Maleware problems

Dell Inspiron 1545
June 6, 2010 at 06:23:19
Specs: Microsoft Windows XP Professional sp3, 1.995 GHz / 3032 MB
I have google redirects. I googled eset online scanner clicked first link that said eset nod/32 it redirected me to another site.
it took me here.

http://www.savecompare.com/?mkt=us&...
I have scanned with maleware bytes and super antispyware. removed all that was found. Please someone helo me. I need the issue resolved. Thanks xpuser4real for your suggestion. Now I need to do a online scan. And my AVG has been currupted by the viruses.

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


See More: Maleware problems

Report •

#1
June 6, 2010 at 07:48:11
try avast free:
http://www.filehippo.com/download_a...
and allow it to do a bootscan on reboot.

Did you try trojan remover and hitman pro yet? They should help to remove rootkits, etc.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#2
June 7, 2010 at 04:55:45
Avast free found nothing. Did a boot scan and a scan in windows and nothing. I am still getting google redirects.
I am going to try hitman and the other trojan program.

update
ran hitman pro. The report said that setup_av_free.exe could be unsafe and that trjsetup681.exe could be unsafe. So hitman is no good it gives faulse possitives. I still have google redirects. I will read the other messages posted on google redirects and see what can be done.

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#3
June 7, 2010 at 06:27:30
combofix may sort out your problem:
http://www.bleepingcomputer.com/com...
Follow the instructions on the website.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

Related Solutions

#4
June 7, 2010 at 06:30:12
What about Hi Jack this? If I can post the log?

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#5
June 7, 2010 at 08:13:01
I have scanned with combo fix. Not sure if it found anything. I managed to get the newest version of AVG the paid. I have until February left on the paid version. The redirects before would occur when I googled for the AVG. But anyway I still have redirects. I was trying to look up some things for my taxes and some page came up called my freeze like it did before. So looks like there could still be some infections. I am going to download and install spybot. But I still think I need to run HiJack This. Also where in the world if the log for combofix?

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#6
June 7, 2010 at 09:47:56
you are NOT to use the computer untill combofix is completed, that's why you didn't see the log. When it is done, the log pops up and you can start using the computer again.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#7
June 7, 2010 at 18:14:57
The log popped up. I need to reopen it. I did NOT use the computer before it completed.
I just found it was saved in C:\. do I need to post it? And combo fix installed the recovery console. I tried booting to the recovery console and get a B.S.O.D

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#8
June 8, 2010 at 06:22:13
I still have a toolbar called Alot Toolbar. I looked in the Add/Remove and it is not there. It is only on Firefox and not IE susprise suprise! Everytime I run a scan with Super Antispyware it finds a maleware trace in the registery. It found that only today and said to reboot to remove. I will scan again and see what it finds.

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#9
June 10, 2010 at 13:49:02
Still have the Alot toolbar. Is not in add/remove. I have installed the professional trial version of super antispyware amd it will not remove it. I have scanned with maleware bytes scanned with spybot scanned with trojan remover. No luck and Windows is slow booting up. It stays on the welcome screen longer than it should. I need someone PLEASE suggest a hijack log? I need to use my laptop at church this weekend but can't until the problems are solved. The toolbar is in firefox I know. I am pretty sure it's in IE also. I do have the tool bar unchecked. But still it needs to be removed before it causes problems every now and then I get redirects.


Thanks

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#10
June 11, 2010 at 00:17:42
Toolbars can be shown in HJT (and removed from it).

Post it here to have a look and give advices.

;) Security Made Easy ;)


Report •

#11
June 11, 2010 at 03:06:01
Step 1. To remove Google Redirect Virus, you need to follow these steps :
Please click on "Start-->Run". Type "devmgmt.msc" and Click on OK. This will run Device Manager. In Device Manager, click on "View-->Show Hidden Devices".

Step 2. Please expand all the devices by click on the "Plus" sign. Now try to find "TDSSserv.sys" right click Disable. Please make sure that you do not select the Un-Install option otherwise infection will be back once you reboot your computer.

Step 3. After disabling the TDSSserv.sys, please download a Spyware Remover and remove Google redirect Virus completely from your system. Please note that you need to remove several registry entries to remove it completely and you never know If you have other threats in your system. Be wise and remove it with a Spyware Remover Software.

