Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
General Security
Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop drivers dvd email error excel excel 2003 firefox hard drive hardware hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem processor ram recovery router safe mode screen slow sound spyware tdlwsp.dll trojan video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
CyberDefender

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Page 1 of 4 1 234
 
Thread Tools
socalf49's Avatar
Junior Member with 20 posts.
  
Join Date: Oct 2009
03-Oct-2009, 09:58 PM #1
CyberDefender
I keep getting a Trojan Horse -Win 32: Small FAT (Trj)- in my computer. When I run my antivirus sofware, it always shows up in Documents and Settings as CyberDefender. My anti virus software always tells me to move it to the chest. If this is not something crucial to my Windows XP, can I just remove CyberDefender from my computer? Maybe that will stop the Malware from getting into my computer. I also do a search with the name CyberDefender but nothing ever shows up when I run the search. If I can remove it, how do I go about it? Thank you.
Register for free to hide this ad!
flavallee's Avatar
Computer Specs
Trusted Advisor with 23,500 posts.
  
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
04-Oct-2009, 10:31 AM #2
Here is the CyberDefender site. I don't see how CyberDefender got in your computer without you or someone else installing it.

What are you using for an anti-virus program?

---------------------------------------------------------------

Go here and click the green icon to download Malwarebytes Anti-Malware 1.41.

Close all open windows, then install it. Make sure it updates its definition files during the install process.

After it's installed, run a "quick scan" with it.

After the scan is finished, select and allow it to fix EVERYTHING it finds, then restart your computer.

Obtain a copy of the scan log, then return here and copy-and-paste that scan log here.

--------------------------------------------------------------

Go here and click the green icon to download HijackThis 2.0.2.

Close all open windows, then install it in its default location.

After it's installed, run a scan with it. The scan is quick and will take 30 seconds or less.

After the scan is finished, save the resulting log in Notepad.

Return here and copy-and-paste the entire log here.

The log will show us what's installed and running in the background and if any obvious infection is present.

-------------------------------------------------------------
Last edited by flavallee : 04-Oct-2009 10:41 AM.
socalf49's Avatar
Junior Member with 20 posts.
  
Join Date: Oct 2009
06-Oct-2009, 12:04 AM #3
Cyber Defender
Hello Flavallee,

Thank you for responding to my query so quickly.

As an antivirus program I am using Avast 4.8 Home Addition.

Malawarebyttes Scan Log

Malwarebytes' Anti-Malware 1.41
Database version: 2912
Windows 5.1.2600 Service Pack 2
10/5/2009 8:20:46 PM
mbam-log-2009-10-05 (20-20-46).txt
Scan type: Quick Scan
Objects scanned: 125852
Time elapsed: 23 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 35
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6 faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b1 8ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b1 8ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b1 8eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0 ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchsearchassistant.auxiliary (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchsearchassistant.auxiliary.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearc h Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\SYSTEM32\UFAT.DLL (Spyware.Zbot) -> Quarantined and deleted successfully.

Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:25 PM, on 10/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Oak Technology\Oak SimpliCD\OAKTASK.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Dorothy Raykiewicz\Local Settings\Application Data\CyberDefender\cdmyidd.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.msn.com"); (C:\Documents and Settings\DOROTHY RAYKIEWICZ\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DOROTHY RAYKIEWICZ\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\prefs.js)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Dorothy Raykiewicz\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Dorothy Raykiewicz\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [OAKSTART] C:\PROGRA~1\OAKTEC~1\OAKSIM~1\OAKSTART.EXE
O4 - HKLM\..\Run: [OAKTASK] C:\Program Files\Oak Technology\Oak SimpliCD\OAKTASK.EXE NOPOP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2012718775-3753835153-2843062328-1016\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'QBDataServiceUser17')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccomm...ad/tgctlcm.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129268856312
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Security Update - {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://cdn.netscape.com/wpton_03/gradient
--
End of file - 16333 bytes

Also, you should know I have not been able to fully install Window Update Service Pack 3. I'm sure that has a lot to do with these Trojans getting into my computer. But I just don't know what the problem is there.

Again, Thank You.
flavallee's Avatar
Computer Specs
Trusted Advisor with 23,500 posts.
  
