removed from system.
    INFO Product mps to be removed from system.
    INFO Product shred to be removed from system.
    INFO Product mpscu to be removed from system.
    INFO Product mskcu to be removed from system.
    INFO Product msk to be removed from system.
    INFO Product emproxy to be removed from system.
    INFO Product mas to be removed from system.
    INFO Product fwdriver to be removed from system.
    INFO Product hw to be removed from system.
    INFO Product mbk to be removed from system.
    INFO Product mcproxy to be removed from system.
    INFO Product mhn to be removed from system.
    INFO Product mqccu to be removed from system.
    INFO Product mqc to be removed from system.
    INFO Product shrd to be removed from system.
    INFO Product nmc to be removed from system.
    INFO Product redir to be removed from system.
    INFO Product mna to be removed from system.
    INFO Product mwl to be removed from system.
    INFO Product msad to be removed from system.
    INFO Product vs to be removed from system.
    INFO Product msc to be removed from system.
    INFO Product mcpr to be removed from system.
    INFO Task Scheduler service started.
    WINERR IPersistFile::Save() failed. Error: 0x8007007a
    FAIL Error while running cleanup using Task Scheduler.

  • 15 years ago
    last modified: 9 years ago

    Back to Major Geeks pleas run the java1.13 tool,

    Again click Major Geeks by Flag.

  • 15 years ago
    last modified: 9 years ago

    Yes close hijack for don't fix anything we have a lot of entries to fix later or monday

  • 15 years ago
    last modified: 9 years ago

    After you complete javara 1.13 do this below to install fresh java.

    Download the latest version of Java Runtime Environment from link below and save it to your desktop.
    Look for "Java Runtime Environment (JRE)" JRE 6 Update 12.
    Click the Download button to the right.
    Select your Platform: "Windows".
    Select your Language: "Multi-language".
    Read the License Agreement, and then check the box that says: "Accept License Agreement".
    Click ]Continue and the page will refresh.
    Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    Close any programs you may have running - especially your web browser.
    Go to Start > Settings > Control Panel, double-click on [color=blue]Add/Remove Programs[/color] and remove all[older versions of Java.
    Check (highlight)any item with Java Runtime Environment (JRE or J2SE) in the name.
    Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
    Reboot your computer once all Java components are removed.
    Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.[/color]
    -- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
    -- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and [color=green]uncheck[/color] the box for Java Quick Starter Click Ok and reboot your computer.

  • 15 years ago
    last modified: 9 years ago

    You may need to print this out or view it on another computer

    After new java is installed do this and do it carefully making sure you get all entries an no others.

    Please open hijackthis close all other browser windows only have hijackthis open do a (SYSTEM SCAN ONLY) now with thw scan in front of you place a check mark in the following entries in the little box to the left of each the entry:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html

    R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - (no file)

    O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)

    O2 - BHO: (no name) - (E3215F20-3212-11D6-9F8B-00D0B743919D) - (no file)

    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

    O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

    O16 - DPF: (0CCA191D-13A6-4E29-B746-314DEE697D83) (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

    O16 - DPF: (193C772A-87BE-4B19-A7BB-445B226FE9A1) (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: (20B845BF-450F-4C1E-AF60-3CC380CDE328) (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPluginNOSSO.ocx

    O16 - DPF: (30528230-99F7-4BB4-88D8-FA1D4F56A2AB) (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: (315B0BFB-2BD4-481B-80A3-A9B80727C61B) (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID=(896A23A1-5821-4609-A6C6-6D5536C585C9)

    O16 - DPF: (406B5949-7190-4245-91A9-30A17DE16AD0) (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

    O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

    O16 - DPF: (4C39376E-FA9D-4349-BACC-D305C1750EF3) (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab

    O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

    O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

    O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

    O16 - DPF: (74C861A1-D548-4916-BC8A-FDE92EDFF62C) - http://mediaplayer.walmart.com/installer/install.cab

    O16 - DPF: (90C9629E-CD32-11D3-BBFB-00105A1F0D68) (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab

    O16 - DPF: (9600F64D-755F-11D4-A47F-0001023E6D5A) (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

    O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: (A17E30C4-A9BA-11D4-8673-60DB54C10000) (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll

    O16 - DPF: (A8F2B9BD-A6A0-486A-9744-18920D898429) (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