Kristain Hayes


Report •

#12
June 11, 2010 at 19:32:04
SSH Guy wrote


Toolbars can be shown in HJT (and removed from it).
Post it here to have a look and give advices.

Are you telling me to post my hijack log? Here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:44 PM, on 6/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\program files\idt\xpm09_6047v002\wdm\STacSV.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BarQuery Service - AVG Technologies CZ, s.r.o. - (no file)
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\xpm09_6047v002\wdm\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 11005 bytes

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#13
June 13, 2010 at 14:39:09
Did anyone see the log I posted?
SSH Guy?
What do you think? Like I said it stays on the welcome screen longer than it should. Stays there 5 or 10 seconds and it was not always like that.
<edit>
I googled for a trojan scanner. I found a program called trojan hunter.
http://www.trojanhunter.com/
Trojan Hunter found combofix as a trojan. And I have already ran the combofix and it suggested I install XP Recovery console. I now have an option on startup to go into the recover console. My system blue screens when I try to boot to recovery console.
<edit>
I am getting pop up boxes. It is like ads popping up in a small box on the lower right side. I ran a scan with Super Antispyware Pro (trial) It found some adware. I hope to soon get this clean.


Thanks

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#14
June 14, 2010 at 17:36:30
OK I just found out. The ads that pop up are from http://www.pricegong.com/
Is it adware? The ad pops up like when I am on ebay or searching google.
<edit>
I found the price going in Add/Remove programs.
Has anyone looked at the hijack this I posted? The alot search is still there. AVG paid version scans every night and hasn't found anything.

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#15
June 15, 2010 at 15:21:56
I see now I posted at http://hijackthis.de/ it tells me what to remove. I am sorry I misunderstood.

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#16
June 15, 2010 at 15:27:26
If I had the PC here it would have been fixed ages ago I'll bet. You just seem like you don't want to follow people's suggestions. There were many, but I have NO idea what you are doing.

If you said you found the alot toolbar in HJT why didn't you remove it? Did you try pasting your HJT results in:
http://hijackthis.de/
and then googling the questionable entries to see if they can be safely removed. Persistance is the key, don't be afraid to google anything you don't understand, it will broaden your knowledge tenfold.

PS: Why did you ever get AVG paid version, beats the heck out of me as Avast free runs circles around it.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#17
June 15, 2010 at 15:46:15
I did n ot know anything about http://hijackthis.de/ And the alot was in add/remove I removed it and it there is still an option to show it in my browsers IE and Firefox. And I have done what was suggested. XpUserforReal you are one that has tried to help and I thank you. I did post the hijack log in this thread because it was suggested and the suggestor has not came back and replied.

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#18
June 16, 2010 at 02:06:03
Hi TechNut,

Sorry I was out. My head is in South Africa ))

So here is how you can get rid of some advertisements.

Please do the following:

1) Run HijackThis.exe again
2) Click on "Do a system scan only" button
3) Put checks near the following items in scan results:

O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - (no file)
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - (no file)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.exe (file missing)

4) Click on Fix Checked
5) Reboot

This should fix some problems with advertisements.

Answer to your questions:

....The ads that pop up are from http://www.pricegong.com/
Is it adware?....

Legitimate software or site rarely or never use pop ups. It is adware.

Never heard of Trojan hunter - better don't use it.

Advise:

I see you stuffed your browser with lots of toolbars extra buttons etc.

Is it comfortable for you to have a decimeter of buttons on top of your screen? Leave only essential for you everuday work.

You stuffed your system with lots of antiviruses.

This thing reduces system perfomance. Leave one active antivirus you trust - they interfere each other. You can leave passive scanner as Malwarebytes or SAS.

Sincerely,

;) Security Made Easy ;)


Report •

#19
June 16, 2010 at 08:28:20
Thanks SSHGuy
I have ran it and posted it on hijackthis.de and removed the nasty items. Also I removed what you suggested. The system still hangs about 30 seconds on the XP welcome screen. My P4 2.4 with 1 GB boots up faster. This laptop has 3 GB ram and is dual core so it should boot up. Something is causing it to hang. I have removed AVG and I am going to try another AV program. Last week I removed AVG and tried Avast with the boot scan and it did not find anything. I guess I will just work on the problem whenever I can. I am on vacation next week and will be home all week so if I have to reinstall I will do it then. And maybe try Windows 7 on this system.

