Find your solution!

**cybertech** · 04-Nov-2009, 02:52 PM **#46**

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

SUPERanti-spyware is a good product.

Flavallee can help you with those startups.

flavallee · 04-Nov-2009, 04:43 PM **#47**

jssch:

Download and save SUPERAntiSpyware 4.29.0.1004(click the green icon), close all open windows, then install it. Make sure to allow it to update its definition files during the install process.

Restart your computer after it's installed and updated, then post a new HijackThis log here. I'll give you instructions for using it and posting its log here, and I'll assist you with the startup load.

---------------------------------------------------------------

jssch · 05-Nov-2009, 07:15 AM **#48**

Here is the HJT Log after installing and updating SUPERanti-spyware.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:18 AM, on 11/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\mysql\bin\mysqld-max-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jics.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: Domain = jics.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: Domain = jics.org
O17 - HKLM\System\CS1\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: Domain = jics.org
O17 - HKLM\System\CS3\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 8194 bytes

flavallee · 05-Nov-2009, 09:01 AM **#49**

Start SUPERAntiSpyware, then run a "quick scan".

When the scan is finished, select and allow it to fix EVERYTHING it finds.

Restart your computer, if prompted to.

Start SUPERAntiSpyware again, then go into Preferences - Statistics/Logs(tab).

Click on and highlight the scan log entry, then click View Log.

When the scan log appears in Notepad, copy-and-paste it here.

---------------------------------------------------------------

Can you advise me what peripherals(printer, scanner, iPod, camera, etc.) you use with or have connected to that computer?

---------------------------------------------------------------

jssch · 05-Nov-2009, 12:06 PM **#50**

To answer your question before I post the SUPER log....

This PC belongs to a school teacher. It used to be used for photo editing with Yearbook duties, etc. It currently is not being used for that purpose, but for personal classroom use. (It needs to be connected to the school network to run the software program the school uses for grades, etc.) The only peripheral that I know she uses and needs is the connection to the Linksys Print Server on the network -- currently connected to a HP 1020

Here is the log from SUPERanti-spyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/05/2009 at 11:55 AM

Application Version : 4.29.1004

Core Rules Database Version : 4233
Trace Rules Database Version: 2129

Scan type : Quick Scan
Total Scan Time : 00:14:48

Memory items scanned : 493
Memory threats detected : 0
Registry items scanned : 471
Registry threats detected : 0
File items scanned : 10799
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\Mitchell\Cookies\mitchell@ad.yieldmanager[2].txt
C:\Documents and Settings\Mitchell\Cookies\mitchell@bs.serving-sys[2].txt
C:\Documents and Settings\Mitchell\Cookies\mitchell@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Mitchell\Cookies\mitchell@serving-sys[2].txt
C:\Documents and Settings\Mitchell\Cookies\mitchell@revsci[2].txt
C:\Documents and Settings\Mitchell\Cookies\mitchell@content.yieldmanager[1].txt
C:\Documents and Settings\Mitchell\Cookies\mitchell@collective-media[1].txt
C:\Documents and Settings\Mitchell\Cookies\mitchell@ads.techguy[1].txt

flavallee · 05-Nov-2009, 03:20 PM **#51**

Quote:

Originally Posted by jssch

This PC belongs to a school teacher. It used to be used for photo editing with Yearbook duties, etc. It currently is not being used for that purpose, but for personal classroom use. (It needs to be connected to the school network to run the software program the school uses for grades, etc.) The only peripheral that I know she uses and needs is the connection to the Linksys Print Server on the network -- currently connected to a HP 1020

You should've mentioned at the beginning of your thread that the computer belongs to a school teacher who is using it for classroom work, and that the computer doesn't belong to you and isn't a home computer.

Since I'm not dealing with her directly and don't know what she wants to keep running all the time in that computer, I'm not going to mess with the startup load.

-----------------------------------------------------------------

jssch · 03:50 PM

I appreciate that. I should have also told you that I am the IT help for the school, along with other hats. (Small private school). Any help you can give me will be great. The computer belongs to the school and is entrusted to me currently.

I had 2 come down with the security tool bugs at the same time and needed help with this one more as it seemed to be worse.

I work with her on staff, and we have discussed everything I am doing for her computer. We specifically talked this morning about how she used her computer so that I could give you the information you needed.

flavallee · 05-Nov-2009, 03:56 PM **#53**

Let me get cybertech's input on this before I go any further. The TSG forums have guidelines concerning assistance with work-related computers.

---------------------------------------------------------------

jssch · 05-Nov-2009, 04:01 PM **#54**

Thanks. And I do really appreciate what you have done thus far regardless. It is a big help for people like me..........

flavallee · 05-Nov-2009, 04:31 PM **#55**

Let's get the startup load trimmed down.

Click Start - Run, type in MSCONFIG and then click OK - Startup(tab).

Remove the checkmark in(Note: .exe may not be present in the startup entry names):

IgfxTray C:\WINDOWS\System32\igfxtray.exe

HotKeysCmds C:\WINDOWS\System32\hkcmd.exe

DVDLauncher C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(Note: This startup entry needs to remain checked only if a remote control is being used with that computer to run and watch DVD movies)

UpdateManager C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

DwlClient c:\Program Files\Common Files\Dell\EUSW\Support.exe

mmtask C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

OrderReminder C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

SunJavaUpdateSched C:\Program Files\Java\jre6\bin\jusched.exe

MSMSGS C:\Program Files\Messenger\msmsgs.exe
(Note: This startup entry for Windows Messenger will keep rechecking itself unless you go into the Tools/Options/Preferences settings and turn off the command that tell it to run when Windows starts)

After you're done, click Apply - OK - Exit Without Restart.

Click Start - Run, type in SERVICES.MSC and then click OK.

Expand the services window so you can see the list more clearly.

Double-click on or right-click on and then click Properties:

Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc.

If "Startup type" is on Automatic, change it to Manual, then click Apply - OK.

Close the services window, then restart the computer.

When the small "System Configuration Utility" window appears during restart, ignore the message. Put a checkmark in that window, then click OK.

Start HijackThis and run a scan, then post that new log here.

--------------------------------------------------------------

jssch · 05-Nov-2009, 05:16 PM **#56**

I forgot to mention that I currently am using a Netgear USB Wireless adapter while it is in my care, but she hardwires in to the network...... I know you saw it in the logs, just wanted to make sure I mentioned it was attached

The only one I did not see in the Start-up tab was:
DwlClient c:\Program Files\Common Files\Dell\EUSW\Support.exe

Here is the HJT Log that followed:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:57 PM, on 11/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\mysql\bin\mysqld-max-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jics.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: Domain = jics.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: Domain = jics.org
O17 - HKLM\System\CS1\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: Domain = jics.org
O17 - HKLM\System\CS3\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 7170 bytes

flavallee · 05-Nov-2009, 05:31 PM **#57**

Quote:

Originally Posted by jssch

I forgot to mention that I currently am using a Netgear USB Wireless adapter while it is in my care, but she hardwires in to the network...... I know you saw it in the logs, just wanted to make sure I mentioned it was attached.

I made it a point not to edit any of the startup or service entries that are associated with a wired or wireless connection.

-------------------------------------------------------------

Go back into Startup(tab) and look at the entries in the "Startup Item" column that are still checked.

If the "Command" column is partially blocking some of the names, move it to the right until you can see the entire names.

Write them down and post them here in a vertical list.

Make sure to spell them exactly as you see them.

-------------------------------------------------------------

jssch · 08:20 AM

C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCuetray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Adobe\ADOBE~1.0\Distillr\acrotray.exe
C:\PROGRA~1\NETGEAR\WG111v2\WG111v2.exe

That is all of the checked boxes in the startup tab.

I know she doesn't have the Dell Printer attached anymore so I can uncheck that.

Most of us use the LogMeIn capability.

I do see that Dell Support Alert is running in the taskbar, but it doesnt show in start-up tab.

flavallee · 06-Nov-2009, 09:50 AM **#59**

If she no longer uses the Dell A920 All-In-One with that computer, you should uninstall the software package for it.

----------------------------------------------------------------

I wanted what is listed in the "Startup Item" column and not in the "Command" column so you didn't have to write down so much. That's okay though. Other than the Dell printer entry, leave all the other entries checked.

----------------------------------------------------------------

jssch · 06-Nov-2009, 10:22 AM **#60**

OK uninstalled the Dell AIO Printer Software.

The Dell Support Alert is in the taskbar. Its there even though it isn't listed in the start-up tab. Trying to remove Dell Support using Add/Remove Programs doesnt work either. It shows no disk space usage and when you hit remove it says configuring then canceling and just stays the same. Not that big of a deal, but do you think it is an excess process?

Tag Cloud
access audio blue screen boot bsod connection crash dell desktop driver dvd email error excel firefox hard drive hardware hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem processor ram recovery registry cleaner router screen slow sound spyware tdlwsp.dll trojan upgrade vba video virus vista vundo windows windows 7 windows vista windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for: