Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Something is very wrong with pc it takes ...
Go to first new post How did you find PC CLEANER PRO on my c ...
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Missing Photos/Black Desktop/Phantom Use ...
Go to first new post Network, good; Internet, bad
Go to first new post Need Help
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop malware memory monitor motherboard netgear network printer problem ram registry router security slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: How to get rid of CiD advertisements?

Page 2 of 2 1 2
Reply  
Thread Tools
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
28-Jul-2009, 08:45 PM #16
Hi
Fix HiJackThis Entries
  • Open HiJackThis
  • Click on Do a system scan only
  • Place a checkmark next to these lines(if still present):
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.
Lop S&D - LopScript
  • Select the contents of the Code Box below then right-click & choose Copy
    Code:
    C:\DOCUME~1\EDC\Cookies\edc@d2.advertserve[1].txt
C:\DOCUME~1\EDC\Cookies\edc@www.adserver5[1].txt
C:\DOCUME~1\EDC\Cookies\edc@adultfriendfinder[2].txt
C:\DOCUME~1\EDC\Cookies\edc@advertising.marketnetwork[1].txt
C:\DOCUME~1\EDC\Cookies\edc@advertising[2].txt
C:\DOCUME~1\EDC\Cookies\edc@adopt.euroclick[1].txt
C:\DOCUME~1\EDC\Cookies\edc@partypoker[1].txt
C:\DOCUME~1\EDC\Cookies\edc@888[2].txt
C:\DOCUME~1\ALLUSE~1\APPLIC~1\file cash army online
C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
C:\Program Files\Common Files\ErrorSafe
C:\PROGRA~1\COMMON~1\ErrorSafe
  • Restart Lop S&D
  • Choose Option 4 (LopScript)
  • A blank Notepad page will open. Right-click anywhere in it & choose Paste
  • Close the page. You'll be asked to save it, click [Save]
  • Lop S&D will start
  • Wait until the end of the scan
  • A report will be generated. Post the contents of the log in your next reply
Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 14.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the Download button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel
Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply
Pictured tutorial if required.

To post in next reply:
Lop S&D log
Kaspersky Scan log
New HijackThis log
__________________
Teacher, Malware Removal University - You too could train to help others
Member - UNITE, Alliance of Security Analysis Professionals
Topics not replied to within 3 days will be removed from my Subscribed Threads List
Register for free to hide this ad!
Gootmorik's Avatar
Junior Member with 13 posts.
  
Join Date: Jul 2009
31-Jul-2009, 04:48 AM #17
Lop S&D - Kapersky
Hello there, it was quite a bit of homework I had there. Thanks in any case for the ongoing assistance.

I only had problems with downloading Java update. I encountered several error messages and was actually wondering if it wouldn't be easier to delete all current Java programs and install a complete and up to date version of it?

I send the HijackThis log in a next reply.

Lop S&D:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A04
USER : EDC ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:52 Go (Free:13 Go)
Z:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [4] ( do 30/07/2009|23:26 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script
C:\DOCUME~1\EDC\Cookies\edc@d2.advertserve[1].txt
C:\DOCUME~1\EDC\Cookies\edc@www.adserver5[1].txt
C:\DOCUME~1\EDC\Cookies\edc@adultfriendfinder[2].txt
C:\DOCUME~1\EDC\Cookies\edc@advertising.marketnetwork[1].txt
C:\DOCUME~1\EDC\Cookies\edc@advertising[2].txt
C:\DOCUME~1\EDC\Cookies\edc@adopt.euroclick[1].txt
C:\DOCUME~1\EDC\Cookies\edc@partypoker[1].txt
C:\DOCUME~1\EDC\Cookies\edc@888[2].txt
C:\DOCUME~1\ALLUSE~1\APPLIC~1\file cash army online
C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
C:\Program Files\Common Files\ErrorSafe
C:\PROGRA~1\COMMON~1\ErrorSafe