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
06-Oct-2009, 09:58 AM #4
Quote:
Originally Posted by socalf49 View Post
Hello Flavallee,
Thank you for responding to my query so quickly.
As an antivirus program I am using Avast 4.8 Home Addition.
Also, you should know I have not been able to fully install Window Update Service Pack 3. I'm sure that has a lot to do with these Trojans getting into my computer. But I just don't know what the problem is there.
Again, Thank You.
Thanks for posting the Malwarebytes scan log. It found and fixed a number of problems, but we're a long ways from being done yet. Take your time and follow my instructions and hopefully everything will go smoothly.

If you've got SP2 installed and have been keeping up with the post-SP2 high-priority updates, installing SP3 isn't mandatory at this time.

--------------------------------------------------------------

Go here and click the green icon to download SUPERAntiSpyware 4.29.0.1002. Close all open windows, then install it. Make sure it updates its definition files during the install process. After it's installed, run a "quick scan" with it. After the scan is finished, select and allow it to fix EVERYTHING it finds, then restart your computer. Obtain a copy of the scan log in Preferences - Statistics/Logs, then return here and copy-and-paste that scan log here.

-------------------------------------------------------------

Uninstall Lavasoft Ad-Aware and Spybot - Search & Destroy. You don't need them any more. You've now got 2 better and more user-friendly replacements for them - Malwarebytes and SUPERAntiSpyware. Restart your computer after you've uninstalled them.

------------------------------------------------------------

After you've done all of the above, do a HijackThis scan and then post that new log here.

------------------------------------------------------------

I need some specs on your computer:

Brand name, model name, model number

Desktop or laptop

Amount of RAM currently installed

------------------------------------------------------------
Last edited by flavallee : 06-Oct-2009 10:11 AM.
socalf49's Avatar
Junior Member with 20 posts.
  
Join Date: Oct 2009
10-Oct-2009, 01:26 AM #5
Cyber Defender
Hello again flavllee,

I have a desktop Dell Dimension 2400 Series
256 Mb RAM with FSB333 MHz
RAM type is DDR SDRAM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/06/2009 at 08:45 PM
Application Version : 4.29.1002
Core Rules Database Version : 4150
Trace Rules Database Version: 2079
Scan type : Quick Scan
Total Scan Time : 00:00:52
Memory items scanned : 1
Memory threats detected : 0
Registry items scanned : 0
Registry threats detected : 0
File items scanned : 0
File threats detected : 0


Hijack Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:15 PM, on 10/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Oak Technology\Oak SimpliCD\OAKTASK.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Dorothy Raykiewicz\Local Settings\Application Data\CyberDefender\cdmyidd.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.msn.com"); (C:\Documents and Settings\DOROTHY RAYKIEWICZ\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DOROTHY RAYKIEWICZ\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\prefs.js)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Dorothy Raykiewicz\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Dorothy Raykiewicz\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OAKSTART] C:\PROGRA~1\OAKTEC~1\OAKSIM~1\OAKSTART.EXE
O4 - HKLM\..\Run: [OAKTASK] C:\Program Files\Oak Technology\Oak SimpliCD\OAKTASK.EXE NOPOP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2012718775-3753835153-2843062328-1016\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'QBDataServiceUser17')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129268856312
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Security Update - {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://cdn.netscape.com/wpton_03/gradient
--
End of file - 16488 bytes
flavallee's Avatar
Computer Specs
Trusted Advisor with 23,500 posts.
  
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
10-Oct-2009, 09:24 AM #6
Quote:
Originally Posted by socalf49 View Post
I have a desktop Dell Dimension 2400 Series
256 Mb RAM with FSB333 MHz
RAM type is DDR SDRAM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/06/2009 at 08:45 PM
Application Version : 4.29.1002
Core Rules Database Version : 4150
Trace Rules Database Version: 2079
Scan type : Quick Scan
Total Scan Time : 00:00:52
Memory items scanned : 1
Memory threats detected : 0
Registry items scanned : 0
Registry threats detected : 0
File items scanned : 0
File threats detected : 0
Your Dell Dimension 2400 is going to run like a turtle, no matter how much performance enhancing tweaking you do to it, unless you add more RAM. Windows XP needs a minimum of 512 MB, and preferably more, to run properly. That desktop supports up to 2048 MB of RAM. You can purchase 512 MB modules for $19.98 apiece at this site. I suggest that you purchase 2 of them so you can increase the RAM amount in that desktop to 1024 MB(1 GB).

