# TechSpot

Jan 6, 2010
1. Hello, I am having trouble getting rid of two buttons that have just appeared on my "start" browser yesterday.

One of them used to be a red circle with a white "x" but for some reason after I have been tinkering around with the Piriform CCleaner it has dissapeared.

I still have two other buttons that keep spouting up mal-ware defense windows every other minute or so and came to the conclusion that they are not part of windows. One of them says "Windows Security Alert" with a shield that contains red, blue, green and yellow. The other one is a shield with yellow coloring the inside and an exlamation mark in the middle.

After looking at the 8-step process provided by the forum I was able to only successfully install the CCleaner. But when I downloaded the rest of the other protection programs from the step process I found out that my computer for some reason is not allowing me to run them. Can I get some feedback on this?

Thank you

3. ### PresterJohn54TS RookieTopic Starter

Here is the report that I recieved from HijackThis. Please let me know if the data has any significance.

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} (Java Plug-in) - https://qutime.quinnipiac.edu/wfcstatic/plugins/jre-1_5_0_16-windows-i586-p.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = quinnipiac.edu
O17 - HKLM\Software\..\Telephony: DomainName = quinnipiac.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = quinnipiac.edu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = quinnipiac.edu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

4. ### BobbyeHelper on the FringePosts: 16,335   +36

PresterJohn54, sorry for the delay. Since you weren't given any appropriate help, if you are still having the problem let me know.

The log you left for HijackThis isn't complete. The entire top part is missing.

Let me know your status and I'll try to guide you.You should also let us know if you are currently a student using the quinnipiac.edu ISP.

5. ### PresterJohn54TS RookieTopic Starter

Hello Bobby

I have uploaded the hijackthis file into the attachments. As of right now the only thing that is harassing me is a window that keeps popping up every 45 seconds or so on my screen. It says that "Internet Explorer has encountered a problem and needs to shut down" Even though I am using FireFox and basically never go on IE anymore.

On a different note I have done some investigation work in my add/remove files and have found out that there is one file that would normally be safe to remove. However the thing is that I am unable to remove this particular file (Google Toolbar for Internet Explorer). I think that file is the reason why I keep getting the annoying window.

Also to answer your question I believe I am still using the quinnipiac.edu ISP since I still have one semester left at the University.

Hope the info provided above helped!

File size:
11.1 KB
Views:
1
6. ### BobbyeHelper on the FringePosts: 16,335   +36

For this:
Use the Event Viewer to find the Error that corresponds to the time of the IE crash. Errors are time-coded so when it happens, check the computer clock then:

Start> Run> type in eventvwr

Do this on each the System and the Applications logs:
[1]. Click to open the log>
[2]. Look for the Error>
[3] .Right click on the Error> Properties>
[4]. Click on Copy button, top right, below the down arrow >
[5]. Paste here (Ctrl V)
[6].NOTES
• You can ignore Warnings and Information Events.
• If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
• You don't need to include the lines of code in the box below the Description, if any.
• Please do not copy the entire Event log.

Regarding the Google Toolbar. When a programs is running, it usually won't let you uninstall it.
I think it's also easier to do this in Safe Mode:

Boot into Safe Mode
• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Use the msconfig utility: Start> Run> type in msconfig> enter> Start tab> Selective Startup> uncheck the Google Toolbar> Apply> OK

Open IE> Right click on the Toolbar> click to Uncheck the Google Toolbar.

Now try the uninstall. Google added an updater called 'notifier' which is suppose to look for updates. For myself, I couldn't see much sense in auto-updating a toolbar so I shut mine down.

Reboot back in to Normal Mode> NOTE: The first time you reboot after using msconfig to make a change, you will get a nag message. This can be ignored and closed after checking 'don't show this message again.' Stay in Selective Startup.

7. ### PresterJohn54TS RookieTopic Starter

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 1/14/2010
Time: 8:28:47 PM
User: N/A
Computer: W1-RFPASSARO
Description:
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00d51626.

Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 38 2e 30 2e 36 30 e 8.0.60
0028: 30 31 2e 31 38 37 30 32 01.18702
0030: 20 69 6e 20 75 6e 6b 6e in unkn
0038: 6f 77 6e 20 30 2e 30 2e own 0.0.
0040: 30 2e 30 20 61 74 20 6f 0.0 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 64 35 31 36 32 36 0d 0a d51626..

8. ### BobbyeHelper on the FringePosts: 16,335   +36

No information in this one.

9. ### PresterJohn54TS RookieTopic Starter

I followed the last instructions that you gave me, and funny enough I found a box that said "Web browser tool bar" was already unchecked. As for "Internet Explorer Toolbar" I could not even find the box for it. Stuff like that has already left me scratching my head.

In order to top that off I have tried running system restore on safe mode. It did not work for me though. The problem was after I picked the date to complete the system restore all I had to do was press "Next". However no matter how many times I pressed "Next" it did not continue on to the next page. This to me proves that there is still a virus in my computer. (Other programs that fail to start up in safe mode is Avira and Malware bytes)

Also it is very unfortunate that you did not get anything from that data on the window pop-up. I still see it coming every minute or so and it is very distracting.

10. ### BobbyeHelper on the FringePosts: 16,335   +36

If sound like there are Windows Updates downloaded and that you are being told they need to be installed. the shield is from the security center. The yellow triangle is used for a Warning or Error. In the combination you describe, that's my best guess.

You expressed concern about the Google Toolbar. That's what I addressed. I did not mention either "Web browser tool bar" or "Internet Explorer Toolbar". What I said was:
and that's exactly what I meant. The Google Toolbar shows as the Google Toolbar and it appears you misread how to remove it. Internet Explorer has a Toolbar at the top- most or all browsers do. It has the icons for copy and paste, Back, Forward, Home, Refresh, etc. It isn't named Internet Explorer Toolbar- it's simply the toolbar on Internet Explorer. If you would prefer, you can click on View> Toolbars and uncheck there. Same outcome.

Since you have no system specs and you did not include the top part of the HijackThis log, I don't know what operating system you're using. what I gave is for Windows XP. Adapt if needed.

Topic Status:
Not open for further replies.