My results following the 8-step Removal Program

Status
Not open for further replies.

amartineau

Posts: 11   +0
I had been showing the symtoms of a virus due to google search results redirecting me to other unwanted search engines. Here are the logs as required by the 9-step process. Thank you for making this process available to me and thank you in advance for reviewing my logs.

Take care,

Art

Thank you again for providing this information. This board seems abundant with very knowledgeable and helpful people and I don't mean to push my issue. I see that others posting are in tough shape and need immediate help. I just wanted to know if there is anything particular I needed to do to have someone review my logs to see if I'm free of mal/vir/ad... Thanks again
 

Attachments

  • mbam-log-2009-03-08 (22-47-36).txt
    21.2 KB · Views: 7
  • hijackthis.log
    28.9 KB · Views: 8
  • SUPERAntiSpyware Scan Log - 03-08-2009 - 23-59-21.log
    28.4 KB · Views: 5
My reply will be in two parts due to the large amount of malware entries to be removed. And before I begin, I will say this:

As long as you continue to load and use Limewire, you will continue to get malware.
As long as you load and use Party Gaming and Party Poker, you will continue to get malware.
If you checked the logs from the cleaning programs you used, this would be evident.
So I will go this first round with you. But if you choose to continue with these programs, I will not continue with help.

Part One: DO NOT CLICK FIX until you have checked ALL of the lusted entries in Part One and Part Two: Do not use System Restore. The restore points are infected:
Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below.)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
O2 - BHO: TBSB02751 - {25875464-7327-417C-8264-902D99CF6FD1} - C:\Program Files\Search Enhancer Toolbar\enhancer.dll (file missing)
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - .DEFAULT User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_39.cab
Please continue on to Part Two>
 
Things to consider...

There are entries listed that I suspect you will recognize and may not wish to remove.
There also are entries in which 'need' to be removed.
Please use these suggestions carefully. Please take the time to read specific suggestions referencing each listed entry.
Hopefully if I have errors someone more experienced will step in to display their obvious higher level of understanding. :wave:



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
This entry should be fixed by HijackThis!

O2 - BHO: TBSB02751 - {25875464-7327-417C-8264-902D99CF6FD1} - C:\Program Files\Search Enhancer Toolbar\enhancer.dll (file missing)

Unnecessary (deactivated) entry that can be fixed. enhancer.dll - "Search Enhancer Toolbar" - unidentified Softomate, http://www.ca.com/us/securityadvisor/pes t/pest.aspx?id=453082746 Toolbar - should you have any information about this application, such as its homepage.

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)

This entry should be fixed by HijackThis!
Unnecessary (deactivated) entry that can be fixed.
Visitor's assessment Analyzerdetails

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)

This entry should be fixed by HijackThis!
Unnecessary (deactivated) entry that can be fixed.
Visitor's assessment Analyzerdetails

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

Unnecessary (deactivated) entry that can be fixed. The entry PartyPoker.com has been identified as safe.
Visitor's assessment Analyzerdetails

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

Unnecessary (deactivated) entry that can be fixed. The entry PartyPoker.com has been identified as safe.

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

To be fixed if the entry 'MUSICMATCH MX Web Player ' is unknown.
Unnecessary (deactivated) entry that can be fixed. Unknown buttons or entries in the 'Extras'-menu should be fixed.

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
To be fixed if the entry 'Bodog Poker ' is unknown.
Unnecessary (deactivated) entry that can be fixed. Unknown buttons or entries in the 'Extras'-menu should be fixed.
 
Part Two: continue with Part Two after Part One:
Include ALL of the 018 entries. There are so many, this system will not allow me to list them all. But you need to CHECK ALL for removal:
O18 - Protocol: bw+0 - {6C78D4EF-1626-44FA-ACF8-1180D0BBB173} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot
There will be more. Please run a new HijackThis log and attach to new post after completing Part One and Part Two.
 