The SUPERAntiSpyware scan log shows that it ran for only 52 seconds. It runs a lot longer than that. Did you stop it for some reason? You need to run it again. I guarantee you it will detect several "adware tracking cookies" and will detect some other things. Make sure to select and allow it to fix EVERYTHING it finds. After you restart your computer, post the new scan log here.

-------------------------------------------------------------

Your computer has a lot of crap installed, and a lot of it is loading during startup and running in the background. Most of it doesn't need to automatically load and run, so we need to trim down the startup load. A bloated startup load will lengthen startup time, impede overall performance and speed, and increase the risk of freezes and error messages. There's a possibility that bloated startup load is interfering with or aborting the SUPERAntiSpyware scan, so we may need to trim it down before it'll work properly.

-------------------------------------------------------------
Last edited by flavallee : 10-Oct-2009 09:31 AM.
socalf49's Avatar
Junior Member with 20 posts.
  
Join Date: Oct 2009
10-Oct-2009, 06:39 PM #7
Cyber Defender
Hello Lavalle,

I went to that Memory Ten website to puchase 2 additional 512 MB modules. Question - Is this something I'm going to have to install inside my computer? If so, you have a lot more faith in me then I do. In any event, I'm purchasing 2 as you suggested. I know there is a lot of junk at start up but I can't figure out how to disable it at start up. I did so that with some a long time ago but these stumped me. Here is a new and I hope complete log scan from Super Anti Spyware.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/10/2009 at 01:31 PM
Application Version : 4.29.1002
Core Rules Database Version : 4150
Trace Rules Database Version: 2079
Scan type : Quick Scan
Total Scan Time : 00:44:13
Memory items scanned : 566
Memory threats detected : 0
Registry items scanned : 697
Registry threats detected : 48
File items scanned : 13780
File threats detected : 137
Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler #{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F}
Adware.Viewpoint Toolbar
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\InProcServer32
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\InProcServer32#ThreadingModel
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\ProgID
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\Programmable
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\TypeLib
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\VersionIndependentProgID
HKCR\ViewBar.ViewBar.1
HKCR\ViewBar.ViewBar.1\CLSID
HKCR\ViewBar.ViewBar
HKCR\ViewBar.ViewBar\CLSID
HKCR\ViewBar.ViewBar\CurVer
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\0
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\0\win32
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\FLAGS
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\HELPDIR
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL
HKU\S-1-5-21-2012718775-3753835153-2843062328-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Adware.Tracking Cookie
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@invitemedia[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@msnbc.112.2o7[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@bs.serving-sys[3].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@d.mediaforceads[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@insightexpressai[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@microsoftwlsearchcrm.112.2o7[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@atdmt[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@ads.pointroll[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@adecn[4].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@dc.tremormedia[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@ads.techguy[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@cb.adbureau[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@partners.trafficz[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@chitika[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@statcounter[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@revsci[4].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@adserver.adtechus[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@serving-sys[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@specificclick[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@interclick[4].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@zedo[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@a1.interclick[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@content.yieldmanager[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy raykiewicz@CAKC4F9X.txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@affiliate.a4dtracker[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@content.yieldmanager[3].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@tacoda[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@ocjobfinder[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@burstbeacon[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@media2.gamook[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@media.adrevolver[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@adserver.matchcraft[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@rotator.adjuggler[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@2o7[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@wachovia.112.2o7[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@snapfish.112.2o7[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@yieldmanager[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@apmebf[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@www.googleadservices[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@burstnet[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@tracking.realtor[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@collective-media[3].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@specificmedia[5].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@media6degrees[3].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@twctsg.122.2o7[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@ads.medbanner[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@ad.fed.msn[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@ads.bridgetrack[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@at.atwola[5].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@azjmp[3].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@tribalfusion[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@revenue[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@sales.liveperson[9].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@eb.adbureau[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@realmedia[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@msnportal.112.2o7[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@imrworldwide[5].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@overture[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@cdn4.specificclick[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@fmimedia.infusionsoft[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@ad.yieldmanager[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@americancancersocietyinc.112.2o7[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@www.burstnet[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@questionmarket[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@trafficmp[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@dmtracker[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@adbrite[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@www.ihireaccounting[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@lynxtrack[3].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@xiti[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@c7.zedo[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@bluestreak[6].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@ads.undertone[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@www.burstbeacon[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@www.googleadservices[3].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@www.hookedmediagroup[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@iacas.adbureau[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@klos.pooltracker[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@nextag[5].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@pluckit.demandmedia[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@ads.monster[3].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@bs.serving-sys[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@eas.apm.emediate[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@eyewonder[3].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@hookedmediagroup[1].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@ad.wsod[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@adrevolver[2].txt
C:\Documents and Settings\Dorothy Raykiewicz\Cookies\dorothy_raykiewicz@aetracking[1].txt
.2o7.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.maxserving.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.maxserving.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.microsoftwlsearchcrm.112.2o7.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.overture.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.qksrv.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.qksrv.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.qksrv.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
track.wfsfinancial.com [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
www.ppctracking.net [ C:\Documents and Settings\Dorothy Raykiewicz\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\cookies.txt ]
Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-2012718775-3753835153-2843062328-1007\SOFTWARE\FunWebProducts
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInsta nce
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Serv ice
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Lega cy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Conf igFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Clas s
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Clas sGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Devi ceDesc
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Type
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Start
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Security
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#NextInstance
Trojan.Homepage/Puper
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#winine t.dll
Trojan.Dropper/Gen
C:\DOCUMENTS AND SETTINGS\DOROTHY RAYKIEWICZ\LOCAL SETTINGS\APPLICATION DATA\SUPPORTSOFT\PCCHECKUPONLINE\DOROTHY RAYKIEWICZ\TEMPFILES\SETUP_ACTIVEX.EXE
Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\OT.ICO
socalf49's Avatar
Junior Member with 20 posts.
  
