Jump to content

1972vet

Experts
  • Posts

    1,357
  • Joined

  • Last visited

Posts posted by 1972vet

  1. I'm puzzled as to why ESET missed the few trojans you still have in residence. ESET of all would certainly have squawked about a few of these but why it reported finding nothing is a mystery...

    Download and scan with SUPERAntiSpyware Free for Home Users

    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.

      [*]Click the "Close" button to leave the control center screen.

      [*]Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

      [*]On the left, make sure you check C:\Fixed Drive.

      [*]On the right, under "Complete Scan", choose Perform Complete Scan.

      [*]Click "Next" to start the scan. Please be patient while it scans your computer.

      [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".

      [*]Make sure everything has a checkmark next to it and click "Next".

      [*]A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

      [*]If asked if you want to reboot, click "Yes".

      [*]To retrieve the removal information after reboot, launch SUPERAntispyware again.

      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.

      [*]Click Close to exit the program.

  2. The log looks clean. You can remove these few stray Registry entries...but we need to disable your Spybot Search and Destroy's Registry protection feature "Tea Timer" first to prevent interference with hijackthis:

    1) Run Spybot-S&D

    2) Go to the Mode menu, and make sure "Advanced Mode" is selected

    3) On the left hand side, choose Tools -> Resident

    4) Uncheck "Resident TeaTimer" and OK any prompts

    5) Restart your computer.

    Run HijackThis again and check the box next to these entries:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    Now close all windows except for the HijackThis application's window, then click the Fix Checked button.

    Reboot and post a fresh HijackThis log. Advise how the system behaves for you now. Thanks!

  3. What threats did ESET find? You're able to paste the logs here, can you run the ESET scan again and save the results...to do this, click "File" from the menu at the top of the browser. Scroll down to and select "Save as" and save it to your desktop. Change the Save as type: to "Text File (*.txt)", leave the file name as it is then click the Save button. Post that text file back here on your next reply. Thanks!

  4. Since you have not responded for more than five days, this thread is being closed to prevent others from posting here. If you need this thread reopened, please PM one of the Moderators.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

  5. This issue appears resolved and the thread is closed to prevent others from posting here.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

  6. Glad you were able to resolve the issue. If you want to remove McAfee, use their Removal Tool to be certain all remnants are removed.

    You can select and install One of these free antivirus applications:

    I personally recommend AntiVir

    AVG Free for Windows

    AntiVir Personal Edition Classic

    Avast! 4 Home Edition

    After successful installation, please reboot the computer.

    Now that your system is clean and running the way you expect, let's create a new restore point you can refer to should the need arise at some point in the future.

    Please click "Start->Programs->Accessories->System Tools->System Restore". In the new window, check the 'Create a restore point' in the right pane and click "Next". In the "Restore point description" textbox, name your restore point to something you will easily recognize. I recommend something like yyyymmdd_Clean (ex. 20060101_Clean) Click "Create" and reboot your computer.

    To assist in the prevention of spyware infections:

    Immunize your browser by installing Spywareblaster. What does it do?

    • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
    • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
    • Restricts the actions of potentially unwanted sites in Internet Explorer.

    Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

    Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

    You should always have at least (but not more than ) one of these types of third party firewalls running on board:

    Kerio Personal Firewall

    Zone Alarm

    Outpost Free

    Comodo

    Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

    Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

    Using an alternate browser can reduce your chance of certain infections installing themselves. We recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

    If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

    Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup.

    Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

    Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

    So how did I get infected in the first place?

    Regards, and Happy Surfing!

  7. Computer and browser slowness are not always malware related

    Poor performance and other problems can be the result of disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, dirty hardware, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.

    Listed below are a few things you can do to improve speed and system performance. Many of the these suggestions will apply if you're using Windows Vista but may be done a bit differently. Near the bottom of this thread there is a section specifically devoted to Vista Users.

    For browser problems, see:

    If your having connectivity issues or errors such as Page cannot be displayed see

    If you're using Vista or Internet Explorer 7, see

    If you have a lot of toolbars and add-ons attached to Internet Explorer, you could try improving performance by disabling those which are unecessary. See:

    [*]Control Internet Explorer Add-ons with Add-on Manager

    [*]Troubleshooting and Internet Explorer

  8. Your log is fine. Your issues with AOL may be resolved by following these recommendations.

    If you are successful in reinstalling the AOL software and are bothered by any of the ViewPoint features, you can prevent Viewpoint Manager, Viewpoint Media Player from being recreated every time you run the AOL software:

    Open AOL

    Go to Help on the toolbar

    Select About AOL

    Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.

    Another way to prevent Viewpoint from being recreated every time you run the AOL software is:

    Click C:\Program Files\AOL 9.0\Jiti (a hidden folder).