Here are the logs as required by the 9-step process.

Art,
The logs you've submitted are displaying numerous concerns, found entries of possible threats. After going through the cleaning process (removing found concerns by means of the anti-spyware program) with each spyware program, please resubmit logs showing results.

Thanks

Art,
I'm going to step out of this now, You have an 'known' expert with Mr. BobbyE Good luck Art!
Please follow his direction carefully he definitely can assist you in better overall performance.
Sorry to **** in Bobby.
 
Thank you Bobbye and BillAllen.

Bobbye, I'll be home this evening and will discontinue use of limewire. I have long stopped running any of the party software. I understand the terms and appreciate the help.

Just to clarify; am I understanding correctly that step one is to click all of the processes in your first reply and fix? Step two being to click on all of the 018's and fix? Or can i fix all of them at the same time?

Also, the following listed item from step 1 seems like a possible aid to my wireless epson printer (I am most likely wrong about this but just looking for clarification and ease of mind):

O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe

-Art
 
Bill, I think you and I were posting about the same time-"2 hours ago" I only saw your reply after I submitted mine! It took me a while to figure out how to stay withing the board line limits and still; get all the info in! It was not any attempt to step into what you started- it wasn't there yet!

Art, Yes you can check ALL of the entries I have given on BOTH replies before you go to the 'Fixed Check' and boot. You have a badly infected system and I am trying to get as much out as I can by removing entries. AFTER this is done, as Bill suggested, we will most likely run more cleaning programs, probably beginning with the original three- it depends on what shows on the HijackThis log.

I did leave one thing out, which I would encourage you to do:

When you click on 'Fix Checked' in the HijackThis log, boot into Safe Mode:
Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK the following:
Limewire
Party Poker
Game Client
Party Gamon
Any other associated file sharing of 'game' entries
EEventManager: this is part of the Epsom Creativity Suite. It does not need to start when you boot. You can launch it manually when needed.
Click on Apply when through> OK.

Start> Control Panel> Add/remove Programs> UNINSTALL the following:
LimeWire
Party Poker
Party Gamon entries
Party Casino and all related entries> RunCasino,
Bodog Poker> Game Client
Reboot into Normal Mode: NOTE: you will get a nag message the first time you do this. You can ignore and close it after checking 'don't show this message again'. Stay in Selective Startup.

It's going to take some work and perseverance to save your system. Ont thing you can do now also is to stop the Tracking Cookies. Be sure Superantispyware was set to remove what it finds.
Reset Cookies:
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.
 
Thanks for the clarification and additional tips Bobbye. I will post my HJT log after following your instructions at some point this evening.
 
Hi Bobbye-

I've followed your instructions. When I have booted up the last two times I have temporarily blocked (through my firewall) the following:

C:\Program Files\Java\jre6\bin\jushed.exe

Not sure if it's harmful, but I figured I'd play it safe during this process. If this exe is harmless please inform and I will allow next time.

Here is my HJT log

By the way. My system performance is already showing dramatic improvement.
 
Bobbye,

I only come on with suggestions that I believe are consistent with 'back to the basics' types of
recommendations. I feel if there are things one can do on a tech forum to assist the experts to enable one such as yourself to assist with more complicated issues I enjoy stepping in. When I learn one of you that are professionally trained and obviously more adept at problem solving than myself, are able to step in that is when I quickly do a 'stage left' no offense was taken.
 
I believe adding help from others is good. But can cause conflict when a support worker is in the middle of the solution (especially with the logs required)

I would like to mention that I don't believe Symantec (or Norton) Antivirus is ideal though. It has certainly been proven at least by this member that it didn't help to stop malware infection coming in.

If it's ok with Bobbye (to be confirmed) I'd say uninstall it and then run the removal tool. And install the much better Avira Antivirus instead. I believe you would be much better off from doing this simple step.

