Wonderbread Posted December 30, 2008 ID:43316 Share Posted December 30, 2008 Howdy. Trying to clean up a friends computer. I've ran everything and it seems it's still acting a bit funky. I found your Pre-HTJ Post instructions and have followed them closely and maybe you guys can figure out where the problem is.Thanks so much in advance. I'm relatively good at cleaning stuff up (hence why my friends laptop was handed off to me) but this was a particularly nasty case. I couldn't get the internet to work in safemode a day ago....I've come so far. I just want to make sure this baby is as pure as the driven snow when I give it back. Thanks.MBAM Scan:Malwarebytes' Anti-Malware 1.31Database version: 1571Windows 5.1.2600 Service Pack 212/29/2008 9:23:06 PMmbam-log-2008-12-29 (21-23-06).txtScan type: Quick ScanObjects scanned: 58170Time elapsed: 6 minute(s), 11 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Panda Active Scan;***********************************************************************************************************************************************************************************ANALYSIS: 2008-12-29 22:24:39PROTECTIONS: 3MALWARE: 8SUSPECTS: 1;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================McAfee VirusScan 10.02 No NoMcAfee Privacy Service 8.0 No NoMcAfee SpamKiller 7.0 No No;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent25.zip00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jillian\Cookies\jillian@atdmt[2].txt00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jillian\Cookies\jillian@247realmedia[1].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jillian\Cookies\jillian@advertising[2].txt00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jillian\Cookies\jillian@ads.pointroll[1].txt00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jillian\Cookies\jillian@questionmarket[1].txt00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jillian\Cookies\jillian@go[2].txt00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Jillian\Cookies\jillian@target[1].txt;===================================================================================================================================================================================SUSPECTSSent Location ;===================================================================================================================================================================================No C:\Program Files\BAE\BAE.dll ;===================================================================================================================================================================================VULNERABILITIESId Severity Description ;===================================================================================================================================================================================;===================================================================================================================================================================================Hijak This ScanLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:26:19 PM, on 12/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeC:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Norton Ghost\Agent\VProSvc.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\stsystra.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Norton Ghost\Agent\GhostTray.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\Dell Photo AIO Printer 924\dlccmon.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exeC:\PROGRA~1\mcafee.com\mps\mscifapp.exeC:\WINDOWS\system32\dlcccoms.exeC:\Program Files\NetWaiting\netWaiting.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exeC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exec:\progra~1\mcafee.com\vso\mcvsftsn.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=usR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=usO2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dllO2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dllO2 - BHO: (no name) - {8426E984-434B-4614-A585-4B9039862B8B} - C:\WINDOWS\system32\urqOGVnM.dll (file missing)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exeO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exeO4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startupO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeO4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exeO4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeO4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorunO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exeO4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embeddingO4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: *.antimalwareguard.comO15 - Trusted Zone: *.antispyexpert.comO15 - Trusted Zone: *.gomyhit.comO15 - Trusted Zone: *.imageservr.comO15 - Trusted Zone: *.imagesrvr.comO15 - Trusted Zone: *.spyguardpro.comO15 - Trusted Zone: *.storageguardsoft.comO15 - Trusted Zone: *.antimalwareguard.com (HKLM)O15 - Trusted Zone: *.antispyexpert.com (HKLM)O15 - Trusted Zone: *.gomyhit.com (HKLM)O15 - Trusted Zone: *.imageservr.com (HKLM)O15 - Trusted Zone: *.imagesrvr.com (HKLM)O15 - Trusted Zone: *.spyguardpro.com (HKLM)O15 - Trusted Zone: *.storageguardsoft.com (HKLM)O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ueerid.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exeO23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeO23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe--End of file - 13560 bytesAgain, thank you very much in advance. These logs looked a lot worse a day or two ago but I have a sneaking suspicion that that there is something wicked still lurking out there that only battle tested vets like yourselves could diagnose.Thanks. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 30, 2008 Root Admin ID:43388 Share Posted December 30, 2008 Please run the following.Reconfigure Windows XP to show hidden files:To enable the viewing of Hidden files follow these steps: * Close all programs so that you are at your desktop. * Double-click on the My Computer icon. * Select the Tools menu and click Folder Options. * After the new window appears select the View tab. * Put a checkmark in the checkbox labeled Display the contents of system folders. * Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. * Remove the checkmark from the checkbox labeled Hide file extensions for known file types. * Remove the checkmark from the checkbox labeled Hide protected operating system files. * Press the Apply button and then the OK button and exit My Computer. * Now your computer is configured to show all hidden files. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.Please download JavaRa and unzip it to your desktop.***Please close any instances of Internet Explorer (or other web browser) before continuing!***Double-click on JavaRa.exe to start the program.From the drop-down menu, choose English and click on Select.JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.A logfile will pop up. Please save it to a convenient location.Then run HJT and do a Scan Only and place a check mark on the following entries.O2 - BHO: (no name) - {8426E984-434B-4614-A585-4B9039862B8B} - C:\WINDOWS\system32\urqOGVnM.dll (file missing)O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exeO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O15 - Trusted Zone: *.antimalwareguard.comO15 - Trusted Zone: *.antispyexpert.comO15 - Trusted Zone: *.gomyhit.comO15 - Trusted Zone: *.imageservr.comO15 - Trusted Zone: *.imagesrvr.comO15 - Trusted Zone: *.spyguardpro.comO15 - Trusted Zone: *.storageguardsoft.comO15 - Trusted Zone: *.antimalwareguard.com (HKLM)O15 - Trusted Zone: *.antispyexpert.com (HKLM)O15 - Trusted Zone: *.gomyhit.com (HKLM)O15 - Trusted Zone: *.imageservr.com (HKLM)O15 - Trusted Zone: *.imagesrvr.com (HKLM)O15 - Trusted Zone: *.spyguardpro.com (HKLM)O15 - Trusted Zone: *.storageguardsoft.com (HKLM)O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ueerid.dllThen click on "Fix checked"Please upload the following files for review uploads.malwarebytes.orgC:\WINDOWS\system32\ueerid.dllC:\WINDOWS\system32\urqOGVnM.dllMalwarebytes' Anti-MalwareStart MalwareBytes AntiMalware Update Malwarebytes' Anti-Malware Select the Update tabClick Update[*]When the update is complete, select the Scanner tab[*]Select Perform quick scan, then click Scan.[*]When the scan is complete, click OK, then Show Results to view the results.[*]Be sure that everything is checked, and click Remove Selected.[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply If you accidently close it, the log file is saved here and will be named like this:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtThen RESTART the computer and AFTER the restart run HJT scan and save log.Post back fresh MBAM and HJT logs. Link to post Share on other sites More sharing options...
Wonderbread Posted December 30, 2008 Author ID:43454 Share Posted December 30, 2008 Nice. Muchos gracias for the quick reply. I'm at work at the moment but I'll do all those steps as soon as I get out of this he||hole.Quick question: On the surface the laptop seems to be running fine....especially compared to where it was a few days ago. Now the only visible problem is that the wireless connection is shaky. Meaning it will be connected to the wireless network fine for about a minute or two then it will drop....be disconected for about a minute or two....then come back up. If I connect it to an ethernet cable there are no problems.Do think this has anything do w/ a virus/spyware/malware/ect or would you think it's something seperate all together? Do you think it's just something funky with the computers hardware or could it be related to the infection?Thanks again. I'll run those steps as soon as I get home and post my log. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 30, 2008 Root Admin ID:43545 Share Posted December 30, 2008 Difficult to say about the wireless. I would shut down the wireless router and ISP Modem if you have one, and unplug it for at least a few minutes. Then start it back up and see if that helped the wireless settings or not.Let's cleanup the Malware though and see how it goes too. Link to post Share on other sites More sharing options...
Wonderbread Posted December 31, 2008 Author ID:43613 Share Posted December 31, 2008 Alrighty. Seems like you guys have worked your magic.Here is the Log of the JavaRa:JavaRa 1.13 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Dec 30 17:24:10 2008Found and removed: C:\Windows\System32\jpicpl32.cplFound and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030}------------------------------------Finished reporting.JavaRa 1.13 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Dec 30 17:24:41 2008------------------------------------Finished reporting.JavaRa 1.13 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Dec 30 17:25:41 2008------------------------------------Finished reporting.Here is the HJT Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:19:58 PM, on 12/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeC:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Norton Ghost\Agent\VProSvc.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\stsystra.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Norton Ghost\Agent\GhostTray.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exec:\program files\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Dell Photo AIO Printer 924\dlccmon.exeC:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\dlcccoms.exeC:\PROGRA~1\mcafee.com\mps\mscifapp.exeC:\Program Files\NetWaiting\netWaiting.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exeC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exec:\progra~1\mcafee.com\vso\mcvsftsn.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\NOTEPAD.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=usR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=usO2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dllO2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exeO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exeO4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startupO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeO4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exeO4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeO4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorunO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embeddingO4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exeO23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeO23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe--End of file - 12828 bytesAnd here is the last Malwarebytes ScanMalwarebytes' Anti-Malware 1.31Database version: 1580Windows 5.1.2600 Service Pack 212/30/2008 6:11:43 PMmbam-log-2008-12-30 (18-11-43).txtScan type: Quick ScanObjects scanned: 58885Time elapsed: 6 minute(s), 15 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Am I cured? Unfortunately those files you asked me to upload were gone. I suppose that's a good thing. Also, do I need to update my Java? Cause all I did was removed older versions. I'll try out the wireless problem too and see if that continues and post back. You guys are the best. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 31, 2008 Root Admin ID:43722 Share Posted December 31, 2008 Please note the Holidays are here and I may be unavailable for a few days or more. Please be patient, I've not forgotten you and will resume assistance when I returnMany of the other helpers are also visiting Family and Friends so please be patient.Please Download OTMoveIt3 by Old Timer and save it to your Desktop.Double-click OTMoveIt3.exe to run it.While connected to the Internet, Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.It should ask if you want to clean up, select Yes and allow the system to clean up these items.NOW please reboot your computer to finish the cleanup process and post back the log from OTMoveIt3Well I would visit the DELL support site and put in your Service Tag and locate any WIRELESS UPDATES for your system.They have been updated a couple times for many of their models.Close ALL applications and open Web browsers and chat programs.Start HJT and do a Scan Only and place a check mark on the following itemsO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllThen click on Fix checked and quit HJT.Open My Computer and browse to the following locations.C:\Program Files\JavaC:\Program Files\Common Files\JavaIn each of those locations delete the Java folder (only that folder in each location)I might not be able to get back with you on this for a few days, please be patient.Once I get back and have time we can review all the stuff you have auto-loading which is way too much and slows down your system.Once the Java has been removed you can install the latest version if you feel you need it.Update Java RuntimeThe most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 11.Go to http://java.sun.com/javase/downloads/index.jspGo to Java Runtime Environment (JRE) 6 Update 11 about half way down the page and click on the Download button.In Platform box choose Windows.Check the box to Accept License Agreement and click Continue.Click on Windows Offline Installation, click on the link under it which says jre-6u11-windows-i586-p.exe and save the downloaded file to your desktop.Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.Uncheck the Toolbar button (unless you want the toolbar)Reboot your computerDisable and Enable System Restore-WINDOWS XPThis is a good time to clear your existing system restore points and establish a new clean restore point:Turn off System RestoreOn the Desktop, right-click My Computer.Click Properties.Click the System Restore tab.Check Turn off System Restore.Click Apply, and then click OK. Reboot.Turn ON System RestoreOn the Desktop, right-click My Computer.Click Properties.Click the System Restore tab.UN-Check *Turn off System Restore*.Click Apply, and then click OK.This will remove all restore points except the new one you just created. Link to post Share on other sites More sharing options...
Wonderbread Posted December 31, 2008 Author ID:43861 Share Posted December 31, 2008 AdvancedSetup, you are the absolute sh*t! The laptop is now as pure as the driven snow. Words cannnot explain how much I appretiate your help. It's so selfless of you to take your time to help a brother in need. THANK YOU SO MUCH.I gave the laptop back to my friends so I didn't get to post the OTMoveIt3 log. It should be cool though. I got the Java updated and created the restore point. I am curious though in the future about killing those processes at startup. Usually if I restart I end up going to task manager and manually deleting all my processes except explorer. That could save me some time....plus it's nice to learn new things like I did in the last few days from you.Maybe I'll hit you up on that in the future....in the meantime enjoy your holiday....have some cocktails! THANK YOU SO MUCH FOR YOUR TIME AND EXPERTISE! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 3, 2009 Root Admin ID:44380 Share Posted January 3, 2009 You're quite welcome.You may want to speak with your friends though and run one or more of the following.At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.Now that you appear to be clean, please follow these simple steps in order to keep your computer clean and secure:Disable and Enable System Restore-WINDOWS XPThis is a good time to clear your existing system restore points and establish a new clean restore point:Turn off System RestoreOn the Desktop, right-click My Computer.Click Properties.Click the System Restore tab.Check Turn off System Restore.Click Apply, and then click OK. Reboot.Turn ON System RestoreOn the Desktop, right-click My Computer.Click Properties.Click the System Restore tab.UN-Check *Turn off System Restore*.Click Apply, and then click OK.This will remove all restore points except the new one you just created.Here are some free programs I recommend that could help you improve your computer's security.Spybot Search and DestroyDownload it from here. Just choose a mirror and off you go.Find here the tutorial on how to use Spybot properly hereInstall SpyWare BlasterDownload it from hereFind here the tutorial on how to use Spyware Blaster here Install WinPatrolDownload it from hereHere you can find information about how WinPatrol works hereInstall FireTrust SiteHoundYou can find information and download it from hereInstall hpHosts Download it from herehpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad, tracking and malicious websites. This prevents your computer from connecting to these untrusted sites by redirecting them to 127.0.0.1 which is your own local computer.hpHosts Support ForumUpdate your Antivirus programs and other security products regularly to avoid new threats that could infect your system.You can use one of these sites to check if any updates are needed for your pc.Secunia Software InspectorF-secure Health CheckVisit Microsoft often to get the latest updates for your computer.http://www.update.microsoft.comNote 1: If you are running Windows XP SP2, you should upgrade to SP3.Note 2: Users of Norton Internet Security 2008 should uninstall the software before they install Service Pack 3.The security suite can then be reinstalled afterwards.The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must. I recommend Online Armor FreeA little outdated but good reading on how to prevent MalwareKeep safe online and happy surfing.Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post InstructionsAlso don't forget that we offer FREE assistance with General PC questions and repair here PC Help If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org. Link to post Share on other sites More sharing options...
Recommended Posts