    Rename viewpoint.exe to viewpoint.old.

    Also look in Services for Viewpoint Manager Service - Viewpoint Corporation

    Click 'properties' and disable it.

    Let us know if you are having any other issues. Thanks!

  9. Glad we could help...As this issue appears resolved now this thread is closed to prevent others from posting here.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

  10. Download "Dial-a-fix" from Here and save it to your Desktop. Right-click on the .zip file and select Extract All...open the folder and double-click the Dial-a-fix.exe icon. Place a check in the box for the option titled "Fix Windows Update" under the heading WU/WUAU, then click the Go button at the bottom. Follow the prompts. When completed, try the Windows Update site again. Post back your results. Thanks!

  11. This "Add or Remove Programs" entry corresponds to a program that is either malware, installs malware, or is bundled with malware:

    Home Key Logger Free Edition v1.70 (remove only)

    If, during the installation of this program, you received some option which would allow you to elect not to install the malware that's bundled with it, then it should be safe to leave the program installed...that is, if you think you have some need to use it. Otherwise, Please uninstall the program. Upon successful uninstall, please reboot the computer. Re-activate your NOD32 or ZoneAlarm, whichever you disabled. Post back and let us know if you are still having any issues. Thanks!

  12. The log looks clean. There are these two entries you can remove:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online

    O4 - Global Startup: Digital Line Detect.lnk = ?

    Don't forget to close all windows before clicking Fix Checked. Please do reinstall the AOL software that you wish to use and post back a fresh HijackThis log. To satisfy my curiosity, I'd like to see what components of viewpoint appear in the log with the AOL software freshly reinstalled. Thanks!

  13. I see nothing in that log that would be causing any system crash and nothing that points to a reason for them either...

    I'd leave things as they are for now. There are no known incompatibility issues between ZoneAlarm and Nod32. Let's see an uninstall list:

    Open HijackThis. Click-->Open the Misc Tools section-->Open Uninstall Manager-->Save list...and save the list to your Desktop, then close HijackThis.

    A notepad file will open. Copy and paste the content of that text file back here on your next reply.

  14. Ahh...and just as I was about to close this thread

    As the logs appear to be clean, I would surmise that what was done to the system by following the instructions from the user who first began posting in response to your help request may have some bearing...and since I didn't see what was done, I really can't say with certainty what all might be involved.

    If your system is shutting down on it's own, that could relate to a crash issue. When these shut downs occurred, did your screen turn blue with white text? If so...and if it happens again, please write down the exact message the screen presents, specifically paying attention to what driver file may be listed as a culprit (near the bottom of the screen).

    Please post the System event log so we can have a look...something there may give us a clue:

    • Click start | run | then paste or type eventvwr.msc and then hit Enter.
    • When the Event Viewer opens, click System in the left pane.
    • From the Menu at the top, Click Action | Save Log File As
    • Change the Save As Type to "Text" (.txt)
    • then save the system event log as mysystem.txt
    • Save the log to your Desktop
    • Paste the log back here on your next reply.
  15. Yes, it was late when I glanced over your log but wanted to just give you a good starting point.

    Viewpoint is Foistware. I've only had one user complain that his internet connection broke when uninstalling viewpoint manager service but this was due to his AOL service provider. I see you don't use AOL for your IP so in your case, this software was forced upon you...probably while your SmitFraud infection was active.

    Return to the add/remove programs and look for any of these:

    Viewpoint

    Viewpoint Toolbar

    Viewpoint View Manager

    Viewpoint Media Player

    ...if located, click Remove for each.

    Your log also shows us a couple of other software vulnerabilities...java is one of them and your RoadRunner software is the other.

    Please follow these steps to remove older version Java components

    1. Close any open programs you may have running, especially your web

    browser.

    2. Click Start-->Control Panel-->Add or Remove Programs.

    3. Click once on any item listing Java Runtime Environment in the name (to highlight it) then click the "Remove" or "Change/Remove" button.

    Not every version of Java will begin with "Java" so be sure to read each entry in the list.

    Repeat step 3 as many times as necessary to remove all versions of Java.

    **If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.

    4. Navigate to and delete:

    • C:\Program Files\Java <=this folder if found

    5. Then go to this page.

    Scroll down to where it says "The Java Runtime Environment (JRE) allows end-users to run Java applications" and click the "Download" button to the right. Select the platform for "Windows".

    6. Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement", then click Continue...The page will refresh

    Then, click on the link to download Windows Offline Installation. Save it to your desktop.

    Now, from your desktop, double-click on the executable to install the newest version.