    O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

    O16 - DPF: (BCBC9371-595D-11D4-A96D-00105A1CEF6C) (View22RTE Class) - http://kohler1.view22.com/app/view22RTE.cab

    O16 - DPF: (C02226EB-A5D7-4B1F-BD7E-635E46C2288D) (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.20.19/ttinst.cab

    O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: (CA034DCC-A580-4333-B52F-15F98C42E04C) (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

    O16 - DPF: (CAFECAFE-0013-0001-0022-ABCDEFABCDEF) (JInitiator 1.3.1.22) - http://207.195.36.138:7778/forms/jinitiator/jinit.exe

    O16 - DPF: (EF99BD32-C1FB-11D2-892F-0090271D4F88) (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_12_0.cab

    Click fixed checked.

    Close hijackthis. Reboot/

    Please post a fresh log.

  • 15 years ago
    last modified: 9 years ago

    i am not understanding what the javal tool is supposed to do.. i don't htink it is working for me because it took me to a new version of win zip and then it says my trial period has expired and i need to purchase it to open the file.. in the 5 years i have had my computer i have always been able to use the trial version.. so anyway if i click the desktop icon all i get is a box that says java Ra 1.2 and it gives me options of search for updates, additional tasks etc...why am i getting this instead of the javal.13 tool??

  • 15 years ago
    last modified: 9 years ago

    ok i noticed the link above brought me to the java 1.2 tool and not java Ra 1.3.. i think??? Where do i find it??do i have to get rid of the jav 1.2 i just downloaded? Sorry i am so ignorant... and thanks so much for your help

  • 15 years ago
    last modified: 9 years ago

    Skip it we can remove it from the add remove program list remove old versions from there. Then install new version then do the hijack this fix above

    Just go into add/remove program list and remove anything with java on it.

    Please remove Ad- Aware also it will interfere w/fix

  • 15 years ago
    last modified: 9 years ago

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:10:32 PM, on 3/22/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\MozyHome\mozystat.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oprah.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - (53707962-6F74-2D53-2644-206D7942484F) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Google Dictionary Compression sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google Toolbar - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: (F04A8AE2-A59D-11D2-8792-00C04F8EF29D) (Hotmail Attachments Control) - http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O17 - HKLM\System\CS2\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 0: (no name) - http://www.greys-media.com/main.jpg

    --
    End of file - 9311 bytes

  • 15 years ago
    last modified: 9 years ago

    here is what is posted on the avg site in how to clean out an infected computer.. it doesn't say anywhere here that windows updates should all be done first like i have been advised here..but that makes sense and also i have not found in the advice given here or maybe i have missed it that you need to turn system restore on and off and run the scans in safe mode etc,.,. do you all feel that is necessary? Also It tells you to run the malware scan but doesn't tell you that you shouldn't click the fix it button like you advised me.. if i had not found this forum i would not have known how to clean out this infection... so i can see why i still am so infected~

    Turn off System Restore

    WinME and WinXP have a cool feature called System Restore. It is used to restore your computer to an earlier configuration in case of a problem. The only problem is that it wasn't made with malware in mind, and often it can't tell the difference between an infected file and a good file, so it can as easily restore an infected file if it had been in a protected area, effectively re-infecting your computer right after you have cleaned it. Because of this, it is recommended to turn off System Restore before you test, and when you're done, turn it back on so you are still protected from standard computer problems.

    For WindowsME

    Click Start, Settings, and then click Control Panel.
    Double-click the System icon. The System Properties dialog box appears.

    NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.

    Click the Performance tab, and then click File System.
    Click the Troubleshooting tab, and then check Disable System Restore.
    Click OK. Click Yes, when you are prompted to restart Windows.

    For WindowsXP

    Click Start.
    Right-click the My Computer icon, and then click Properties.
    Click the System Restore tab.
    Check "Turn off System Restore" or "Turn off System Restore on all drives."
    Click Apply.
    When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    Click OK.

    For Win Vista

    1. Open System by clicking the Start button , clicking Control Panel, clicking System and Maintenance, and then clicking System.
    2. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
    3. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.

    Carefully Look at Windows Add/Remove programs for suspicious programs

    Many of the spyware threats actually install into your system just like a regular program. Many may appear to be utilities that you may think are helpful but in reality aren't. Look for add-an toolbars, while toolbars like those provided by Google, MSN, Yahoo and other are great utils, there are many more that aren't and if in doubt check it out to see if ones you have are parasitic. Another common exploit are the Search helpers, WinTools, Gator products, IE Helper, Comet Cursor and many others just to name a very few. Peer-to-Peer (P2P) programs are another common source for these and even the ones that doen't come with spyware themselves are a high security risk that may lead to your system being infected or to spread infections like these. Remove all suspicious programs, if you accidentaly remove the wrong item, you may always re-install them later.

    Run Disk Clean-Up

    This actually comes with Windows and has been installed by default since Windows 98. You can find it by clicking the Start Button and then going to Programs / Accessories / System Tools / Disk Clean-up. I recommend selecting all of its options except the ones for Office Setup Files and Compress Old Files if you have them. While you may select those if you wish, they aren't as important. This will clean up all of the temporary files so your testing will go faster, and may also delete any spyware that may hiding there if the spyware isn't already running. To clear systems that have System Restore you will need to select the second tab and click the button for clearing this.

    Run AVG 8.x.xxx

    Most antivirus programs, including AVG, by default have their settings to only scan executable files in an attempt to speed up looking for infections. While most of the time this is just fine, the newest threats that can infect your computer have started getting sneaky on how they hide their files making it easier for them to reinfect your system if your antivirus program detected and removed their executable file. To help also detect these "backup" files that the infection leaves on your system, you should in my opinion, make a couple of changes to what your AVG scans during these tests from just executable files to all files.

    To change AVG's settings during a scan, open AVG's User Interface.
    Click the Computer scanner tab, then under the Scan whole computer area, select Change scan settings. Unselect Scan infectable files only and select all other checkmarks with the Automatically heal/remove infections and Scan for Tracking Cookies as options I'll let you decide if you want enabled or not.

    Now AVG will scan all of the files when you scan your computer. This will take longer to complete, but I feel it is a small price to pay for the added security it provides.

    Run MalwareByte's Anti-Malware

    Select to perform a Full Scan and then click the Scan button. This is another specialized util that not only targets Rogue spyware but other malware as well. This currently targets malware and rogues from 931+ vendors ( the malware authors ). The malware that is targeted in this category is very actively being updated by their authors because of the potential they have for making money. As with all antispyware utils, update this often and before each use to help give you the edge in fighting these malware.

    Run Spybot Searh and Destroy

    When you run it, it will automatically select all the spyware that it finds, if there is something you don't want to get rid of for some reason, deselect it and then let Spybot fix all of the rest of the problems that it finds. This program also will ask to restart your computer so it can test again if it has problems removing something, so let it.

    Run the scans again in Safe Mode. This will keep many of the parasites from loading and being able to hide from your protection software. To access Safe Mode on most versions of Windows, start tapping the [F8] key after you first start or restart your system, start tapping it before you ever see a Windows Splash Screen and continue until you get the Menu where you may select it from the list. On WinNT, this is called VGA mode and on Win2k you actually start tapping just after the first splash screen shows. For Detailed instructions see Restarting Your Computer in Safe Mode

    These procedures should have cleaned most cases of infection that you will find. Yes I said MOST because there are some infections that are very hard to detect and remove. Generally, if you have one of these, you will need the assistance of an expert to help you get rid of it.

    When you believe you are finished, remember to turn System Restore back on if you had turned it off.

    I recommend testing for parasites as often as you can, probably at least once a month if not more. The sooner you catch them, the less damage they can do to your computer, and the less chance of a hacker finding your sensitive information such as checking account info, passwords, etc.

    Windows Tip

    Windows itself, by default, hides certain files, system folders or file extentions from the user to make it easier to navigate. If you are having to find an infected file or just one you are looking for, this can cause you to not find it. If you wish you may change this to show all of the files on your computer.

    Open your My Computer icon (Either from your desktop or the Start Menu)
    Click the Tools menu and select Folder Options(on older systems it may be in the View menu)
    Select the View tab and scroll through the Advanced settings
    Enable or disable the following (using a checkmark to enable)

    enable - Show hidden files and folders
    disable - Hide extentions for known file types
    disable - Hide protected operating system files (WinME and WinXP only)

    Now click Apply and Ok

    For Win Vista info. see this link [www.howtogeek.com].