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#20
June 18, 2010 at 08:40:04
I still seem to have the alot toolbar and myfreeze search. I typed in google for removal tools. I found PC Tools spyware Doctor and it found 114 infections but it will not allow me remove them unless I buy the program. I have removed AVG installed Avast free and ran another scan. Still no infections. Also Super Antispyware and maleware bytes did not find anything. Is there a FREE program to remove the infections?

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#21
June 18, 2010 at 09:52:46
I am not able to go to my IE start page. I got a not found on server with a google logo my start page is
http://www.google.com/ig/dell/

If I try and open that page in firefox it goes to
http://search.freeze.com/search.asp...

nothing seems to be fixing the issue.


Another combofix log.

ComboFix 10-06-17.03 - User 06/18/2010 12:41:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2574 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\win.com

.
((((((((((((((((((((((((( Files Created from 2010-05-18 to 2010-06-18 )))))))))))))))))))))))))))))))
.

2010-06-18 15:30 . 2010-06-18 15:30 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Threat Expert
2010-06-16 16:42 . 2010-06-16 16:42 -------- d-----w- c:\documents and settings\User\Interactive
2010-06-16 16:42 . 2010-06-16 16:42 -------- d-----w- c:\documents and settings\User\log
2010-06-16 15:31 . 2010-06-16 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2010-06-15 22:29 . 2010-02-28 00:46 3691384 ----a-w- c:\documents and settings\User\Application Data\Simply Super Software\Trojan Remover\kup627.exe
2010-06-15 01:00 . 2010-06-15 01:00 -------- d-----w- c:\documents and settings\User\Application Data\PriceGong
2010-06-15 00:51 . 2010-06-15 00:51 -------- d-----w- c:\program files\Enigma Software Group
2010-06-15 00:50 . 2010-06-15 01:06 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-06-15 00:50 . 2010-06-15 00:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-14 23:43 . 2010-06-14 23:44 -------- d-----w- c:\program files\Common Files\Motive
2010-06-14 23:43 . 2010-06-14 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-06-13 22:31 . 2010-06-13 22:31 -------- d-----w- c:\documents and settings\User\Application Data\TrojanHunter
2010-06-13 22:05 . 2010-06-15 01:02 -------- d-----w- c:\program files\TrojanHunter 5.3
2010-06-12 02:31 . 2010-06-16 16:47 -------- d-----w- c:\program files\Trend Micro
2010-06-09 09:49 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 21:28 . 2010-06-08 21:29 63488 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-08 21:28 . 2010-06-08 21:28 52224 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-08 21:28 . 2010-06-08 21:29 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-08 21:27 . 2010-06-08 21:27 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2010-06-08 21:27 . 2010-06-08 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-08 21:27 . 2010-06-11 10:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-08 12:44 . 2010-06-16 14:32 0 ----a-w- c:\documents and settings\User\Local Settings\Application Data\prvlcl.dat
2010-06-07 16:19 . 2010-06-07 16:19 -------- d-----w- c:\documents and settings\User\Application Data\Safer Networking
2010-06-07 16:18 . 2010-06-07 16:18 -------- d-----w- c:\program files\Safer Networking
2010-06-07 15:19 . 2010-06-16 14:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-07 15:19 . 2010-06-16 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-07 12:06 . 2010-06-18 15:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-07 12:04 . 2006-06-19 16:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-06-07 12:04 . 2006-05-25 18:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-06-07 12:04 . 2005-08-26 04:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-06-07 12:04 . 2003-02-02 23:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-06-07 12:04 . 2002-03-06 04:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-06-07 12:04 . 2010-06-07 12:04 -------- d-----w- c:\program files\Trojan Remover
2010-06-07 12:04 . 2010-06-07 12:04 -------- d-----w- c:\documents and settings\User\Application Data\Simply Super Software
2010-06-07 12:04 . 2010-06-07 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-06-07 11:57 . 2010-06-09 20:36 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-07 11:57 . 2010-06-07 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-07 11:57 . 2010-06-07 11:57 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-07 03:11 . 2010-06-07 03:11 -------- d-----w- c:\program files\Alwil Software
2010-06-07 03:11 . 2010-06-07 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-06 13:34 . 2010-06-06 20:44 -------- d-----w- c:\program files\Microsoft
2010-06-06 13:33 . 2010-06-06 13:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 13:32 . 2010-06-06 20:46 -------- d-----w- c:\program files\Bing Bar Installer
2010-06-05 21:04 . 2010-06-05 21:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-05 21:00 . 2010-06-05 21:00 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\The Weather Channel
2010-06-05 20:58 . 2010-06-06 08:03 -------- d-----w- c:\program files\W3i, LLC
2010-06-05 20:57 . 2010-06-06 20:44 -------- d-----w- c:\program files\BarQuery
2010-06-05 20:57 . 2010-06-05 20:57 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-06-05 20:57 . 2010-06-15 00:38 -------- d-----w- c:\program files\PriceGong
2010-06-05 20:57 . 2010-06-05 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2010-06-05 20:57 . 2010-06-06 16:59 -------- d-----w- c:\documents and settings\User\Application Data\myfreezetoolbar
2010-06-05 20:57 . 2010-06-05 20:57 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\WeatherBug
2010-06-05 20:57 . 2010-06-05 20:57 -------- d-----w- c:\documents and settings\User\Application Data\WeatherBug
2010-06-05 20:57 . 2010-06-05 20:57 18944 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-06-05 20:38 . 2010-06-02 15:55 45056 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\s1tlmdrj.default\extensions\toolbar@alot.com\components\AlotXpcom.dll
2010-06-05 20:31 . 2010-06-05 20:31 135680 --sha-r- c:\windows\system32\w95inf16P.dll
2010-06-05 20:29 . 2010-06-05 20:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-04 02:36 . 2010-06-04 02:40 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-06-04 01:58 . 2010-06-04 01:58 -------- d-----w- c:\program files\WinASO
2010-05-31 22:50 . 2010-05-31 22:50 -------- d-----w- c:\documents and settings\User\Application Data\Roxio
2010-05-31 21:59 . 2010-05-31 21:59 -------- d--h--r- c:\documents and settings\All Users\Application Data\Atheros
2010-05-31 21:58 . 2007-12-14 08:31 57408 ----a-w- c:\windows\system32\drivers\wsimd.sys
2010-05-31 21:57 . 2010-05-31 21:57 -------- d-----w- c:\program files\NETGEAR
2010-05-31 21:57 . 2010-05-31 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NETGEAR
2010-05-31 21:57 . 2010-05-31 21:57 -------- d-----w- c:\windows\Downloaded Installations
2010-05-31 01:27 . 2010-05-31 01:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-31 01:27 . 2010-06-18 12:46 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-05-31 01:26 . 2010-06-18 13:11 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-05-31 01:26 . 2010-05-31 01:26 -------- d-----w- c:\program files\Common Files\Skype
2010-05-31 01:26 . 2010-06-15 01:03 -------- d-----r- c:\program files\Skype
2010-05-31 01:26 . 2010-05-31 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-30 21:24 . 2010-05-30 21:24 -------- d-----w- c:\program files\LG Electronics
2010-05-30 21:24 . 2008-11-11 17:42 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2010-05-30 21:24 . 2008-11-11 17:41 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2010-05-30 21:24 . 2008-11-11 17:41 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2010-05-29 21:37 . 2010-05-31 16:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Conduit
2010-05-27 17:43 . 2010-05-27 17:43 -------- d-----w- c:\program files\ESET
2010-05-26 00:59 . 2010-05-26 00:59 -------- d-----w- c:\windows\Sun
2010-05-25 00:40 . 2010-05-25 00:40 -------- d-----w- c:\program files\YouTube Downloader
2010-05-24 14:35 . 2010-05-24 14:35 -------- d-----w- c:\program files\AVG
2010-05-24 01:28 . 2010-05-24 01:28 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1ae81e50-n\msvcp71.dll
2010-05-24 01:28 . 2010-05-24 01:28 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1ae81e50-n\jmc.dll
2010-05-24 01:28 . 2010-05-24 01:28 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1ae81e50-n\msvcr71.dll
2010-05-24 01:28 . 2010-05-24 01:28 -------- d-----w- c:\program files\Common Files\Java
2010-05-24 01:28 . 2010-05-24 01:28 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4012fcf1-n\decora-sse.dll
2010-05-24 01:28 . 2010-05-24 01:28 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4012fcf1-n\decora-d3d.dll
2010-05-24 01:28 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-24 01:25 . 2010-05-24 01:25 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2010-05-24 01:21 . 2010-05-24 01:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 23:03 . 2010-04-21 02:53 -------- d-----w- c:\program files\Yahoo!
2010-06-07 00:18 . 2010-04-20 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-05-31 21:59 . 2010-04-20 18:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-30 21:24 . 2010-04-20 18:28 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-29 21:51 . 2010-04-21 15:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 12:03 . 2010-04-21 02:53 -------- d-----w- c:\program files\CCleaner
2010-05-24 01:28 . 2010-04-20 18:32 -------- d-----w- c:\program files\Java
2010-05-24 01:25 . 2010-04-22 00:37 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2008-04-13 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-13 23:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-04-21 15:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-04-21 15:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 15:04 . 2010-04-20 22:30 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-04-22 02:24 . 2010-04-22 02:24 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-22 01:04 . 2010-04-22 01:04 0 ----a-w- c:\windows\nsreg.dat
2010-04-22 01:00 . 2010-04-21 02:53 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2010-04-22 00:40 . 2010-04-22 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-04-21 20:53 . 2010-04-20 20:25 63984 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-21 18:15 . 2010-04-20 18:08 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-21 15:37 . 2010-04-21 15:37 -------- d-----w- c:\program files\MSXML 4.0
2010-04-21 15:22 . 2010-04-21 15:22 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-21 15:19 . 2010-04-21 15:19 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-04-21 15:19 . 2010-04-21 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-21 12:32 . 2010-04-21 12:32 -------- d-----w- c:\program files\trailer park tycoon
2010-04-21 12:28 . 2010-04-21 12:27 377 ----a-w- c:\windows\PowerReg.dat
2010-04-21 12:25 . 2010-04-21 12:25 -------- d-----w- c:\program files\Hasbro Interactive
2010-04-21 11:48 . 2010-04-21 02:02 -------- d-----w- c:\program files\Microsoft Games
2010-04-21 02:38 . 2010-04-21 02:38 -------- d-----w- c:\program files\Activision Value
2010-04-21 02:33 . 2010-04-21 02:33 26 ----a-w- c:\windows\winstart.bat
2010-04-21 02:33 . 2010-04-21 02:33 123 ----a-w- c:\windows\tmpcpyis.bat
2010-04-21 02:33 . 2010-04-21 02:33 122 ----a-w- c:\windows\tmpdelis.bat
2010-04-21 02:31 . 2010-04-21 02:31 -------- d-----w- c:\program files\Headgames
2010-04-21 02:30 . 2010-04-21 02:30 -------- d-----w- c:\program files\Oquirrh
2010-04-21 02:24 . 2010-04-21 02:24 -------- d-----w- c:\program files\EA SPORTS
2010-04-21 02:23 . 2010-04-21 02:22 -------- d-----w- c:\program files\Hard Truck 18 Wheels
2010-04-21 02:09 . 2010-04-21 02:09 -------- d-----w- c:\program files\Rockstar Games
2010-04-21 02:03 . 2010-04-21 02:03 56832 ------w- c:\windows\system32\iyvu9_32.dll
2010-04-21 02:03 . 2010-04-21 02:03 143872 ------w- c:\windows\system32\iacenc.dll
2010-04-21 02:03 . 2010-04-21 02:03 756736 ------w- c:\windows\system32\ir41_32.dll
2010-04-20 22:33 . 2010-04-20 22:33 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-04-20 22:33 . 2010-04-20 22:30 -------- d-----w- c:\program files\Logitech
2010-04-20 22:33 . 2010-04-20 22:33 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2010-04-20 22:32 . 2010-04-20 22:32 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2010-04-20 22:32 . 2010-04-20 22:32 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2010-04-20 22:31 . 2010-04-20 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-04-20 22:30 . 2010-04-20 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-04-20 22:04 . 2010-04-20 22:04 -------- d-----w- c:\program files\Common Files\L&H
2010-04-20 22:00 . 2010-04-20 22:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-20 21:55 . 2010-04-20 21:55 -------- d-----w- c:\program files\Microsoft Works
2010-04-20 21:51 . 2010-04-20 21:51 -------- d-----w- c:\program files\Microsoft.NET
2010-04-20 21:45 . 2010-04-20 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2010-04-20 21:45 . 2010-04-20 21:45 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-04-20 21:45 . 2010-04-20 21:43 -------- d-----w- c:\program files\Roxio
2010-04-20 21:44 . 2010-04-20 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-04-20 21:44 . 2010-04-20 21:44 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-20 21:44 . 2010-04-20 21:43 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-20 21:43 . 2010-04-20 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-04-20 21:39 . 2010-04-20 21:39 -------- d-----w- c:\documents and settings\User\Application Data\CyberLink
2010-04-20 21:37 . 2010-04-20 21:37 -------- d-----w- c:\program files\CyberLink
2010-04-20 20:59 . 2010-04-20 20:54 27262976 ----a-w- C:\VIRTPART.DAT
2010-04-20 20:40 . 2010-04-20 20:40 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-04-20 20:40 . 2010-04-20 20:40 -------- d-----w- c:\program files\Dell DataSafe Online
2010-04-20 20:36 . 2010-04-20 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-20 20:36 . 2010-04-20 20:35 -------- d-----w- c:\program files\Symantec
2010-04-20 20:36 . 2010-04-20 20:36 -------- d-----w- c:\documents and settings\User\Application Data\Symantec
2010-04-20 20:36 . 2010-04-20 20:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-20 20:07 . 2010-04-20 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-04-20 20:07 . 2010-04-20 20:07 69120 ----a-w- c:\documents and settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
2010-04-20 20:07 . 2010-04-20 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-04-20 20:07 . 2010-04-20 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-04-20 20:07 . 2010-04-20 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC-Doctor
2010-04-20 20:07 . 2010-04-20 20:07 -------- d-----w- c:\program files\Dell Support Center
2010-04-20 20:07 . 2010-04-20 20:07 -------- d-----w- c:\program files\Common Files\supportsoft
2010-04-20 18:48 . 2010-04-20 18:48 -------- d-----w- c:\program files\MSBuild
2010-04-20 18:48 . 2010-04-20 18:48 -------- d-----w- c:\program files\Reference Assemblies
2010-04-20 18:38 . 2010-04-20 18:14 -------- d-----w- c:\program files\Intel
2010-04-20 18:37 . 2010-04-20 18:37 -------- d-----w- c:\program files\Marvell
2010-04-20 18:37 . 2010-04-20 18:37 -------- d-----w- c:\documents and settings\User\Application Data\TMP
2010-04-20 18:33 . 2010-04-20 18:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-20 18:33 . 2010-04-20 18:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-04-20 18:33 . 2010-04-20 18:33 -------- d-----w- c:\program files\DellTPad
2010-04-20 18:30 . 2010-04-20 18:14 -------- d-----w- c:\program files\Dell
2010-04-20 18:28 . 2010-04-20 18:28 -------- d-----w- c:\program files\IDT
2010-04-20 18:18 . 2010-04-20 18:17 -------- d-----w- c:\program files\Realtek
2010-04-20 18:17 . 2010-04-20 18:17 -------- d-----w- c:\documents and settings\User\Application Data\InstallShield
2010-04-20 18:14 . 2010-04-20 18:14 45056 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2010-04-20 18:14 . 2010-04-20 18:14 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2010-04-20 18:08 . 2010-04-20 18:08 -------- d-----w- c:\program files\microsoft frontpage
2010-04-20 18:06 . 2010-04-20 18:06 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-20 05:30 . 2008-04-13 23:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2009-01-09 1712128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2008-07-11 16:15 466944 ----a-w- c:\windows\system32\AESTFltr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-08-02 03:12 200704 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 23:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2010-02-09 17:34 1807680 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-01-30 04:50 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2003-12-17 19:51 94208 ----a-w- c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-09-16 18:01 178712 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-09-16 18:02 150040 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-02-08 05:12 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-02-08 05:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 21:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 01:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-09-16 18:02 150040 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 20:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-06-11 10:15 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-04-22 00:37 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-07-21 14:42 442460 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ACS"=2 (0x2)
"YahooAUService"=2 (0x2)
"wlidsvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"GhostStartService"=2 (0x2)
"BarQuery Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [12/17/2003 3:41 PM 5632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/20/2010 2:28 PM 108160]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [4/20/2010 2:17 PM 160256]
S0 cerc6;cerc6; [x]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2.sys --> c:\windows\system32\DRIVERS\WN111v2.sys [?]
S4 BarQuery Service;BarQuery Service; [x]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/21/2010 8:57 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 00:57]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\s1tlmdrj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=CYB4DF&PC=CYB4&q=
FF - prefs.js: browser.search.selectedEngine - ALOT Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=11077&client_id=88a8455ccbc808252809f5a1&camp_id=1091&install_time=2010-06-05T20:38Z&tb_version=2.4.3000%28F%29&pr=auto&q=
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\s1tlmdrj.default\extensions\toolbar@alot.com\components\AlotXpcom.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 12:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
.
Completion time: 2010-06-18 12:46:15
ComboFix-quarantined-files.txt 2010-06-18 16:46
ComboFix2.txt 2010-06-07 13:40

