1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Advice on 'dirty' computer

Discussion in 'Virus & Other Malware Removal' started by Roe727, Jul 10, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    I am cleaning out a friend's computer.

    I ran Adaware, onlyy found 6 things,
    Spybot came up clean.
    Deleted cookies.

    Ran Housecall and it came up with...these and I it 'fixed' everything except the last 2 vulnerabilities.
    Freeloader_spywarestormer

    Adware_BHOT_starware

    Adware_BHO_myway

    Http Cookies

    (MS04-027) Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)

    (MS04-028) Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)


    Then I came here to post a hijackthis only to have the computer freeze up on me. I ended up having to hold the power button in and restart it and when scancheck came on it said that the volume was DIRTY??? I let it run and how I'm posting a hijackthis log that I am hoping someone can look at and give me advice on.

    Thanks...
    Roe


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:26:52 PM, on 7/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n033p/EN/install/gtdownlr.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 5034 bytes
     
  2. curlylad

    curlylad

    Joined:
    Apr 26, 2005
    Messages:
    444
    Hello hepher and welcome to Tech Support Guy.

    My name is curlylad and I will be helping you to remove any infection(s) that you may have.

    I have to let experts check the content of my fixes before I post them so be patient.

    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    If for any reason you do not understand an instruction or are just unsure then please do not guess , simply post back with your query and we will go through it again.

    Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

    Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


    I will be back as soon as possible with your first instructions !
     
  3. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    No problem. I'll await your post.

    Thanks...
     
  4. curlylad

    curlylad

    Joined:
    Apr 26, 2005
    Messages:
    444
    Good Morning Roe727

    I have had chance to look at your HijackThis log and have your first instructions ready:-


    STEP 1

    Firewall

    Looking at your HijackThis log I do not see evidence of a Firewall.
    This may be because you are using the Windows Firewall.
    The Windows Firewall only checks incoming traffic to your system so is only doing half the job a good Firewall should be doing.
    It is very important that you have a Firewall if you are using the Internet.
    I strongly recommend that you disable the Windows Firewall if you are using it and try one of my suggested Firewalls below.
    For your reference here is the link to some very good free firewalls

    Kerio http://www.sunbelt-software.com/Kerio.cfm
    Zone Alarm http://www.zonelabs.com/store/content/home.jsp

    For more information on firewalls see http://forum.malwareremoval.com/viewtopic.php?p=56#56

    When you have selected which Firewall to download
    • Download the program to your desktop
    • Disconnect from the Internet
    • Disable the Windows Firewall, if you are unsure of how to do this here is a tutorial to help http://www.utmem.edu/helpdesk/sp2/sp2firewall.htm
    • Double click the Firewall download icon on your desktop to start the installation process.
    • You may be asked to reboot your system to complete the installation process, please do so if required.
    • You may now reconnect to the Internet.



    STEP 2

    Download Programs

    AVG Anti Spyware

    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    When you have followed the above instructions close the program.

    DO NOT run a scan with this program until asked to do so.



    ATF Cleaner

    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    DO NOT run a scan with this program until asked to do so.



    STEP 3

    Uninstall Programs
    • Click Start, click Run
    • In the Open: dialog box type appwiz.cpl, click OK
    • Add and Remove Programs now opens
    • Please now locate and remove/uninstall the following programs if present:-

    Starware
    Viewpoint
    myway
    mysearch




    STEP 4

    DELL and MyWay

    By default DELL mahines come installed with MyWay.
    MyWay in itself is not actually malware, however it's anonymous reporting of a users surfing activities to MyWay affiliates so they can bombard the user with targeted advertising makes it's very being let us say slightly more than dubious.
    MyWay can also come bundled with other dubious programs such as Grokster, Morpheus, WeatherBug to name a few.

    If you wish to keep this program then I must respect your wishes, however my advice would be to remove MyWay immediately.
    To remove MyWay please follow this instruction.
    • Click Start, click Run
    • Copy and paste the following highlighted text into the Open: dialog box:-

      msiexec.exe /x{78d944d7-a97b-4004-ab0a-b5ad06839940}
    • Click OK, click Yes if prompted.

    That should then remove all traces of MyWay.



    STEP 5

    Use HijackThis
    • Open HijackThis
    • Click Do a system scan only
    • Place a tick or check mark next to the following entries:-

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
      O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n033p/EN/install/gtdownlr.cab
      O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    • Now click the Fix Checked button.

      Still using HijackThis
    • Click the Config button
    • Click the Misc Tools button
    • Click the Delete an NT Service button
    • In the dialog box type Exactly this text Viewpoint Manager Service
    • Click OK.
    • Close HijackThis.

    PLEASE NOTE - In the above instructions I have asked that you delete the Yahoo! Toolbar.
    This was because it showed (no file), this means it may not be working properly if at all.
    If you wish to use the Yahoo! Toolbar then follow the above instructions and then reinstall the Toolbar.



    STEP 6

    Delete Folders
    • Click My Computer
    • Double Click the C Drive
    • Double click the Folder Program Files
    • Locate the Folder Viewpoint, right click it and select Delete.
    • Now Double click the Folder Common Files
    • Locate the Folder Viewpoint, right click it and select Delete.



    STEP 7

    ATF Cleaner

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.



    STEP 8

    Run AVG Anti Spyware

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Do not automatically generate reports.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        [​IMG]
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot your system.



    STEP 9

    Create an Uninstall List/fresh HijackThis Log
    • Open HijackThis
    • Click Open the Misc Tools section
    • Click Open Uninstall Manager
    • Click Save List...
    • Save the list to your Desktop
    • Under Other Stuff click the Back button
    • Now click the Scan button
    • Click the Save Log button, save it to your Desktop
    • Close HijackThis.



    STEP 10

    Panda Active Scan

    • Please go HERE to run PandaActiveScan...
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to your desktop.



    STEP 11

    Report Back
    • Please can you now post back the AVG Anti Spyware Report
    • The Panda Active Scan Report
    • The Uninstall List
    • A fresh HijackThis Log.

    I will review the information and provide any further necessary steps as soon as possible.
     
  5. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    STEP 1
    Zone used to be free. Do you know of any free firewalls out there?
    This person I'm cleaning this out for is on a limited budget.



    STEP 2
    I downloaded AVG Anti Spayware and it is ready to go when instructed.

    AVT Cleaner is installed and ready to go also.



    STEP 3
    STARWARE--NOT FOUND

    VIEWPOINT--There is a Viewpoint manager, Viewpoint Media Player and Viewpoint Toolbar.
    Should I remove any of these.

    Myway--not found

    Mysearch--Not found



    STEP 4
    Removed Myway as instructed



    STEP 5
    Deleted the listed items in hijackthis.



    STEP 6
    Did as instructed on the deletion of the Viewpoint folders, but on the Common Files/Viewpoint folder I got this error message:
    'Cannot delete FotomatShellExt.dll: Access is denied.'



    STEP 7
    Ran ATG Cleaner. Opera wasn't an option (it was in gray), but deleted the other files in Main and Firefox.


    STEP 8
    AVG Anti-Spyware came up clean.


    STEP 9
    UNINSTALL LIST
    Ad-Aware SE Personal
    Adobe Flash Player 9 ActiveX
    Adobe Reader 7.0.8
    Adobe Shockwave Player
    AIM 6.0
    AOLIcon
    Arctic Quest (remove only)
    AVG Anti-Spyware 7.5
    AVG Free Edition
    Bricks of Camelot (remove only)
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon S820
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    CCScore
    Chicken Invaders 3 - Christmas Edition (remove only)
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Game Console
    DellSupport
    Digital Content Portal
    Dream Day Wedding (remove only)
    Dynomite Deluxe 2.70y
    EducateU
    ESPNMotion
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESShelp
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    essvcpt
    Family Feud (remove only)
    Feeding Frenzy 2 (remove only)
    GemMaster Mystic
    Hidden Expedition - Titanic (remove only)
    High Definition Audio Driver Package - KB835221
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 2.0.2
    HLPPDOCK
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows XP (KB888795)
    Hotfix for Windows XP (KB891593)
    Hotfix for Windows XP (KB895961)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB899337)
    Hotfix for Windows XP (KB899510)
    Hotfix for Windows XP (KB902841)
    Hotfix for Windows XP (KB912024)
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    Java 2 Runtime Environment, SE v1.4.2_03
    kgcbaby
    kgcbase
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kodak EasyShare software
    KSU
    Microsoft .NET Framework 1.0 Hotfix (KB887998)
    Microsoft .NET Framework 1.0 Hotfix (KB930494)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Office Professional Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    MSXML 4.0 SP2 (KB927978)
    Musicmatch for Windows Media Player
    NetZeroInstallers
    Notifier
    OfotoXMI
    OTtBP
    OTtBPSDK
    Otto
    Pizza Frenzy
    PowerDVD 5.5
    QuickTime
    RealArcade
    Security Update for Microsoft .NET Framework 2.0 (KB928365)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    SFR
    SHASTA
    SKIN0001
    SKINXSDK
    Slingo Quest (remove only)
    Sonic Encoders
    Spybot - Search & Destroy 1.4
    staticcr
    Trivial Pursuit (remove only)
    Tropix
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB900930)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB936357)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Viewpoint Toolbar
    VPRINTOL
    WebCyberCoach 3.2 Dell
    Wheel of Fortune (remove only)
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Media Connect
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB887797
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890927
    Windows XP Media Center Edition 2005 KB908250
    Windows XP Media Center Edition 2005 KB912067
    WIRELESS
    Wobbly Bobbly (remove only)
    Yahoo! Browser Services
    Yahoo! Messenger
    Zuma Deluxe 1.0


    HIJACKTHIS LOG

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:02:18 AM, on 7/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\notepad.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 4735 bytes


    STEP 10
    Ran Panda and here are the results:


    Incident Status Location

    Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Susan Zweig\Application Data\Registry Cleaner
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Susan Zweig\Cookies\susan [email protected][1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Susan Zweig\Cookies\susan [email protected][1].txt
    Potentially unwanted tool:Application/ViewPoint Not disinfected C:\Program Files\Trend Micro\HijackThis\backups\backup-20070711-085647-861.dll


    There ya go.....Let me know what to do next.

    Thanks...
    Roe
     
  6. curlylad

    curlylad

    Joined:
    Apr 26, 2005
    Messages:
    444
    Good Evening Roe727

    First I'll address the points you raised and then we'll move on to your next instructions.

    Zone Alarm still has a free edition.
    In the instructions below I will provide a direct link for the download


    Starware - I wasn't sure if it was going to be present, the fact that it isn't is fine.
    VIEWPOINT - The 3 programs you mention do need to be removed but I will advise how with the instructions below.
    Myway/Mysearch - Again that is fine.


    The file FotomatShellExt.dll is associated with Viewpoint, so when we later remove the programs it will remove this file and stop the error message.


    OK, you've done great so far but the works not done yet.

    Here are your next instructions

    IMPORTANT

    You must not try to recap or re-do any of the previous instructions.
    I have provided below a new set of instructions that will take into account all the points you raised and incorporate them into the new set of instructions.




    STEP 1

    Zone Alarm Firewall

    We will try to download and install Zone Alarm Free Edition with these new instructions.




    STEP 2

    Java Update

    You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of perceived vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6u2 .

    To check your version to see if it is the latest version, Please go to this link to verify your version to get the updates needed:

    You'll need to use IE and allow ActiveX for this update. Follow the instructions on that page to verify Your Java software.

