TechSpot

Malware related issues and trouble uploading virus protection programs

By PresterJohn54
Jan 6, 2010
  1. Hello, I am having trouble getting rid of two buttons that have just appeared on my "start" browser yesterday.

    One of them used to be a red circle with a white "x" but for some reason after I have been tinkering around with the Piriform CCleaner it has dissapeared.

    I still have two other buttons that keep spouting up mal-ware defense windows every other minute or so and came to the conclusion that they are not part of windows. One of them says "Windows Security Alert" with a shield that contains red, blue, green and yellow. The other one is a shield with yellow coloring the inside and an exlamation mark in the middle.

    After looking at the 8-step process provided by the forum I was able to only successfully install the CCleaner. But when I downloaded the rest of the other protection programs from the step process I found out that my computer for some reason is not allowing me to run them. Can I get some feedback on this?

    Thank you
     
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,929   +167

  3. PresterJohn54

    PresterJohn54 TS Rookie Topic Starter

    Here is the report that I recieved from HijackThis. Please let me know if the data has any significance.

    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
    O16 - DPF: {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} (Java Plug-in) - https://qutime.quinnipiac.edu/wfcstatic/plugins/jre-1_5_0_16-windows-i586-p.exe
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = quinnipiac.edu
    O17 - HKLM\Software\..\Telephony: DomainName = quinnipiac.edu
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = quinnipiac.edu
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = quinnipiac.edu
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
    O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe (file missing)
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
    O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    PresterJohn54, sorry for the delay. Since you weren't given any appropriate help, if you are still having the problem let me know.

    The log you left for HijackThis isn't complete. The entire top part is missing.

    Let me know your status and I'll try to guide you.You should also let us know if you are currently a student using the quinnipiac.edu ISP.
     
  5. PresterJohn54

    PresterJohn54 TS Rookie Topic Starter

    Hello Bobby

    I have uploaded the hijackthis file into the attachments. As of right now the only thing that is harassing me is a window that keeps popping up every 45 seconds or so on my screen. It says that "Internet Explorer has encountered a problem and needs to shut down" Even though I am using FireFox and basically never go on IE anymore.

    On a different note I have done some investigation work in my add/remove files and have found out that there is one file that would normally be safe to remove. However the thing is that I am unable to remove this particular file (Google Toolbar for Internet Explorer). I think that file is the reason why I keep getting the annoying window.

    Also to answer your question I believe I am still using the quinnipiac.edu ISP since I still have one semester left at the University.

    Hope the info provided above helped!
     

    Attached Files:

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    For this:
    Use the Event Viewer to find the Error that corresponds to the time of the IE crash. Errors are time-coded so when it happens, check the computer clock then:

    Start> Run> type in eventvwr

    Do this on each the System and the Applications logs:
    [1]. Click to open the log>
    [2]. Look for the Error>
    [3] .Right click on the Error> Properties>
    [4]. Click on Copy button, top right, below the down arrow >
    [5]. Paste here (Ctrl V)
    [6].NOTES
    • You can ignore Warnings and Information Events.
    • If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
    • You don't need to include the lines of code in the box below the Description, if any.
    • Please do not copy the entire Event log.

    Regarding the Google Toolbar. When a programs is running, it usually won't let you uninstall it.
    I think it's also easier to do this in Safe Mode:

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Use the msconfig utility: Start> Run> type in msconfig> enter> Start tab> Selective Startup> uncheck the Google Toolbar> Apply> OK

    Open IE> Right click on the Toolbar> click to Uncheck the Google Toolbar.

    Now try the uninstall. Google added an updater called 'notifier' which is suppose to look for updates. For myself, I couldn't see much sense in auto-updating a toolbar so I shut mine down.

    Reboot back in to Normal Mode> NOTE: The first time you reboot after using msconfig to make a change, you will get a nag message. This can be ignored and closed after checking 'don't show this message again.' Stay in Selective Startup.
     
  7. PresterJohn54

    PresterJohn54 TS Rookie Topic Starter

    Event Type: Error
    Event Source: Application Error
    Event Category: None
    Event ID: 1000
    Date: 1/14/2010
    Time: 8:28:47 PM
    User: N/A
    Computer: W1-RFPASSARO
    Description:
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00d51626.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 46 61 69 6c ion Fail
    0010: 75 72 65 20 20 69 65 78 ure iex
    0018: 70 6c 6f 72 65 2e 65 78 plore.ex
    0020: 65 20 38 2e 30 2e 36 30 e 8.0.60
    0028: 30 31 2e 31 38 37 30 32 01.18702
    0030: 20 69 6e 20 75 6e 6b 6e in unkn
    0038: 6f 77 6e 20 30 2e 30 2e own 0.0.
    0040: 30 2e 30 20 61 74 20 6f 0.0 at o
    0048: 66 66 73 65 74 20 30 30 ffset 00
    0050: 64 35 31 36 32 36 0d 0a d51626..
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    No information in this one.
     
  9. PresterJohn54

    PresterJohn54 TS Rookie Topic Starter

    I followed the last instructions that you gave me, and funny enough I found a box that said "Web browser tool bar" was already unchecked. As for "Internet Explorer Toolbar" I could not even find the box for it. Stuff like that has already left me scratching my head.

    In order to top that off I have tried running system restore on safe mode. It did not work for me though. The problem was after I picked the date to complete the system restore all I had to do was press "Next". However no matter how many times I pressed "Next" it did not continue on to the next page. This to me proves that there is still a virus in my computer. (Other programs that fail to start up in safe mode is Avira and Malware bytes)

    Also it is very unfortunate that you did not get anything from that data on the window pop-up. I still see it coming every minute or so and it is very distracting.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    If sound like there are Windows Updates downloaded and that you are being told they need to be installed. the shield is from the security center. The yellow triangle is used for a Warning or Error. In the combination you describe, that's my best guess.

    If you would like to check for malware, please follow the steps HERE. Attach the 3 logs to your next reply.

    You expressed concern about the Google Toolbar. That's what I addressed. I did not mention either "Web browser tool bar" or "Internet Explorer Toolbar". What I said was:
    and that's exactly what I meant. The Google Toolbar shows as the Google Toolbar and it appears you misread how to remove it. Internet Explorer has a Toolbar at the top- most or all browsers do. It has the icons for copy and paste, Back, Forward, Home, Refresh, etc. It isn't named Internet Explorer Toolbar- it's simply the toolbar on Internet Explorer. If you would prefer, you can click on View> Toolbars and uncheck there. Same outcome.

    Since you have no system specs and you did not include the top part of the HijackThis log, I don't know what operating system you're using. what I gave is for Windows XP. Adapt if needed.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.