Pre-Run: 231,256,129,536 bytes free
Post-Run: 231,291,215,872 bytes free

- - End Of File - - 24BA5516804EC1A451511739FF19C992

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#22
June 18, 2010 at 12:31:58
You could try Hitman Pro: http://download.cnet.com/Hitman-Pro...

Also, try deleting these entry's in safe mode, if possible:

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.alot.com?client_id=6387...

O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll

O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

#23
June 19, 2010 at 09:53:17
OK Hitman found some infections. It said w95infi6p.dll was a rootkit and I tried to delete it but it would not delete. I am not too sure if the .dll is safe or not. The .dll is in C:\Windows\System32 .

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#24
June 19, 2010 at 09:59:27
Try scanning that particular file with this: http://virusscan.jotti.org/en

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

#25
June 19, 2010 at 10:14:51
Here are the results.

This file has been scanned before. The results for this previous scan are listed below.

Filename: W95INF16.DLL
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Mon 5 Apr 2010 19:13:27 (CET) Permalink

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#26
June 19, 2010 at 12:10:26
'OK Hitman found some infections. It said w95infi6p.dll was a rootkit and I tried to delete it but it would not delete. I am not too sure if the .dll is safe or not'

You are a tough study...use GOOGLE to find some answers, what is so hard about that?

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#27
June 19, 2010 at 18:10:01
If that Joti scan says it's not malware, it's most likely not. As, I too couldn't find anything in a file database search.

Another option to try is Spyware Blaster and or StopZilla.

http://download.cnet.com/Stopzilla/...

http://download.cnet.com/SpywareBla...

Helpful tips before getting started: http://www.computing.net/howtos/sho...</


Report •

#28
June 19, 2010 at 18:37:37
The free stopzilla is a scam:
http://www.complaintsboard.com/comp...
why would you suggest that?

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#29
June 19, 2010 at 19:10:44
Last time I checked, download.com had the trial version which was free only for 15 days, and then you had to pay. If that's the one you're referring to?.

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

#30
June 20, 2010 at 21:12:19
I will leave the stopzilla alone because I had a bad experience before with it.

"You are a tough study...use GOOGLE to find some answers, what is so hard about that?"
I have done that.

Why would you suggest something I have done?

The male ware seems to be gone right now. I am not sure what cause it but when I log on to face book and chat with someone I always get prompted to install apple quick time plug in. Could that be infected? Sounds like a dumb question and I am sorry but maybe it is a fake update like the adobe flash that tricks people on face book? Just curious about it. Even when I install the plug in it keeps asking every time I send a message so something is fishy about it. I have a question about the hitman pro. How do I update it? At first I did not like it because it found Trojan hunter and I got confused with Trojan remover and thought it was giving false positive's.

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#31
June 20, 2010 at 21:31:43
The apple plug in, I'm not sure about. If you can see videos on facebook, and chat, and etc just fine, then I wouldn't worry about it. Hitman Pro, as I currently use myself, should update automatically, I think. Check there website here: http://www.surfright.nl/en/hitmanpro and Trojan Hunter I've never heard of it, but I'm going to look into it myself.

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

#32
June 20, 2010 at 21:40:53
The Trojan hunter. I think it is one that found Trojans but said I had to purchase to remove them. I think it is a scam like stopzilla. I think you all for the help. And sorry if my last reply sounded smart twards XpUser4Real.<edit> I took offense when he asked why I didn't google when I did google the wat he said it. But all is clean now I think. Post back if you find anything about the trojan hunter.

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#33
Report •

#34
June 24, 2010 at 20:11:09
Problem solved. 17 year old nephew was going to porn web cam sites and a trojan from a plug in was installed. Hitman pro found some dangerous DNS or something that connected my desktop to a proxy. And I personally think it got to my laptop either thru the USB jump drive or it got thru the network. It may have been worse if I did not have a router firewall. Thanks for all the help.

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

Ask Question