    Or you can get the manual download here:



    STEP 3

    Adobe Update


    There is a newer version of Adobe Acrobat Reader available.
    • Please go to this link Adobe Acrobat Reader Download Link
    • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts

    When the installation is complete please follow on like so:-
    • Click Start, click Run
    • In the Open: dialog box type appwiz.cpl, click OK
    • Add and Remove Programs now opens
    • Please now locate and remove/uninstall the following programs if present:-

    Adobe Reader 7.0.8
    Java 2 Runtime Environment, SE v1.4.2_03
    Viewpoint manager
    Viewpoint Media Player
    Viewpoint Toolbar




    STEP 4

    Use HijackThis
    • Open HijackThis
    • Click Do a system scan only
    • Place a tick or check mark next to the following entries:-

      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    • Now click the Fix Checked button
    • Close HijackThis.



    STEP 5

    ATF Cleaner

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.



    STEP 6

    Run AVG Anti Spyware

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Do not automatically generate reports.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        [​IMG]
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot your system.



    STEP 7

    Report Back
    • Please can you now post back the AVG Anti Spyware Report
    • A fresh HijackThis Log.

    I will review the information and provide any further necessary steps as soon as possible.
     
  7. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    Two notes: The computer is really slow booting up. I only have 3 things ticked in msconfig, which are: ehtray, avgcc, zlclient.

    Also, I only have until Friday to work on this computer and then I'll be on vacation for a week, so if we don't finish I will pick up on it when I get back. I will be returning it to it's owner so that they have a computer while I'm away.

    I appreciate all your help and will await the next post.


    Step 1
    Downloaded ZoneAlarm and Disabled the Windows FIrewall.

    STEP 2
    Updated Java.

    STEP 3
    Updated Adobe.

    Adobe Reader 7.0.8---not there.
    Java 2 Runtime Environment, SE v1.4.2_03--removed

    All threee of these said that 'an error occured while uninstalling',
    that they may have been uninstalled previously. to click ok to remove them from the list...so I did.
    Viewpoint manager
    Viewpoint Media Player
    Viewpoint Toolbar

    STEP 4
    Ran Hijackthis....this wasn't present?
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    STEP 5
    Ran ATF-Cleaner

    STEP 6
    Ran AVG Anit0Spyware and it came up clean.

    STEP 7
    Hijackthis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:51:59 AM, on 7/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 5304 bytes
     
  8. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    I just took the side off and blew out all the dust with compressed air. Seemed to boot up a little bit faster.
     
  9. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    While waiting to hear back.
    I ran another Housecall scan and Adware _Bestoffers came up.

    Otherwise it just showed cookies and these again:

    (MS04-027) Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)

    (MS04-028) Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
     
  10. curlylad

    curlylad

    Joined:
    Apr 26, 2005
    Messages:
    444
    Good Evening Roe727

    Thanks for the explanation on how each step went.

    I will answer your concerns before we continue.
    Your computer has just lost some of the baggage or junk that it may have been carrying round for God knows how long and may take a little time to reconfigure itself.
    Further down this post I have provided instructions on how to address a slow system.

    When you say you have 3 things ticked in msconfig, I presume you mean in the Startup tab.
    2 of the items you mentioned are:- avgcc and zlclient.
    They show me that your Anti Virus and firewall programs are installed and running from startup as they should.
    These are the 2 main things that are essential to be running from the Startup tab and anything else is by user choice, so in answer to your query - that is fine.

    As for your time scale, you must appreciate that we provide our time for free and cannot therefore guarantee precise or exact times when we can reply to your posts.
    However you must trust me when I say that we all love doing this work and try our level best to reply as promptly or quickly as we can.
    Each and every client is as important to us as if it were our own system and I know I speak for all the other helpers here when I say that we will reply as soon as possible to each and every log and client.


    In an additional post you showed concerns over some new issues, please address those issues like so:-

    You mentioned Adware_Bestoffers please run your installed program Ad-Aware SE Personal
    to eliminate this minor threat.


    Please read this article to help with the issue (MS04-027) Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)

    http://support.microsoft.com/kb/884933


    Please read this article to help with the issue (MS04-028) Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

    http://www.microsoft.com/athome/security/update/bulletins/200409_jpeg.mspx

    OK, let's now move on to your next instructions.