    How to find an embedded infection

    AVG 8 Free now detects infections in areas that it was unable to before. The most notable are ones embedded inside of archives. Since AVG can't determine if you created the archive or if it was a parasite that created it, they leave these alone so you may have a chance to recover uninfected files from the archive and then you simply delete the archive when done. Infections that are inside of an archive aren't a direct threat to your system unless the file gets extracted to allow it to run. Grisoft has chose this method because it is safer for your data that the archive may contain.

    For someone that is new to looking for these embedded infections, it can be a little confusing with the way that AVG will list the file because it also must include the archive file name that contains it in the full path/filename. The following is an example that I made up to highlight the info so you will know which filename to look for so you may either extract files and or delete the correct file. I will color code these for you, but AVG will not.

    AVG will give you a name like...

    C:\Windows\Temp\InfectedArchive.cab:\InfectedFile.exe

    The location of the file is in C:\Windows\Temp
    The archive that contains the infection is InfectedArchive.cab
    And the actual infected file inside of the archive is InfectedFile.exe

    Note the ":\" that seperates the archive from the file it contains.
    After you have recovered any files inside of the archive that you may want to keep (other than the infected one that is) just simple delete the whole archive.. in this example the file to delete would be InfectedArchive.cab

    It looks harder than it really is.. just remember the file you want to look for is named just before the last ":\"

    Most of the time, you won't have any files to recover inside of the archives. The only time this isn't true is if it is an archive that you had created yourself. If you didn't create it.. just delete and move on.

  • 15 years ago
    last modified: 9 years ago

    Do the same with these entries that you did before.

    O4 - HKCU\..\Run: [DellTransferAgent] \"C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe\"

    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    O4 - HKCU\..\Run: [DellTransferAgent] \"C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe\"

    O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)

    Try to run the McAfee Removal tool in safe mode
    mode, here is how to get in safe mode

    1. Restart your computer.
    2. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
    3. Select the option for Safe Mode using the arrow keys.
    4. Then press enter on your keyboard to boot into Safe Mode.
    5. Do whatever tasks you require (RUN THE McAfee Tool) and when you are done reboot to boot back into normal mode.

    Don't worry making a lot of progress....

  • 15 years ago
    last modified: 9 years ago

    Post a fresh log.

    If McAfee is stubborn we can stop all McAfee services running w/HJT and then run the removal tool again, lets see how safe mode goes first.

  • 15 years ago
    last modified: 9 years ago

    We are not removing an infection I just wanted to see the log after Malwarebytes ran to check, and found all this other unnecessary stuff, it's just a basic clean up an the computer should run better.

  • 15 years ago
    last modified: 9 years ago

    thanks again.. so much.. I did run the hijackthis scan again..except the 1st one and the 4th one you listed are exactly the same, right? So i only "fixed' 4 of the 5. Do you need me to post another log?
    my computer fan is making some awful nosies, so I am off to bed but will try the mcafee removal thing in the am if i have time... I have chemo tomorrow, so if i am unable to respond.. i may be back on tuesday...
    ithe fan on my computer is making

  • 15 years ago
    last modified: 9 years ago

    See you tuesday,

    Good nite.

    zep

  • 15 years ago
    last modified: 9 years ago

    sorry i should have read your other 2 posts before writing my last one...didn;t see them... will post my log shortly before going off to bed-

  • 15 years ago
    last modified: 9 years ago

    So i only "fixed' 4 of the 5.

    That's right late an I'M working another forum as well....That's enough........

  • 15 years ago
    last modified: 9 years ago

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:10:53 AM, on 3/23/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MozyHome\mozystat.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oprah.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - (53707962-6F74-2D53-2644-206D7942484F) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Google Dictionary Compression sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google Toolbar - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: (F04A8AE2-A59D-11D2-8792-00C04F8EF29D) (Hotmail Attachments Control) - http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O17 - HKLM\System\CS2\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 0: (no name) - http://www.greys-media.com/main.jpg

    --
    End of file - 8779 bytes

  • 15 years ago
    last modified: 9 years ago

    When you get time try this if the safe mode does not work for removing McAfee.

    Do a system scan only place a check mark in the following entries"

    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

    Click fixed checked.

    Close HJT, do not re boot

    Now run the McAfee tool,

  • 15 years ago
    last modified: 9 years ago

    Do you really need all this,

    O2 - BHO: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

    O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

    O2 - BHO: Windows Live Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\Windows Live Toolbar\msntb.dll

    O2 - BHO: Google Dictionary Compression sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

    I have no clue how you can see anything with all this nonsense.

  • 15 years ago
    last modified: 9 years ago

    nope don't need any of it..i can rid of it all..sometimes i don't even know where they come from...my kids maybe..

  • 15 years ago
    last modified: 9 years ago

    Do you want to work on this now or wait? if it's not a good time for you that's ok, we need to only work on McAfee for now or later so you could follow all those instructions for removing it.

    But do this for me now if you can.

    Double click the hijackthis Icon on the Desktop, Scroll down to Open the Misc Tools section" Click it at the bottom under System tools click "Open Uninstall Manager" over to the right click "Save List" Save it to your Desktop so you may find it, copy and paste it in your next reply..

  • 15 years ago
    last modified: 9 years ago

    "BR's PhotoArchiver 4"
    ABBYY FineReader 5.0 Sprint
    Adobe Acrobat 5.0
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Reader 8.1.2
    Apple Software Update
    AVG 8.5
    AVG Anti-Rootkit Free
    BCM V.92 56K Modem
    Bonjour
    Britannica Ready Reference
    BUM
    Cabela's Big Game Hunter 2004 Season
    CCleaner (remove only)
    CCScore
    Coupon Printer for Windows
    Critical Update for Windows Media Player 11 (KB959772)
    DAO
    Dell AIO Printer A920
    Dell Digital Jukebox Driver
    Dell Solution Center
    DellSupport
    DivX
    DivX Content Uploader
    DivX Player
    DivX Web Player
    DS21Patch
    DVDSentry
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESShelp
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    essvcpt
    Event Planner
    Google Toolbar for Internet Explorer
    Google Updater
    Hallmark Card Studio 2 Standard
    Hallmark Holiday Card Studio
    HijackThis 2.0.2
    HLPPDOCK
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet
    InterActual Player
    iTunes
    Java(TM) 6 Update 12
    kgcbase
    Kodak EasyShare software
    KSU
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware
    Malwarebytes' RogueRemover
    McAfee SecurityCenter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Standard
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works 4.5
    Microsoft Works Calendar 1.0
    Microsoft Works Setup Launcher
    Modem Helper
    MozyHome Remote Backup
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Musicmatch® Jukebox
    Notifier
    NVIDIA Windows 2000/XP Display Drivers
    OfotoXMI
    Oracle JInitiator 1.3.1.22
    OTtBP
    OTtBPSDK
    Paint Shop Pro 7
    Panda ActiveScan
    Photo Organizer
    Photo Story 3 for Windows
    PowerDVD
    QuickTime
    RealPlayer
    RegCure 1.4.0.4
    Rhapsody Player Engine
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    SFR
    SHASTA
    Sibelius Scorch (ActiveX Only)
    SKIN0001
    SKINXSDK
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    Sound Blaster Live!
    Spybot - Search & Destroy 1.4
    SpywareBlaster 4.1
    staticcr
    SUPERAntiSpyware Free Edition
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Viewpoint Media Player (Remove Only)
    VPRINTOL
    WeatherBug
    WebIQ Technology Engine
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WinZip
    WIRELESS
    WordPerfect Office 11
    XviD 1.1 final uninstall
    Yahoo! Internet Mail
    ZoneAlarm

  • 15 years ago
    last modified: 9 years ago

    Remove the following programs:

    Google Toolbar for Internet Explorer uninstall for now can be reinstalled if you find you want it later...

    Google Updater---This runs on pc..

    McAfee SecurityCenter----See What happens there could booot to safe mode to do it.

    RealPlayer--Intrusive Program all it does is play Real Media files, there is an alternative if needed...

    Windows Live Toolbar ----Listed twice not sure why..

    Windows Live Toolbar-----------------------------..

    WeatherBug Almost spyware....

    RegCure 1.4.0.4 Not recommend to use a registry cleaner.

    Musicmatch® Jukebox Unless the kids use it.

  • 15 years ago
    last modified: 9 years ago

    i am assuming i should remove these in the add remove programs..or do i need to be doing something with them in hijack this? I am really bummed about the weather bug thing because we use it constantly... before i remove it i need to find a safe alternative... i did notice on my zone alarm this am that weather bug had a green check next to the internet server and that worried me. I knew the other day to not give anything server rights... is it possible this happened on it's own.. or did it have to be me doing it???
    I will try the mcaffee removal thing shortly. thanks

  • 15 years ago
    last modified: 9 years ago

    Keep weather bug for now if you want. Don't do anything with hijackthis at any time less I tell you....