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX
... C:\DOCUME~1\EDC\Cookies\edc@d2.advertserve[1].txt -> does not exist !
... C:\DOCUME~1\EDC\Cookies\edc@www.adserver5[1].txt -> does not exist !
... C:\DOCUME~1\EDC\Cookies\edc@adultfriendfinder[2].txt -> does not exist !
... C:\DOCUME~1\EDC\Cookies\edc@advertising.marketnetwork[1].txt -> does not exist !
... C:\DOCUME~1\EDC\Cookies\edc@advertising[2].txt -> does not exist !
... C:\DOCUME~1\EDC\Cookies\edc@adopt.euroclick[1].txt -> does not exist !
... C:\DOCUME~1\EDC\Cookies\edc@partypoker[1].txt -> does not exist !
... C:\DOCUME~1\EDC\Cookies\edc@888[2].txt -> does not exist !
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\file cash army online -> does not exist !
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap -> does not exist !
... C:\Program Files\Common Files\ErrorSafe -> does not exist !
... C:\PROGRA~1\COMMON~1\ErrorSafe -> does not exist !
Deleted! - C:\Program Files\Orbitdownloader\addons
Deleted! - C:\Program Files\Orbitdownloader\banurl.ini
Deleted! - C:\Program Files\Orbitdownloader\Cache
Deleted! - C:\Program Files\Orbitdownloader\changelog.txt
Failed ! - C:\Program Files\Orbitdownloader\download.dll
Deleted! - C:\Program Files\Orbitdownloader\Grab.exe
Deleted! - C:\Program Files\Orbitdownloader\GrabDll.dll
Deleted! - C:\Program Files\Orbitdownloader\GrabKernel.dll
Failed ! - C:\Program Files\Orbitdownloader\idht.dll
Deleted! - C:\Program Files\Orbitdownloader\Lang.ini
Deleted! - C:\Program Files\Orbitdownloader\language
Deleted! - C:\Program Files\Orbitdownloader\libeay32.dll
Deleted! - C:\Program Files\Orbitdownloader\orbitcth.dll
Deleted! - C:\Program Files\Orbitdownloader\orbitdm.exe
Deleted! - C:\Program Files\Orbitdownloader\orbitmxt.dll
Deleted! - C:\Program Files\Orbitdownloader\orbitnet.exe
Deleted! - C:\Program Files\Orbitdownloader\saction.dll
Deleted! - C:\Program Files\Orbitdownloader\siteinfo.ini
Deleted! - C:\Program Files\Orbitdownloader\ssleay32.dll
Deleted! - C:\Program Files\Orbitdownloader\unins000.dat
Deleted! - C:\Program Files\Orbitdownloader\unins000.exe
Deleted! - C:\Program Files\Orbitdownloader\update
Deleted! - C:\Program Files\Orbitdownloader\winfile.dll
Deleted! - C:\WINDOWS\Prefetch\ORBITDOWNLOADERSETUP[1].EXE-256D5A6F.pf
Deleted! - C:\DOCUME~1\EDC\Cookies\edc@orbitdownloader[1].txt
Deleted! - C:\Program Files\Orbitdownloader
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SECOND PASS

... C:\DOCUME~1\EDC\Cookies\edc@d2.advertserve[1].txt -> does not exist !
... C:\DOCUME~1\EDC\Cookies\edc@www.adserver5[1].txt -> does not exist !
... C:\DOCUME~1\EDC\Cookies\edc@adultfriendfinder[2].txt -> does not exist !
... C:\DOCUME~1\EDC\Cookies\edc@advertising.marketnetwork[1].txt -> does not exist !
... C:\DOCUME~1\EDC\Cookies\edc@advertising[2].txt -> does not exist !
... C:\DOCUME~1\EDC\Cookies\edc@adopt.euroclick[1].txt -> does not exist !
... C:\DOCUME~1\EDC\Cookies\edc@partypoker[1].txt -> does not exist !
... C:\DOCUME~1\EDC\Cookies\edc@888[2].txt -> does not exist !
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\file cash army online -> does not exist !
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap -> does not exist !
... C:\Program Files\Common Files\ErrorSafe -> does not exist !
... C:\PROGRA~1\COMMON~1\ErrorSafe -> does not exist !

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in APPLIC~1
[13/09/2004|15:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[02/09/2005|10:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
[02/09/2005|10:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
[13/09/2004|14:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[24/05/2006|11:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[02/09/2005|10:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[02/09/2005|10:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[24/05/2006|11:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Toshiba
[0|bestand(en)] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes
[10|map(pen)] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes beschikbaar
[13/09/2004|15:12] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\Identities
[02/09/2005|10:26] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\Intel
[02/09/2005|10:34] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\Jasc Software Inc
[14/09/2005|12:26] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\Microsoft
[02/09/2005|10:24] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\Sun
[14/09/2005|12:28] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\Symantec
[14/09/2005|12:24] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\Toshiba
[0|bestand(en)] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\bytes
[9|map(pen)] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\bytes beschikbaar
[02/03/2008|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[22/08/2007|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[22/08/2007|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/07/2007|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
[11/07/2009|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
[15/03/2008|20:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[01/01/2009|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[02/09/2005|10:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[02/09/2005|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[20/07/2009|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Juniper Networks
[20/10/2007|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Last.fm
[13/07/2009|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[26/07/2009|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[12/07/2009|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17/10/2005|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[26/07/2007|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[09/07/2007|11:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
[09/07/2007|13:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
[26/07/2009|19:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[21/07/2009|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[20/09/2005|11:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[24/11/2005|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[0|bestand(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
[24|map(pen)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar
[13/09/2004|15:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/09/2005|10:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
[02/09/2005|10:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
[13/09/2004|14:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/09/2005|10:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[02/09/2005|10:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[0|bestand(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
[8|map(pen)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar
[14/06/2008|13:41] C:\DOCUME~1\EDC\APPLIC~1\Adobe
[29/01/2007|12:50] C:\DOCUME~1\EDC\APPLIC~1\AdobeUM
[22/08/2007|14:23] C:\DOCUME~1\EDC\APPLIC~1\Apple Computer
[26/07/2007|13:40] C:\DOCUME~1\EDC\APPLIC~1\Brother
[19/03/2008|21:42] C:\DOCUME~1\EDC\APPLIC~1\Creative
[25/05/2006|18:11] C:\DOCUME~1\EDC\APPLIC~1\CyberLink
[12/06/2006|17:31] C:\DOCUME~1\EDC\APPLIC~1\Google
[20/07/2009|11:52] C:\DOCUME~1\EDC\APPLIC~1\Help
[20/07/2009|11:55] C:\DOCUME~1\EDC\APPLIC~1\ICAClient
[13/09/2004|15:12] C:\DOCUME~1\EDC\APPLIC~1\Identities
[02/09/2005|10:26] C:\DOCUME~1\EDC\APPLIC~1\Intel
[01/03/2007|16:22] C:\DOCUME~1\EDC\APPLIC~1\iWin
[02/09/2005|10:34] C:\DOCUME~1\EDC\APPLIC~1\Jasc Software Inc
[20/07/2009|11:41] C:\DOCUME~1\EDC\APPLIC~1\Juniper Networks
[06/06/2006|12:01] C:\DOCUME~1\EDC\APPLIC~1\Lavasoft
[05/06/2006|12:08] C:\DOCUME~1\EDC\APPLIC~1\Leadertech
[24/05/2006|12:00] C:\DOCUME~1\EDC\APPLIC~1\Macromedia
[26/07/2009|19:18] C:\DOCUME~1\EDC\APPLIC~1\Malwarebytes
[29/05/2006|12:20] C:\DOCUME~1\EDC\APPLIC~1\Microsoft
[01/06/2007|17:48] C:\DOCUME~1\EDC\APPLIC~1\Mozilla
[30/07/2009|23:10] C:\DOCUME~1\EDC\APPLIC~1\Orbit
[27/02/2008|22:11] C:\DOCUME~1\EDC\APPLIC~1\Real
[05/09/2007|18:54] C:\DOCUME~1\EDC\APPLIC~1\ScanSoft
[14/06/2007|19:02] C:\DOCUME~1\EDC\APPLIC~1\Slide
[05/06/2006|12:08] C:\DOCUME~1\EDC\APPLIC~1\Sonic
[02/09/2005|10:24] C:\DOCUME~1\EDC\APPLIC~1\Sun
[12/12/2006|12:34] C:\DOCUME~1\EDC\APPLIC~1\Symantec
[01/06/2007|17:51] C:\DOCUME~1\EDC\APPLIC~1\Talkback
[24/05/2006|11:34] C:\DOCUME~1\EDC\APPLIC~1\Toshiba
[10/07/2008|02:54] C:\DOCUME~1\EDC\APPLIC~1\U3
[0|bestand(en)] C:\DOCUME~1\EDC\APPLIC~1\bytes
[32|map(pen)] C:\DOCUME~1\EDC\APPLIC~1\bytes beschikbaar
[12/09/2005|21:38] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Adobe
[12/09/2005|21:38] C:\DOCUME~1\ERIKDE~1\APPLIC~1\AdobeUM
[10/09/2005|18:54] C:\DOCUME~1\ERIKDE~1\APPLIC~1\CyberLink
[13/09/2004|15:12] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Identities
[02/09/2005|10:26] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Intel
[02/09/2005|10:34] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Jasc Software Inc
[10/09/2005|21:53] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Leadertech
[14/09/2005|11:45] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Microsoft
[10/09/2005|21:53] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Sonic
[02/09/2005|10:24] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Sun
[08/09/2005|14:46] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Symantec
[10/09/2005|18:25] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Toshiba
[0|bestand(en)] C:\DOCUME~1\ERIKDE~1\APPLIC~1\bytes
[14|map(pen)] C:\DOCUME~1\ERIKDE~1\APPLIC~1\bytes beschikbaar
[26/07/2009|19:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Juniper Networks
[22/07/2009|23:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[18/01/2008|22:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[0|bestand(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
[5|map(pen)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar
[13/09/2004|14:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[10/09/2005|18:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[0|bestand(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
[4|map(pen)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[12/07/2009 17:50][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[01/06/2009 15:24][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[30/07/2009 23:25][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[30/07/2009 08:39][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[13/07/2008|17:14] C:\Program Files\Adobe
[02/09/2005|10:27] C:\Program Files\Apoint
[12/05/2008|22:58] C:\Program Files\Apple Software Update
[02/09/2005|10:25] C:\Program Files\ATI Technologies
[23/10/2008|22:51] C:\Program Files\Belgacom
[02/09/2005|10:28] C:\Program Files\Broadcom
[26/07/2007|13:34] C:\Program Files\Brother
[20/07/2009|11:48] C:\Program Files\Citrix
[30/07/2009|09:45] C:\Program Files\Common Files
[13/09/2004|15:04] C:\Program Files\ComPlus Applications
[02/09/2005|10:11] C:\Program Files\CONEXANT
[15/03/2008|19:24] C:\Program Files\Creative
[02/09/2005|10:30] C:\Program Files\CyberLink
[02/09/2005|10:33] C:\Program Files\Dell
[02/09/2005|10:34] C:\Program Files\Dell Inc
[02/09/2005|10:27] C:\Program Files\Digital Line Detect
[05/08/2006|15:07] C:\Program Files\directx
[05/08/2006|15:06] C:\Program Files\DV3300 PC Camera
[11/07/2009|15:26] C:\Program Files\eMule
[28/07/2009|20:41] C:\Program Files\ERUNT
[28/07/2009|21:59] C:\Program Files\FLV Player
[28/07/2009|21:59] C:\Program Files\FLV-player
[02/04/2006|13:13] C:\Program Files\ForceVision
[08/01/2009|00:56] C:\Program Files\Google
[30/07/2009|09:25] C:\Program Files\HijackThis
[19/02/2007|15:56] C:\Program Files\ING
[15/03/2008|19:27] C:\Program Files\InstallShield Installation Information
[02/09/2005|10:26] C:\Program Files\Intel
[02/09/2005|10:26] C:\Program Files\Intel, Inc
[30/07/2009|08:38] C:\Program Files\Internet Explorer
[22/12/2007|22:11] C:\Program Files\internet programmas
[18/04/2006|19:20] C:\Program Files\Intersentia
[25/01/2006|13:18] C:\Program Files\Jasc Software Inc
[11/07/2009|13:44] C:\Program Files\Java
[01/03/2007|20:11] C:\Program Files\Jewel Quest 2
[27/07/2007|13:26] C:\Program Files\Juniper Networks
[25/04/2009|12:34] C:\Program Files\Last.fm
[13/07/2009|21:44] C:\Program Files\Lavasoft
[28/07/2009|20:43] C:\Program Files\Lop S&D
[26/07/2009|22:58] C:\Program Files\Malwarebytes' Anti-Malware
[20/09/2008|17:52] C:\Program Files\Messenger
[13/09/2004|15:07] C:\Program Files\microsoft frontpage
[20/09/2005|11:15] C:\Program Files\Microsoft Office
[02/09/2005|10:32] C:\Program Files\Microsoft Visual Studio
[14/09/2005|12:23] C:\Program Files\Microsoft Windows Small Business Server
[02/09/2005|10:39] C:\Program Files\Microsoft Works
[02/09/2005|10:32] C:\Program Files\Microsoft.NET
[02/09/2005|10:26] C:\Program Files\Modem Helper
[20/09/2008|17:39] C:\Program Files\Movie Maker
[02/03/2008|21:54] C:\Program Files\Mozilla Firefox
[13/09/2004|15:03] C:\Program Files\MSN Gaming Zone
[15/11/2006|20:02] C:\Program Files\MSXML 4.0
[20/09/2008|17:35] C:\Program Files\NetMeeting
[02/09/2005|10:27] C:\Program Files\NetWaiting
[19/09/2005|20:07] C:\Program Files\OfficeUpdate11
[13/09/2004|15:05] C:\Program Files\Online Services
[03/11/2006|16:11] C:\Program Files\Oracle applications
[26/07/2009|23:06] C:\Program Files\OTM
[20/09/2008|17:35] C:\Program Files\Outlook Express
[25/10/2008|17:47] C:\Program Files\Photo Resizer
[02/06/2006|14:24] C:\Program Files\PhotoFiltre
[20/09/2005|11:14] C:\Program Files\PowerPoint Viewer
[27/08/2007|14:35] C:\Program Files\QuickTime
[15/09/2005|15:18] C:\Program Files\Real
[26/07/2007|13:31] C:\Program Files\ScanSoft
[17/10/2006|14:20] C:\Program Files\Sewer Run
[15/03/2008|19:25] C:\Program Files\SightSpeed
[02/09/2005|10:11] C:\Program Files\Sigmatel
[03/11/2006|15:54] C:\Program Files\Sitemap generator
[14/06/2007|19:02] C:\Program Files\Slide
[21/09/2005|12:04] C:\Program Files\Sonic
[24/12/2007|18:58] C:\Program Files\Soulseek
[20/09/2005|13:56] C:\Program Files\Sybase
[26/07/2009|19:14] C:\Program Files\Temp File Cleaner
[02/09/2005|10:29] C:\Program Files\Toshiba
[13/09/2004|15:12] C:\Program Files\Uninstall Information
[06/12/2006|14:14] C:\Program Files\Windows Media Connect 2
[20/09/2008|17:35] C:\Program Files\Windows Media Player
[20/09/2008|17:35] C:\Program Files\Windows NT
[13/09/2004|15:05] C:\Program Files\WindowsUpdate
[13/09/2004|15:07] C:\Program Files\xerox
[29/11/2005|22:47] C:\Program Files\XP Codec Pack
[28/07/2009|21:29] C:\Program Files\Xvid
[02/11/2006|13:29] C:\Program Files\Yahoo!
[12/07/2009|03:56] C:\Program Files\Zapu
[0|bestand(en)] C:\Program Files\bytes
[87|map(pen)] C:\Program Files\bytes beschikbaar
--------------------\\ Listing Folders in C:\Program Files\Common Files
[02/03/2008|16:39] C:\Program Files\Common Files\Adobe
[22/08/2007|14:15] C:\Program Files\Common Files\Apple
[02/09/2005|10:32] C:\Program Files\Common Files\DESIGNER
[26/07/2007|13:33] C:\Program Files\Common Files\InstallShield
[02/09/2005|10:24] C:\Program Files\Common Files\Java
[11/07/2009|15:19] C:\Program Files\Common Files\Microsoft Shared
[13/09/2004|15:05] C:\Program Files\Common Files\MSSoap
[13/09/2004|14:59] C:\Program Files\Common Files\ODBC
[23/04/2008|09:17] C:\Program Files\Common Files\Real
[26/07/2007|13:31] C:\Program Files\Common Files\ScanSoft Shared
[13/09/2004|15:05] C:\Program Files\Common Files\Services
[21/12/2005|16:43] C:\Program Files\Common Files\Sonic Shared
[13/09/2004|14:59] C:\Program Files\Common Files\SpeechEngines
[09/07/2007|11:42] C:\Program Files\Common Files\SupportSoft
[28/07/2009|22:05] C:\Program Files\Common Files\SWF Studio
[26/07/2009|19:14] C:\Program Files\Common Files\Symantec Shared
[20/09/2008|17:34] C:\Program Files\Common Files\System
[30/08/2007|18:01] C:\Program Files\Common Files\Wise Installation Wizard
[23/04/2008|09:17] C:\Program Files\Common Files\xing shared
[0|bestand(en)] C:\Program Files\Common Files\bytes
[21|map(pen)] C:\Program Files\Common Files\bytes beschikbaar
--------------------\\ Process
( 64 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !

--------------------\\ Searching for Lop Files - Folders
No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 23:27:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

No other infections found !
[F:1457][D:16]-> C:\DOCUME~1\EDC\LOCALS~1\Temp
[F:2347][D:0]-> C:\DOCUME~1\EDC\Cookies
[F:1412][D:4]-> C:\DOCUME~1\EDC\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - di 28/07/2009|20:51 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - do 30/07/2009| 9:50 - Option : [4]
3 - "C:\Lop SD\LopR_3.txt" - do 30/07/2009|23:31 - Option : [4]
--------------------\\ Scan completed at 23:31:01



Kapersky:


C:\WINDOWS\NDNuninstall7_22.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\WINDOWS\NDNuninstall7_48.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
Gootmorik's Avatar
Junior Member with 13 posts.
  
Join Date: Jul 2009
31-Jul-2009, 04:49 AM #18
HijackThis log
HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:41, on 31/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://rabru.bakernet.com/dana-cached/setup/JuniperSetupSP1.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Settings Manager_Untrusted_BZ (ccSetMgr_Untrusted_BZ) - Unknown owner - C:\Virtual\Untrusted\C_\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11400 bytes
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
31-Jul-2009, 09:34 AM #19
Hi
Quote:
I encountered several error messages and was actually wondering if it wouldn't be easier to delete all current Java programs and install a complete and up to date version of it?
Ummm... isn't that what I instructed you to do?
Quote:
Originally Posted by jmw3
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version
I would have like to have seen the entire Kaserpsky log.

Delete Files & Folders
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete them (some may not be present after previous steps):

C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\NDNuninstall7_48.exe

Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
Remove ComboFix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run then copy/paste the following bolded text into the Run box and click OK:
ComboFix /u
  • Double-click OTM
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it yourself
You can delete the following from your desktop:
DDS.scr
The Gmer.exe file (it will be randomly named .exe file)
TFC.exe
Fix.reg
Any logs that may have been saved to your desktop
If you haven't already done so, open Malwarebytes' Anti-Malware, click Quarantine then Delete All. Close the program.
You should also remove HijackThis. You can do this by going to C:\Program Files\Trend Micro\HijackThis
  • Double click HijackThis.exe
  • From the Main menu click Open the Misc Tools section
  • Using the scroll bar, scroll down to Uninstall HijackThis
  • Click Uninstall HijackThis & exit then click Yes at the prompt
Any problems?
__________________
Teacher, Malware Removal University - You too could train to help others
Member - UNITE, Alliance of Security Analysis Professionals
Topics not replied to within 3 days will be removed from my Subscribed Threads List
Gootmorik's Avatar
Junior Member with 13 posts.
  
Join Date: Jul 2009
01-Aug-2009, 11:47 AM #20
Almost there
For the Kapersky log, I could not copy it in the reply, that's why I copied the relevant parts individually. I am adding an attachment to this message with the enitre log, hope this works.

For the combo fix removal, I did as instructed but when I try to run the program, the file is not found.

I guess I can also remove the Lop S&D and the ERUNT programs?

I removed the other files you listed if I could find them, if they could not be found, I guess they were already removed.

Therewith I guess you have helped me clean up my computer in a very thorough way and I am incredibly grateful for that. Would gladly send you a box of Belgian chocolates if I thought they would survive the trip to sunny Australia.

In any case thanks a lot!!
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
jmw3's Avatar
Computer Specs
Senior Member with 1,464 posts.
  
Join Date: Jul 2007
Location: Port Hedland Western Australia
01-Aug-2009, 01:53 PM #21
Hi
Quote:
I guess I can also remove the Lop S&D and the ERUNT programs?
The OTM Clean Up routine should have removed those, however if they are still present it's ok to delete them.

Quote:
Therewith I guess you have helped me clean up my computer in a very thorough way and I am incredibly grateful for that. Would gladly send you a box of Belgian chocolates if I thought they would survive the trip to sunny Australia.
No problem at all... Glad I could help.

All Clean
Congratulations, good work, your system is now clean. Now that your system is safe we would like you to keep it that way.
Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Create a Clean System Restore Point
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and click OK
Ensure the boxes for Temporary Files & Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore click Clean up... and click Yes to the prompt
Click OK and Yes to confirm.

Set Correct Settings For Files That Should Be Hidden In Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab
  • Under Hidden files and folders if necessary select Do not show hidden files and folders
  • If unchecked, checkHide protected operating system files (Recommended)
  • If necessary check Display content of system folders
  • If necessary Uncheck Hide file extensions for known file types
  • Click OK

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version: Adobe Reader 9.1
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Adobe 9 is a large program and if you prefer a smaller program you can get Foxit 3 instead from http://www.foxitsoftware.com/pdf/rd_intro.php
Note: Do not install anything dealing with AskBar... presented as an installation option.

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can find a tutorial here. I would recommend you keep this updated & run it regularly.

SpywareBlaster
Download and install Javacools SpywareBlaster from here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Download BlueTack's HOSTS Manager here, using Internet Explorer (Firefox won't work):
  • A short distance down the page in the centre, click on the Download button
  • Agree to the license
  • On the next page, to the right side of where it says Download Estimates, right click on the underlined word Hosts Manager choose Save Target As and download the installer Hosts20setup.exe to your desktop
  • Double click the Installer on your desktop and let it Install the Hosts Manager
  • After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the other Hosts Switch icon from your desktop)
  • When the Hosts Manager comes up, click the small down arrows on the right side of the bar labeled Options and Tools,
  • Click Disable DNS Service. This is important
  • In the Left Pane, click Download
  • It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save
You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.
If you have a separate party firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Web of Trust
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and Internet Explorer.

Install WinPatrol
Download it here
You can find information about how WinPatrol works here

Read some information here on how to prevent Malware.

Hopefully these steps will help keep your computer clean.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
__________________
Teacher, Malware Removal University - You too could train to help others
Member - UNITE, Alliance of Security Analysis Professionals
Topics not replied to within 3 days will be removed from my Subscribed Threads List
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 2 of 2 1 2

Tags
advertisement, adware, cid, malware, spyware

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 02:23 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.