That's my 2cents. Stage right :)
 
Actually I don't run Symantec/Norton AV any longer. I have Norton Password Manager on my machine and use that. I am currently running Windows Live OncCare.
 
kimsland,

For clarification only, the 'support' member was not in the middle of helping upon my response. (per bobbye's reply.) As already stated I was there only in the attempt to assist if there was no one else available.
 
OK, you're doing great! We have more to stop, remove and take off of Startup.

First, as Kim mentioned, you are using two security 'suites'. They contain some of the same utilities and apps, such as antivirus program and firewall. You will need to decide which one you want to keep and uninstall, remove entries for the other: here are the entries:

For Windows Live OneCare:
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
Windows Live OneCare: Antivirus, antispyware, and firewall, Wireless networking security, Online identity theft protection.

For Symantec/Norton:
Symantec/Norton processes:
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe> Part of Symantec's LiveConnect service that delivers large updates and patches for your software. There has been some controversy as to why this package was installed without users being notified.:
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Since you paid for both of these programs, I'll let you decide which to remove, although also like Kim, I encourage removal of Symantec/Norton. Click on Kim's link for that removal tool.

The following is a list of processes to take off of Startup. They are legitimate programs but do NOT need to start on boot. Each can be started manually as needed. I have provided you with short descriptions for some so that you will understand better why they don't need to start and run in the background: To do this:

Reboot the computer into Safe Mode. Restart the computer. Let the logo load. Right after it loads, before Windows would begin to load, start nd continue tapping the F8 key until Safe Mode comes up. This mode will prevent error from processes and Service that are running:
Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK the following if present:

1. O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"> Starts Dell's remote support program.
File Location: C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
2. C:\WINDOWS\system32\RioMSC.exe> Rio Music Manager and is used to organize and copy files onto the Rio MP3 player.
3. C:\WINDOWS\system32\fxssvc.exe> Microsoft Fax Service>Turn off automatic reception>Set the Startup type of the Fax Service to Manual.
4. C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE> EPSON Status Monitor 3 Environ> Application Launcher, Microsoft Office Application Not Required at Startup.
Comments: EPSON Status Monitor 3 is a utility program that monitors your printer and gives you information about its current status, including the amount of remaining toner.
5. O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"> Logitech MediaLife Resident Program> a user invoked program which unites digital pictures, video clips, and music playlists in a single interface.

6/7. You're loading the following for PDA sync. IF you do not need this to run all of the time, UNCHECK on Startup, launch as needed:
C:\Program Files\Microsoft ActiveSync\wcescomm.exe> H/PC Connection Agent> Active sync for use with Windows CE based palm PC
C:\PROGRA~1\MI3AA1~1\rapimgr.exe> ActiveSync RAPI Manager> Allow you to synchronise Windows Mobile PDA's.> very high resource user.
When through> click on Apply

NOTE: the processes might be listed on Startup slightly different. Expand the Command column if you need more information on a process. Hold left mouse button down on the line dividing the Command and Location columns and move to the right.

You will need to change the startup type for the following Service:
start> Run> services.msc> right click Rio MSC Manager> Properties> Change Startup to Manual

Reboot the computer into Normal Mode>>.
NOTE: you will get a nag message that you can ignore and close after checking 'don't show this message again'. Stay in Selective Startup.

Update Adobe:
Your Adobe Reader is out of date. Vulnerabilities can be exploited. Click here to download the latest version v9: https://www.techspot.com/downloads/2083-adobe-reader-dc.html
OR
Install the FoxIt Reader: this does the same thing as Adobe, but doesn’t have the bloat: http://www.foxitsoftware.com/pdf/rd_intro.php
Remove any earlier Adobe Reader entries in Add/Remove Programs in the Control Panel.

Run HijackThis again and attach log. There is more to remove- I just don't want to overload the system with too many changes at once.

EDIT: It takes me a while to set these long replies up and I see two more replies since I began. Please remove the Symantec entries using the removal tool.
 
Thank you Bobbye.

I will continue with this process this evening and post HJT log tonight. I will also be removing Rio MSC Manager and ActiveSync altogether (these are unneeded programs).

Also, would I be better off installing the Avira Antivirus and disabling the OneCare's virus protection component (Kimsland's suggestion)? One step further: If not using OneCare's virus protection, do I need all that just for it's firewall and backup?

Feel free to let me know that you don't have time for these questions. Your help on my current malware is certainly more than I expected and I completely understand if you don't have time to personally design a protection system for my computer.

-Art
 
Also, would I be better off installing the Avira Antivirus and disabling the OneCare's virus protection component (Kimsland's suggestion)? One step further: If not using OneCare's virus protection, do I need all that just for it's firewall and backup?
I don't advise using parts of a 'suite'. I am big on stand-alone programs so I can get only what I want and need. So either remove the entire program and install stand-alones,or use it all. Freebies below that we frequently recommend:

Sounds like you're getting the idea! We're streamlining your system- only starting up with the processes you need and uninstalling whatever you don't need or use any more. If you think you were faster after the first removals, wait until you stop all the unnecessary startup!

When we get this done, I'll have you run the cleaning scans again to make sure malware is gone. Don't use System Restore in the meantime or you will reinfect the system.
 
Hi Bobbye-

When I started in safe mode I initially logged in under "administrator". When doing so i was able to enter the startup tab and uncheck items 1 & 5 from your list above, finding none of the other entries. However, when I started in normal mode logging in under "Arthur" I did a quick check of the startup tab (just to see what had been adjusted) and I found two more items to uncheck from the list: item 4 and 6/7 (wcescomm). I was not able to locate anything for items 2 & 3. And I suppose it would be appropriate to mention that there is another username which you can use to log into this machine named "Meghan". I have not logged in under her username and done a check on the startup tab.

In addition to all of this I went through my add/delete tool and deleted several programs that I no longer need or use including the Rio software. I was not able to locate a program for the ActiveSync in the add/delete list.

Here are my logs, thanks again in advance for your review...

Also, I had my firewall block another program that I didn't recognize: sgc15.exe. This is in addition to jushed.exe that I had firewall block.

-Art
 
Good job Art!

But you're using the firewall the wrong way to block:
Regarding sgc15.exe:
When I download Reader 8.0 there is a message from McAfee that there is a trojan horse SGC15.exe with is blocked by McAfee.
t may be a false report, this happens all the time with anti-virus.
So long as people report this sort of thing to the anti-virus maker it
is usually sorted out quickly. Start by updating the Mcafee stuff.
This was seen at least six months ago, so it should be sorted by now.

If that doesn't help, double check that you are on the real Adobe
site, not an impostor trying to deliver bad software (this can
happen). Go to http://www.adobe.com/acrobat/readstep.html to download.
Source: Adobe Forums

Regarding jushed:
This is the Java updater. It put itself on automatic anytime you do anything like installing/uninstalling or updating Java. The way to stop it is:
Control Panel> Java> Update tab>
UNCHECK 'check automatically check for Java updates'> when asked to confirm check YES> click on Apply> OK.
Neither of these are examples of what you would use a firewall to block.

HijackThis log looks good. The following use your resources unnecessarily so if wanted, you can do the HijackThis System Scan and check the for removal:
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(There is usually a JavaQuickStart Service for this that can be disabled, but I don't see it on the log)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u>> does not need to startup and run in the background.

I still see four Symantec processes:
Is there any reason why you have Symantec tech support product messages starting up and running in the background?
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exesymantec.com/techsupp/servlet/ProductMessages?> followed by multiple groups of number strings.
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab>> "Norton Internet Security Registry and File Information", there isn't documentation on what it does but it looks like it's used to collect user's computer information in order to perform the scans.
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab>> Symantec AutoFix Support Tool

Regarding the Symantec processes above and the 016 entries below, I recommend you locate them all in IE> Tools> Add-ons> and disable.

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab>> does not n4need to startup and run in the background.
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab> DjVu Image Viewer Plug-in
Close all Windows except HijackThis> click on Fix Checked.

You have come a long way and done a great job! I don't see any evidence of malware> If the original problems have been resolved and the system is running well, we can remove the cleaning tools and old restore points. Give me a confirmation first on how you're running.
 
Thanks once again Bobbye. I didn't get your message until this morning and will continue with your above suggestions this evening and will update on my progress and give you my confirmation on my system's status.

By the way, your help (and the willingness of others to help) has done great things for my computer. Is this site funded entirely through advertisements or is there some way I can repay through making a donation in support of all of your and techspot's efforts?

-Art
 
The forum is non-profit, there is no Donate area as well
All support helpers work tirelessly here for free, including myself (I thought maybe a xmas bonus laptop or something - but nothing :( )
Our only thanks is your and other members thanks in your words on the forum, and the computer technical issue being solved
Please note, it is also against forums rules to even ask for payment of service, so it's a double whammy :D :/
 
Thank you Art, for your Thanks. That is all we ask for. We're all volunteers here and enjoy what we do. Out 'reward' is when we help handle and fix a problem or answer a question, and the person who asked comes back and says "Thanks."

One reason that we discourage people who have computer companies of their own and who may ask that you send them a Private Message and then handle the problem away from the main board is to keep anyone from asking for payment for what the rest of us do for free.

You said Thank You in a very nice way and it is most appreciated.
 
Hi Bobbye,

Here's my HJT log. I'm still not sure why Symantec is running on my computer. I assure you that I've used the removal tool found earlier in this thread but it seems as though there are still some remnants of this beast. I searched c: and I've found a number of items belonging to symantec. 28 folders were found in doc&settings/appdata, 1 each in /mydocuments, \program files\common files, and \windows\syystem32\config\systemprofile\appdata.

Other than the quirky Symantec issue my computer seems to run fantastic. I cannot say it enough: Thank you!

Also, so that there is absolutely no confusion to anyone reading this board: I have in no way, and under no circumstances, been solicited for anything in return for the great help that I have recieved through this forum by anyone. I am simply thankful for the help I have recieved and wished to give back something if possible. Great site.
 
Art, please don't be concerned about you comment asking about a contribution. I think the words of kimsland was a bit harsh and it was only meant to be a statement of fact- not a criticism of you.

FYI, there is one computer help board that DOES charge users to get the answer. It's not a 'donation'- it's a charge. They show problems and links in Google, but when you get there, you can only read the question. It costs $50 for 6 months and $100 for a year! Those of us who volunteer to help find that very offensive.

In the HijackThis log, I would check the following from a System Scan to remove:
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
Close all Windows except HijackThis> Click on Fix Checked> close when through

The Active X entries (016) aren't malware, but you might want to consider disabling some of them. They can be security risks. To do that:
Open IE> Tools> Manage Add-on> find the add-on (examples only: StagingUI Object, Facebook Photo Uploader 5 Control, MSN Games – Buddy Invite)> click to highlight> Disable> Apply> OK.

NOTE: This does not mean you can't use these features. It just means that won't automatically load on boot and run in the background. Active X can also be a security threat so the fewer, the better.

If you still have pesky files that you can't delete such as the Symantec 'left-overs', the Windows Installer Clean Up Utility works well. It's a small download you save to the desktop then run, have it remove those files. http://support.microsoft.com/default.aspx?scid=kb;en-us;290301

You have done a lot of good work. Your system should be a pleasure to use now and a lot speedier. Have we resolved all of your questions? Are there any more problem? If that comes through as a Yes and a No, we can remove the cleaning tools and old restore points.

Let me know and I'll set that up for you.
 
Status
Not open for further replies.
Back