    Let me know about McAfee....

  • 15 years ago
    last modified: 9 years ago

    if you use firefox browser the add on forecastfox is way better than weather bug and not spyware.

  • 15 years ago
    last modified: 9 years ago

    good to know about the firefox. I will look into it. I did the mcaffee removal in safe mode and it said some products may not be fully removed and then said incomplete cleanup when i was done, but when i went into hijack this to check those boxes you gave me on the mcaffee they are not there.. so can i assume it was removed then?

    I also need to ask.. all these scans and removals etc...including the virus scans/ spyware scans/cleaning out files etc.. can i assume they will affect the whole computer or do i also need to go into my husbands log in page and run all the scans on his stuff too? thanks

  • 15 years ago
    last modified: 9 years ago

    Post a fresh hjt log please.

  • 15 years ago
    last modified: 9 years ago

    Only have hIjackthis open close all browser windows when you do the scan please then post it.

  • 15 years ago
    last modified: 9 years ago

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:57:20 AM, on 3/24/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MozyHome\mozystat.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oprah.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - (53707962-6F74-2D53-2644-206D7942484F) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Windows Live Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: (F04A8AE2-A59D-11D2-8792-00C04F8EF29D) (Hotmail Attachments Control) - http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O17 - HKLM\System\CS2\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 0: (no name) - http://www.greys-media.com/main.jpg

    --
    End of file - 7561 bytes

    I am still seeing windows live toolbar on here..weird. I will have to go back into add/remove and see if it is still listed.. could have swore i removed it

  • 15 years ago
    last modified: 9 years ago

    Please do this also:

    Internet Explorer - use the mouse right-click on the AVG toolbar and check-off the AVGTOOLBAR option in the list.

    then

    disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.

    Post a fresh log.

  • 15 years ago
    last modified: 9 years ago

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:34:22 PM, on 3/24/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MozyHome\mozystat.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oprah.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - (53707962-6F74-2D53-2644-206D7942484F) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Windows Live Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: (F04A8AE2-A59D-11D2-8792-00C04F8EF29D) (Hotmail Attachments Control) - http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O17 - HKLM\System\CS2\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 0: (no name) - http://www.greys-media.com/main.jpg

    --
    End of file - 7290 bytes

  • 15 years ago
    last modified: 9 years ago

    Open HJT do a system scan only close all browser windows place a check mark in these entries if still there:

    O2 - BHO: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    O2 - BHO: Windows Live Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\Windows Live Toolbar\msntb.dll

    O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C:\Program Files\Windows Live Toolbar\msntb.dll

    O3 - Toolbar: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    Click fixed checked,

    Close HJT

    Reboot

    Post a fresh log.

    Almost done.

  • 15 years ago
    last modified: 9 years ago

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:53:39 PM, on 3/24/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\MozyHome\mozystat.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oprah.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - (53707962-6F74-2D53-2644-206D7942484F) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: (F04A8AE2-A59D-11D2-8792-00C04F8EF29D) (Hotmail Attachments Control) - http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O17 - HKLM\System\CS2\Services\Tcpip\..\(4D7C7228-2B7C-4C19-AB8B-80BFC676C5B9): NameServer = 65.61.64.5,65.61.65.5
    O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 0: (no name) - http://www.greys-media.com/main.jpg

    --
    End of file - 6693 bytes

  • 15 years ago
    last modified: 9 years ago

    Download ATF Cleaner by Atribune to your Desktop.


    Note: Vista users must use Run As Administrator
    Under Main: Select Files to Delete choose: Select All
    Click the Empty Selected button.

    If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selectedbutton.

    If you would like to keep your saved passwords click No at the prompt If you use Opera browser clickOperaat the top and choose: Select All

    Click the Empty Selected button. If you would like to keep your saved passwords click No at the prompt Click Exit on the Main menu to close the program.

    UNCHECK THE RECYCLE BIN IF YOU STILL HAVE THOSE PHOTOS IN THERE

    This tool will cause the next few reboots to be slow dont worry it will return to normal after a few.

    Please see links for additional information:

    click Here

    click Here

  • 15 years ago
    last modified: 9 years ago

    thanks

Sponsored
Outdoor Spaces
Average rating: 5 out of 5 stars19 Reviews
Experienced Full Service Landscape Design Firm Serving Loudoun County