Join Date: Oct 2009
10-Oct-2009, 06:44 PM #8
Cyber Defender
Just to make sure, I'm should purchase the first of the items pasted below or the second?

512MB Dell Dimension 2400/4550/4600/8300 184pin PC2700 DDR DIMM (p/n 311-2076)

512MB Dell Dimension 4400/2350 Optiplex PC2100 DDR DIMM (p/n 311-1325)

They are both 19.98 each.
flavallee's Avatar
Computer Specs
Trusted Advisor with 23,500 posts.
  
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
11-Oct-2009, 08:35 AM #9
As I suspected, the second SUPERAntiSpyware scan found a lot of problems to fix. You did select and allow it to fix EVERYTHING, correct? You were prompted to restart your computer, correct?

---------------------------------------------------------------

Purchase the DDR PC2700 modules because they're faster than the DDR PC2100 modules. If your computer has 400 MHz FSB and not 533 MHz FSB, they'll simply run at the slower speed.

Yes, the side panel of the case has to be opened so the pair of modules can be installed. It's a very simple job for someone who knows how to do it. If you don't know how or are afraid to go inside the case, let someone knowledgeable do it for you. Actually the biggest hassle is disconnecting everything before and then reconnecting everything afterwards, depending on your wiring setup and how many peripherals you have connected.

---------------------------------------------------------------

I need you to post a new HijackThis log here so we can deal with some of the log entries and start working on getting that startup load trimmed down.

--------------------------------------------------------------
socalf49's Avatar
Junior Member with 20 posts.
  
Join Date: Oct 2009
12-Oct-2009, 12:22 AM #10
Cyber Defender
Ok, I've ordered 2 of the DDR PC 2700 modules. Here is the HiJackThis Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:24 PM, on 10/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Oak Technology\Oak SimpliCD\OAKTASK.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mahjong Towers Eternity\Mahjong Towers Eternity.exe
C:\Program Files\Mahjong Towers Eternity\Mahjong Towers Eternity.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Dorothy Raykiewicz\Local Settings\Application Data\CyberDefender\cdmyidd.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.msn.com"); (C:\Documents and Settings\DOROTHY RAYKIEWICZ\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DOROTHY RAYKIEWICZ\Application Data\Mozilla\Profiles\default\6vbrao8u.slt\prefs.js)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Dorothy Raykiewicz\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Dorothy Raykiewicz\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OAKSTART] C:\PROGRA~1\OAKTEC~1\OAKSIM~1\OAKSTART.EXE
O4 - HKLM\..\Run: [OAKTASK] C:\Program Files\Oak Technology\Oak SimpliCD\OAKTASK.EXE NOPOP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2012718775-3753835153-2843062328-1016\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'QBDataServiceUser17')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccomm...ad/tgctlcm.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129268856312
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - http://cdn.netscape.com/wpton_03/gradient
--
End of file - 16408 bytes
old_boy71's Avatar
Junior Member with 9 posts.
  