    I'm assuming you no longer use RoadRunner for your ISP...I assume so since the ActiveX controls that install with some RR software have been reported to contain vulnerabilities that could allow a remote attacker to execute arbitrary code on a vulnerable system. This was reported last year which is why I'm assuming you no longer use that service. It's my guess that ISP would have patched this for you. Since you no longer use it, we need to remove it.

    Next, please run HijackThis again and check the box next to these entries that may still exist:

    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

    O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatDeviceConnect.exe

    O9 - Extra button: (no name) - SOFTWARE - (no file)

    O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - http://supportcenter.rr.com/sdccommon/download/tgctlins.cab (http://supportcenter.rr.com/sdccommon/download/tgctlins.cab)

    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://supportcenter.rr.com/sdccommon/download/tgctlsi.cab (http://supportcenter.rr.com/sdccommon/download/tgctlsi.cab)

    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab)

    O22 - SharedTaskScheduler: ceroxylon - {c96395b8-ab09-46a4-b539-7ddf6e061808} - (no file)

    Close all windows except for the HijackThis application's window...(that includes this browser window) Then click the Fix Checked button.

    Locate and delete the following files/folders indicated in Bold text:

    C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

    C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

    C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatDeviceConnect.exe

    ***Note***

    Once you've deleted the programs folder, the associated files will also disappear so no need to go searching for them.

    Reboot and post back a fresh HijackThis log and advise how the system behaves for you now. Thanks!

  16. I see a couple of things wrong here...presently it appears that your poor performance issues would directly relate to having more than one antivirus application running on board. You have both McAfee and Symantec running. Please decide which to keep and uninstall the other.

    While you are in the add/remove programs, please uninstall the Viewpoint Manager Service as well.

    You could run another manual update of mbam and scan again. The application is actually designed to run best in your normal user mode. Run the "Quick" scan and post back that log along with a fresh HijackThis log. Thanks!

  17. Excellent...you did good work! Now you should delete these:

    FindFile.bat

    Symantec Removal Tool

    McAfee Removal Tool

    FindFolders.bat

    Click start-->run...then copy and paste the Bold text below into the run box and click "OK":

    ComboFix /u

    Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically.

    To assist in the prevention of spyware infections:

    Immunize your browser by installing Spywareblaster. What does it do?

    • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
    • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
    • Restricts the actions of potentially unwanted sites in Internet Explorer.

    Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

    Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

    You should always have at least (but not more than ) one of these types of third party firewalls running on board:

    Kerio Personal Firewall

    Zone Alarm

    Outpost Free

    Comodo

    Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

    Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

    Using an alternate browser can reduce your chance of certain infections installing themselves. We recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

    If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

    Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup.

    Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

    Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

    So how did I get infected in the first place?

    Regards, and Happy Surfing!

  18. From the logs appearance, things should be running fine. There's a stray registry entry we overlooked that needs to be cleaned up

    You can run HijackThis again and check/fix this one:

    O4 - HKCU\..\Run: [itfy] C:\WINDOWS\system32\??rvices.exe

    Don't forget to close all windows before clicking Fix Checked then reboot to properly record the changes to the hard disk.

    Post back a fresh HijackThis log and advise how the system is performing for you now. Thanks!

  19. Your HijackThis log indicates crash issues you've had. Having more than one antivirus application running can certainly contribute to an unstable environment. I believe we already removed one of the antivirus programs (Symantec) but there is another driver file that is running from an old McAfee installation here:

    C:\WINDOWS\system32\drivers\SGuard.sys

    Uninstall your McAfee product using Add/Remove Programs in the Windows Control Panel...if you don't find anything listed there, then use the McAfee Consumer Product Removal tool (MCPR.exe).

    Please open a blank Notepad by clicking start-->run

    Then, in the run box type Notepad.exe and click "OK".

    Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

    Combofix will run again automatically. Please post back the new log that will be generated along with a fresh HijackThis log. Thanks!

    File::

    C:\WINDOWS\system\actualspystart.lnk

    C:\WINDOWS\system32\??rvices.exe

    Folder::

    C:\Documents and Settings\All Users\Application Data\Soulseek

    C:\Program Files\2SoulseekNS

    C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire

    C:\Documents and Settings\damageplan.BEYOND\Application Data\Azureus

    D:\Program Files\Azureus

    D:\Program Files\Soulseek

    D:\Program Files\1Soulseek

    D:\Program Files\SoulseekNS

    Registry::

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "C:\Program Files\LimeWire\LimeWire.exe"=-

    "D:\Program Files\Azureus\Azureus.exe"=-

    "D:\Program Files\Soulseek\slsk.exe"=-

    "D:\Program Files\1Soulseek\slsk.exe"=-

    "D:\Program Files\SoulseekNS\slsk.exe"=-

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.