Moms pc is infected

By drneves7
Oct 28, 2008
  1. Moms pc is infected logs attached now!

    My moms pc is infected with adware and trojans. I bought her this pc a couple of years ago and set it up with all the proper security software and she didnt' like them so she removed them. I am reinstalling most of them. But have a question. Is there a firewall that doesn't have all of the pop ups like zone alarm and the other one listed in the 8 step removal process?

    And I am doing to 8 steps right now and will post the reports when I am done.

    Thanks a bunch Dominic

    Okay added logs thanks a bunch :)
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The Java is out of date. Please update to v7u10 here:

    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below.
    Question: I\Did you set her up on a VPN:
    IF not, please have this entry removed.

    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:
    Start> Run> type in ''msconfig' without the quotes> Selective Start-up> Startup tab> UNCHECK everything except the antivirus and firewall> Apply> OK.

    Start> Run> services.msc> right click on Java Quick Starter> Properties> Change Startup type to Disabled.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
    Reboot> Close the nag message that comes up after checking 'don't show this message again'.

    I'd like you to run ComboFix because of the additional entries in SuperAntispyware, after Malwarebytes was run and in HijackThis. We may have to use a special uninstaller for the Weather program We'll see.

    Please download ComboFix.:

    *With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    *Please disable all security programs, such as antiviruses, antispywares, and firewalls.
    *Also disable your internet connection.

    Run Combo-Fix.exe and follow the prompts.
    **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    **Do not click on the ComoboFix window, as it may cause it to stall.

    Please rerun HijackThis after Combofix and attach both logs.
  3. drneves7

    drneves7 TS Rookie Topic Starter Posts: 82

    I deleted this and shouldn't have after I did I realized it was for her work

    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) -

    is there a way to replace it?

    And here are the logs

    And also java v6u10 is the newest I could find

    Thanks dominic
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I kept this separate so you could review it first, but all is not lost. You should be able to start it up again if all you did was stop this one entry:
    Do a search in the computer for the JuniperSetupSP1 Once you find it, double click to run and reinstall. I think that will handle it.

    ComBoFix shows the other files still installed so you should be okay.

    You should update the Adobe reader. The current version is v9, but I would like to make a suggestion. There is a free PDF Reader program named FoxIt. It does the same thing as Adobe, but doesn't come with all the bloat adobe has. Have HijackThis remove the entries below, either way:
    Here are the URLs for either the update or the new program. Choose the one you want:
    Adobe v9:
    FoxIt: (click on Get It Free)

    One restriction was removed, but there is still one in place:
    Please review the meaning of these settings here:

    And review the information in this Microsoft TechNet article. Decide how to handle it according to the policies of her network:

    I don't see the new Java v6u10 loading and I see the 2 old Java still installed. Please be sure you run the update, and have HijackThis remove the following:
    Unfortunately, Java updates don't overwrite the previous version so we have to clean up ourselves.

    You know the drill to remove the entries and change the Java Service to Disabled.
    When through, run one more HJijackThis scan and if okay, we will remove the cleaning programs and old restore points.
  5. drneves7

    drneves7 TS Rookie Topic Starter Posts: 82

    The only Junipersp1setup I found was a .cab file not sure what to do with that. It asks where to extract it and when you open it says it is an activex control and blah blah so of course I stop there.

    And doing the rest that you listed right after posting this.

    Thanks Dominic
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The 016 entries in the Hijack This log ARE Active X objects. That's what you removed. Use that file.
  7. drneves7

    drneves7 TS Rookie Topic Starter Posts: 82

    Okay removed what I could. From everything I can see Java v6u10 is installed if you are still seeing different something is definitely wrong.

    I didn't see these on HJT or in the folders as listed.
    And I am having no luck reinstalling that activex deal when i try and open it I am asked am I sure I want to open this because it is an activex control and I say yes then it asks what to open it with and that is as far as I can get.

    Thanks once again for you patience
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Dominic, I am copying these from your HijackThis log in the Running Processes section. If you open the logs, you're going to see the same thing. What I put here is a copy and paste- it's not a string I just wrote in:
    and this is the last entry in the log:
    I do not see anything for the Java v6u10 loading.

    As for the VPN: I set it up to bring your attention to it separately. It shouldn't have been removed unless it was checked first which I suggested. If this is through her work, it will most likely have to be set up again. Is there an IT person who could help her with that?

    There is one entry in the Global Startup section which I missed- you might want to remove it:
    * Please download OTCleanIt (
    * Click the CleanUp! button.
    * It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).

    Clear your existing System Restore points and establish a new clean restore point:
    Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
    Next, go to Start > Run and type in cleanmgr> Select the More options tab> Choose the option to clean up System Restore and OK it.
    This will remove all restore points except the new one you just created.

    As an FYI: if she has any speed issue, there are numerous processes starting at boot that don't need to. You can work on that. The ONLY processes that need to start on boot are the antivirus program, firewall, touchpad if laptop and network process if on network. Nothing else. I covered that in my Post #2 using msconfig.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...