Join Date: Jun 2009
12-Oct-2009, 01:35 AM #11
hi socalf
your computer is infected by a downloader trojan that brings malicious programs onto infected computer. the CYBER DEFENDER is a rogue spyware fake program wich is installed on your computer through the download trojan. Cyber Defender is another clone of rogue spyware program known as Total Security and Cyber Security etc. it keeps changing its name to trap users. anyways, i refer you to a post wich will guide you on how to remove these rogue spywares
http://darfuns.com/spyware-removal/c...virus-removal/
Good Luck and happy virus free computing.
flavallee's Avatar
Computer Specs
Trusted Advisor with 23,500 posts.
  
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
12-Oct-2009, 09:09 AM #12
socalf49:

You've got over-kill with toolbars. I see at least 6 of them in your log: AOL, Google, MSN, MyIdentityDefender, Windows Live, Yahoo. Besides the fact that they took up vertical viewing space, some of them are problematic and some of them contain spyware. During the install of many programs, they offer to install a toolbar as part of the install process. You should opt out from this option during an install. Toolbars aren't needed to access information in the sites that you visit.

I'm not familiar with CyberDefender. I've checked the rogue antivirus/antispyware list and can't find it listed there. I've requested a yellow shield malware expert review your HijackThis log and assist you, if needed.

Who is your Internet Service Provider?

What peripherals(printer, webcam, camera, iPod, etc.) do you use with that computer?

-----------------------------------------------------------------

old_boy71:

Thanks for your comments about CyberDefender.

-----------------------------------------------------------------
Last edited by flavallee : 12-Oct-2009 09:20 AM.
JSntgRvr's Avatar
Moderator with 15,157 posts.
  
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
12-Oct-2009, 10:00 AM #13
Quote:
Originally Posted by old_boy71 View Post
hi socalf
your computer is infected by a downloader trojan that brings malicious programs onto infected computer. the CYBER DEFENDER is a rogue spyware fake program wich is installed on your computer through the download trojan. Cyber Defender is another clone of rogue spyware program known as Total Security and Cyber Security etc. it keeps changing its name to trap users. anyways, i refer you to a post wich will guide you on how to remove these rogue spywares
http://darfuns.com/spyware-removal/c...virus-removal/
Good Luck and happy virus free computing.
Cyber Defender is part of MyIdentityDefender Toolbar . Not yet categorized as malware. Proceed with the clean-up, flav.
flavallee's Avatar
Computer Specs
Trusted Advisor with 23,500 posts.
  
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
12-Oct-2009, 10:05 AM #14
JSntgRvr:

Thanks for the quick response and advice.

--------------------------------------------------------------

socalf49:

Open HijackThis.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click the "Save List" button.

Save the "uninstall_list.txt" file somewhere. It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

-----------------------------------------------------------
hewee's Avatar
Distinguished Member with 54,745 posts.
  
Join Date: Oct 2001
Location: *Random People Pleaser***Sacra
Experience: Having fun
12-Oct-2009, 10:40 AM #15
I got a free license to two paid versions if you like to know more. Darn with CyberDefender they may be good to register on many computers.

I have a thread here on them but not get the search to bring it up.
I was the one that made the CEO a little mad when I posted this may be spyware in the CastleCops contest where 1000's of copy's of there program were gaven away.
Sorry the site closed down but look at links below.

http://mysteryfcm.co.uk/?mode=Articles&date=17-04-2007

CyberDefender Review (part 1)

Stopbadware delists CyberDefender as badware

I know these are old post but the bad guys never change.
The history they have I would never trust.

Also for add-on's on a install see Installers Hall of Shame (Unwanted add-on)
Reply Bookmark and Share
Page 1 of 4 1 234

Smart Search

Find your solution!


« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 01:32 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.