Hi, sorry about the wait! It's a busy time. I can understand why you were slow. There was a significant amount of malware on the system.
Mbam has remove a large amount of malware.
Have SAS remove the Tracking Cookies. See image here:
http://screenshots.en.softonic.com/en/scrn/50000/50803/3_antispy4.jpg
Reset Cookies: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.
Update Java:
Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 10 ):
http://java.com/en/download/manual.jsp
Please install it and then reboot your computer
.
Please re-open HiJackThis and scan.
*Check* the boxes next to all the entries listed below.
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\Poker\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\Poker\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
Take both of these OUT of the Trusted zone, one at a time. When you boot into Safe Mode when finished with HijackThis entries, you will place both of them in the Restricted Zone. For now, just check to remove.
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
Did you do a TrendMicro scan online at one time? You will want to stop and uninstall now as it might conflict with the AVG antivirus:
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) -
http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) -
http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
Now close all windows other than HiJackThis, then click
Fix Checked. Close HiJackThis and reboot into Safe Mode:
Start> Run> type in 'msconfig' without quotes> enter> Selective Startup> Startup tab> UNCHECK everything except the antivirus, firewall, touchpad for laptop> Apply> OK.
We will recommend a firewall when finished.
Open Internet options> Security tab> Restricted sites> Sites> add each of the following domains, one at a time:
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
Control Panel> add/Remove Programs> Uninstall the following if present:
All Java except v6u10
If you find any other program that you don't use or need, uninstall it. If you can't identify it, include with your next log.
Reboot into Normal Mode. Close the nag message after checking 'don't show this message again'.
Run HijackThis and attach the new log. If you are still slow, you have entries on startup that came be taken off.
About the games: if you keep the entries installed as you have them, you will continue to pick up malware infections:
Please remove this shortcut from the QuickLaunch Toolbar:
QUICK LAUNCH\TITAN POKER.LNK
Remove ANY of the current shortcuts for this on the Desktop.
Remove any shortcuts for the following:
VICTOR CHANDLER
If you have these installed on your computer, open Windows Explorer> Programs> right click on the program and scan with the antivirus program.