    STEP 1

    Java

    In my last set of instructions I provided a link to update to the latest Java.
    It appears that you updated to version Java Runtime Environment (JRE) 6u1
    I need you to follow the previous instructions to update Java but this time follow the download link so that you update to
    Java Runtime Environment (JRE) 6u2.

    When you have updated go into Add/Remove Programs and uninstall version Java Runtime Environment (JRE) 6u1.



    STEP 2

    AVG Anti Spyware Real-Time Protection

    You are using the free version of AVG Anti-Spyware.
    This is a 30 day trial which includes real-time protection, after the 30 day trial if you wish to keep the free version then the real-time protection is removed but the service remains on your system.
    This service can therefore be removed as it is unnecessary and this will save on system resources.

    To disable the service follow this instruction.
    • Click 'Start', click 'Run'
    • Type 'services.msc, click 'OK'
    • Locate and right click over 'AVG Anti-Spyware Guard'
    • Select properties
    • Click on the startup type drop down box
    • Select disabled
    • Click 'Apply' and 'OK'
    • Close the services window.

    If in future you wish to upgrade to the full version simply reverse the instructions above.



    STEP 3

    Downloaded Programs

    During the fix processes I have requested that you download some programs to help us to do this.

    AVG Anti Spyware---> I advise that you keep this and run a scan with it once a week, it will help to remove all manner of nasties.

    ATF Cleaner---> This is a small very handy program that will eliminate all sorts of clutter and junk, I advise you keep this and run once or twice a week.



    STEP 4

    Slow System

    You mentioned that the system was still a little slow.
    As I said this is not uncommon and malware may not be the cause.
    Please follow the instructions in the following document that may help with your speed issue.

    It only remains for me to say now:-

    Congratulations, good work, your system is now clean.

    Now that your system is safe we would like you to keep it that way.

    Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

    STEP 1 - Microsoft Windows Update

    Click Start > Control Panel > Security Centre and make sure that Automatic Updates are On.

    Thinking of upgarding to IE 7 ?
    Follow this link for information on IE7 http://www.ie-vista.com/



    STEP 2 – Create a clean system restore point

    Now that your system is clean you should SET A NEW RESTORE POINT to prevent reinfection from an old restore point. Any malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    The easiest and safest way to set a new RESTORE POINT:
    1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
    2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    3. Then go to Start > Run and type: Cleanmgr
    4. Click "OK".
    5. Click the "More Options" Tab.
    6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.



    STEP 3 - Make your Internet Explorer more secure

    Open Internet Explorer click Tools > Options > Security tab > Internet icon to highlight > Custom Level, then select the following options:-
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialise and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    Click OK, then Apply > OK to exit the Internet Properties page.



    STEP 4 - Anti Virus Software

    It is very important that your computer has an anti-virus software running on your machine and that it is kept up to date.
    For future reference you could try this other free version for home, non-networked, single user use.

    Avast Anti Virus http://www.avast.com/
    For more information on anti-virus programs see http://forum.malwareremoval.com/viewtopic.php?p=53#53



    STEP 5 – Firewall

    It is very important that you have a Firewall if you are using the Internet.
    For your reference here is the link to another very good free firewall

    Kerio http://www.sunbelt-software.com/Kerio.cfm
    For more information on firewalls see http://forum.malwareremoval.com/viewtopic.php?p=56#56



    STEP 6 – Windows Defender

    Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software.

    Download and install Windows Defender from http://www.microsoft.com/athome/security/spyware/software/default.mspx



    STEP 7 - SpywareBlaster

    Download and install Javacools SpywareBlaster from http://www.javacoolsoftware.com/spywareblaster.html
    SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

    Hopefully these steps will help keep your computer clean, glad I could be of assistance.

    If there are any other questions then feel free to ask or in future do not hesitate to contact us here at Tech Support Guy
     
  11. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    Well thank you. I did everything and I sincerely appreciate all your help.

    Rosemary

    :)
     
  12. curlylad

    curlylad

    Joined:
    Apr 26, 2005
    Messages:
    444
    You are very welcome, glad all is OK :)
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/594088

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice