Jump to content
Sign in to follow this  
mountaintree16

My Malwarebytes Log

Recommended Posts

Here is my Malwarebytes Log from my computer. I will download, scan, and post HiJackThis as soon as possible! I would do it tonight but I have had a long day and its late and I need to get some sleep ;)

Malwarebytes' Anti-Malware 1.37

Database version: 2183

Windows 5.1.2600 Service Pack 3

5/27/2009 12:24:51 AM

mbam-log-2009-05-27 (00-24-51).txt

Scan type: Quick Scan

Objects scanned: 86084

Time elapsed: 8 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

This is the log from the other day when I got infected by the Heuristics.Malware, in case that is helpful

Malwarebytes' Anti-Malware 1.36

Database version: 2179

Windows 5.1.2600 Service Pack 3

5/25/2009 11:54:03 PM

mbam-log-2009-05-25 (23-54-03).txt

Scan type: Quick Scan

Objects scanned: 85977

Time elapsed: 9 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\Temp\cd1d2654-6028-4647-9888-fd042bae2fbd.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

Thank you for replying! :P

Please read my thread here:

http://www.malwarebytes.org/forums/index.php?showtopic=16083

The basics are:

A few months ago I encountered a website, antimalwarescanner . com and although nothing appears to have gotten onto my computer, I am still concerned that there might be something hiding on it. I want to run the HiJackThis just in case to see if there might be something hiding on my system.

Also, Spyware Doctor found something called Adware.Generic and I don't know if its actually on my system or not. AVG Internet Security Suite hasn't found it, Malwarebytes hasn't found it, and SpyBot hasn't found it. I did online searches on it but I wasn't able to really find any information on it.

The programs I run for internet protection and computer protection are the three I listed above. (minus Spyware Doctor because it slowed down the system horribly.) Also, the computer has been much slower since the antimalwarescanner incident. Before that happened, the computer ran much faster. I don't know if it is because of something that might be on my computer or because of the fact that I had Spyware Doctor at one point. I share this computer with my husband and he has complained that it has been really slow since all this has happened. It is slow to start up (taking about 5 minutes to boot up) and then another 5 minutes approximately for the desktop to load up correctly, and then Firefox is a little slow to open too, the first time, especially if you don't wait for everything to load up on the computer first.

Oh, and, a couple nights ago, Malwarebytes found something called "Heuristics.Malware" on my computer also, which I removed. I have done two scans since then and nothing has been found.

I explained everything in more detail in that thread (what I think is going on) if you don't mind taking a look :D

Share this post


Link to post
Share on other sites

Hi,

I've already read that thread before and it looks like you are worrying too much :P

Do you still get these redirections? If not, then there's nothing to worry.

Also, keep in mind that some sites may have a script inserted that causes these redirections though. For example, when I would visit that site, I would get the same. That doesn't mean that my computer is infected :D

Share this post


Link to post
Share on other sites

I have not gotten these redirections since. I changed the settings on Firefox though to warn when its going to happen. My email usually overrides it but other sites it blocks.

Hmm. I know that some sites redirect, but this particular site was found to be an advertisement for the rogue Anti Virus 2009 program

.

Also, when I was doing online searches on this website, one of the few things I was able to find, it was a news article from a paper that was online. It basically indicated that a lot of the time (although it wasn't a definite) that if you got this redirection, you probably already had a trojan.

Also, the other thing that is concerning me is the fact that Spyware Doctor picked up Adware.Generic, but Malwarebytes, SpyBot, and AVG didn't. I was going to purchase Spyware Doctor again just to get rid of it, but it slowed down my computer really badly and I didn't want to possibly have to ask for a refund again. Do you know anything about Adware.Generic? I still think its on my computer because I was never able to get rid of it after finding it with Spyware Doctor because I didn't purchase the program again.

When you visited myspace or facebook, the same redirection happened to you?

Ever since the first redirection, the computer has been slower.

Hi,

I've already read that thread before and it looks like you are worrying too much :P

Do you still get these redirections? If not, then there's nothing to worry.

Also, keep in mind that some sites may have a script inserted that causes these redirections though. For example, when I would visit that site, I would get the same. That doesn't mean that my computer is infected :D

Share this post


Link to post
Share on other sites

Hi,

As I explained, if you get it on a particular site, then there's nothing to worry, because I would get the same - so that doesn't mean that your computer is infected.

I suggest, if you use Firefox, that you install the Noscript extension. This may already prevent a lot.

Adware.Generic, as the name says itself is a generic detection and may not even be malware. It would have been easier for me if I knew what file was detected like that and where it is located. Then I could tell you if it's malware or not.

Whatever you were dealing with previously, you don't have it anymore, so don't search for something that's not even there :P

For slow computers: Help! My computer is slow!

Share this post


Link to post
Share on other sites

Thank you very much!

Can I find the Noscript extension on the Firefox website? What exactly does it do by the way? I don't know a lot about scripts.

As for the Adware.Generic, I was thinking I could install Spyware Doctor again (I still have the setup and the scanning is free, I just can't remove anything unless I buy it) and run the scan, if it comes up with it, do a screen shot of it and show it do you. I believe that it shows the pathfile in the results. What do you think?

Well thank you very much! I am reading that page on your blog now. Very good stuff :P

Share this post


Link to post
Share on other sites

Hi,

As for the Adware.Generic, I was thinking I could install Spyware Doctor again (I still have the setup and the scanning is free, I just can't remove anything unless I buy it) and run the scan, if it comes up with it, do a screen shot of it and show it do you. I believe that it shows the pathfile in the results. What do you think?
That's an idea. No need to make a screenshot of it, just type what it says there - what file exactly + path where it is located, or key is detected.

The Noscript is an extension: http://noscript.net/

It's all explained there what it does :P

Share this post


Link to post
Share on other sites

Okay, thanks. I'll do that as soon as I can. Should I do it in this thread that we have going here or make a new one?

Thank you for the link!

EDIT: I went to the site, and it seemed full of ads and stuff. I am not sure where I should actually click or go to to get the real thing. I clicked on the getit tab and went over the manual download link and Firefox blocked it. There is also a button to download it and I see from looking in the lower left corner of the page that it is from the Mozilla website. Which should I use?

I actually came across your blog a few weeks ago and I was just reading through it again and I was mostly recently on your rants page. You know a lot and make it very easy to understand, so thank you :D

I have to say that after reading that page and poking around on your blog, I am pretty scared. It seems like there could be something lurking on any page (malware, worm, etc...) that can get onto your computer and you wouldn't even know it!! It makes me terrified to go online.

It's really amazing how many people don't know that they need a firewall and an antivirus. I already knew that, but after reading your blog, wow!

I am pretty sure that I am going to purchase the full version of Malwarebytes but I did have a few questions. I know it provides realtime protection and blocks things before they can even get in. What exactly is it blocking? Malware, trojans etc, or anything dangerous?

I also have a few more questions for you, but I'll ask you them next time :)

Thank you again so much, you're very helpful :P

Share this post


Link to post
Share on other sites

Hi,

EDIT: I went to the site, and it seemed full of ads and stuff. I am not sure where I should actually click or go to to get the real thing. I clicked on the getit tab and went over the manual download link and Firefox blocked it. There is also a button to download it and I see from looking in the lower left corner of the page that it is from the Mozilla website. Which should I use?
This is confusing... http://noscript.net/ is the official site for Noscript. There you can read what it is and what it exactly does. It's 100% safe. The plugin itself can be found here: http://noscript.net/getit

Firefox blocks every download of extension by default until you allow it.

The ads are just google ads you see there. :P

What exactly is it blocking? Malware, trojans etc, or anything dangerous?
It blocks anything malicious that is recognised by Malwarebytes, so this includes spyware, adware, trojans, worms, backdoors, keyloggers etc etc..

Share this post


Link to post
Share on other sites

Thanks for the reply! I read the whole main page and the ads I guess were just sponsored links. When I went to download it, it looked a little scary, for lack of a better word. There is a picture of a snake and there is a warning about downloading it, so I was just a little concerned. I trust you though, so as soon as I can I will download it.

Thanks for clarifying what Malwarebytes blocks :P

Another question... may I run a HiJackThis scan and post it for review? I just want to be sure and also see if there is anything malicious hanging around on my computer and if there is anything on it that I shouldn't have that I might not be aware of?

Share this post


Link to post
Share on other sites

Thank you Miekiemoes!

Before I do the log, I have a few questions for you.

After posting the log and being given instructions, is it okay go use the computer to go online inbetween before doing the fixes? I ask because as you know our computer is shared and I just wanted to ask if that would interfere at all. I was talking to my husband this morning about what I am doing, and I think he's find with it. He mainly goes on some discussion forums and buys things online, but nothing major.

Another question I have is, is there a period of time within which I need to respond after you have gone over my log? I ask because I have seen after poking around in the HJT forum that there does seem to be a time limit from when someone responds to you to when you need to post back. I am asking because I work at night and I don't have too much time in the morning, so most of my computer time is either after work or in the morning if I have time. Also, I will be away from our computer for a day or two this weekend, and unable to get onto the forum. (graduating from college :P) I just wanted to ask and make you aware of that so you didn't think that I was ignoring you or not doing what you said, because that certainly wouldn't be the case.

Yes, you may post your HijackThislog :D

Post it in this thread, this to avoid confusion.

Share this post


Link to post
Share on other sites
After posting the log and being given instructions, is it okay go use the computer to go online inbetween before doing the fixes?
Yes, why not? Not even sure if something needs to be fixed in HijackThis.

And don't worry about the respond time. I'll get a notification when you respond. So just take your time :P

Share this post


Link to post
Share on other sites

Okay, thats good to know :P

Thank you! That is also good to know :D

Yes, why not? Not even sure if something needs to be fixed in HijackThis.

And don't worry about the respond time. I'll get a notification when you respond. So just take your time :)

Share this post


Link to post
Share on other sites

Miekemoes, here is my newest MBAM log. Nothing was detected, so I don't know if you even need it, but I thought I'd post it just in case.

Just a little background info for you: last night I partially uninstalled Norton Security Center. The Liveupdate is still on my system. I also have used ATF Cleaner in the last few months off and on, and Windows Install Clean Up. Not sure if this information is really relevant, but I thought I'd include it anyway :P

I quickly looked at the HJT log and AVG appears to show at version 8 and I have 8.5. I'm not sure if that matters or not in the log, but I just thought I'd mention it.

Malwarebytes' Anti-Malware 1.37

Database version: 2191

Windows 5.1.2600 Service Pack 3

5/29/2009 1:26:31 AM

mbam-log-2009-05-29 (01-26-31).txt

Scan type: Quick Scan

Objects scanned: 86669

Time elapsed: 8 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

and HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:42:40 AM, on 5/29/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe

C:\Program Files\Registry Mechanic\RegMech.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Desktop Maestro\deskmech.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Documents and Settings\Justin\My Documents\RCA Detective\RCADetective.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll (file missing)

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DesktopMaestro] C:\Program Files\Desktop Maestro\deskmech.exe /H

O4 - HKUS\S-1-5-21-1059576790-1953410256-3873470355-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Justin\My Documents\RCA Detective\RCADetective.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 10779 bytes

Share this post


Link to post
Share on other sites

Hi

Don't worry about AVG showing as 8 while you have 8.5 :P

For your Norton LiveUpdate, you can uninstall this via software > add & remove programs as well.

Nothing strange/suspicious in your log except for a few programs/entries that are not really wanted (they are no malware, but unwanted)

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Then, I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Reboot.

Then, * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following (don't worry, most entries should already be gone after uninstalling Viewpoint media player):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll (file missing)

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

Update your Sun Java, because previous versions are vulnerable:

Updating Java:

  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have next icon next to it: javaicon.gif
    Select it and click Remove.
  • Then Download and install the newest version from here:

Share this post


Link to post
Share on other sites

Thank you so much Miekemoes!

I will do this as soon as I am able to tonight and report back to you!

I have another question. Is the InstallSheildUpdateManager part of Viewpoint? Or do you know what it is?

I also have that on my computer. It kept asking permission to access the internet via my firewall on AVG at one point and I blocked it because i didn't know what it was. It kept asking, which was annoying. since I hadn't initiated it opening, opted to have it permanently blocked, and it STILL kept coming up. I took a screen shot and restarted my computer after that. It hasn't come up since, but I think of it from time to time and wonder what it was.

Also, when updating Java, Advanced Setup recommended that I use the JavaRa tool to clean up any leftover Java traces and gave me a whole set of instructions on how to remove and reinstall a fresh updated Java. http://www.malwarebytes.org/forums/index.p...ost&p=84273 Should I do that? :)

Share this post


Link to post
Share on other sites
Is the InstallSheildUpdateManager part of Viewpoint? Or do you know what it is?
It's these:

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

They are responsible for updating software, so nothing to worry about. It's normal that they ask firewall permission. Just allow it.

Yes, you can use the Javacleanup tool, but it's not really needed if you uninstall it via software > add& remove programs. After all, latest 5 java versions do uninstall their previous versions anyway.

Share this post


Link to post
Share on other sites

Thank you!

So InstallSheildUpdateManager is not part of ViewPoint then and its not foistware or malware?

I think that the InstallSheildUpdateManager got installed on the computer when my husband installed games on the computer. I told him about it and he said that it checks for updates.

I don't need to worry about removing it then and I can allow it to check for updates? Do you know if by not allowing it to check for updates I might have put my computer at risk?

It's these:

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

They are responsible for updating software, so nothing to worry about. It's normal that they ask firewall permission. Just allow it.

Yes, you can use the Javacleanup tool, but it's not really needed if you uninstall it via software > add& remove programs. After all, latest 5 java versions do uninstall their previous versions anyway.

Share this post


Link to post
Share on other sites
So InstallSheildUpdateManager is not part of ViewPoint then and its not foistware or malware?
No, it isn't :) It's totally safe, so don't worry at all.

It's no risk to have it disabled though. Many people disable it anyway since it's a resource hog and may cause a slower startup.

They then check for updates via the online secunia scan once in a while (I already gave you that link previously)

To disable those entries, just disable via msconfig, so you can always enable again if you want :huh:

Share this post


Link to post
Share on other sites

Oh awesome! That's good to know, thank you :huh:

Secunia will scan for everything that needs updating, do I have that right?

I plan to do a scan tonight! However, if I am unable to do all the updates tonight (depending on how many it finds), can I run the scan again and it will show the same results or do I need to do updates when I run the scan?

Thanks :) To get to msconfig, I just type msconfig in the RUN found on the start menu?

I used msconfig one time to change something from starting when I booted up and I kept getting little black box messages after I changed it, is that normal? I just don't want that to happen if I disable it, just because its rather annoying :)

Share this post


Link to post
Share on other sites

Miekiemoes:

Here is my logfile AFTER removing the items you told me to select in HiJackThis pertaining to ViewPoint. The 023 - Service wasn't on the list.

03 - Toolbar: Viewpoint Toolbar... also was not on the list. I assume that this is normal.

Should I also post a log after having installed the new version of Java?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:22:49 AM, on 6/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll (file missing)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

O4 - HKCU\..\Run: [DesktopMaestro] C:\Program Files\Desktop Maestro\deskmech.exe /H

O4 - HKUS\S-1-5-21-1059576790-1953410256-3873470355-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Justin\My Documents\RCA Detective\RCADetective.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel

Share this post


Link to post
Share on other sites

Hi,

I used msconfig one time to change something from starting when I booted up and I kept getting little black box messages after I changed it, is that normal? I just don't want that to happen if I disable it, just because its rather annoying
Yes that's normal. After reboot, when the box appears, you have to check the checkbox to not show this message anymore :)
The 023 - Service wasn't on the list.

03 - Toolbar: Viewpoint Toolbar... also was not on the list. I assume that this is normal.

That's normal. :)

No need to post a new HijackThislog after updating Java :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.