Tidserv virus - redirecting webpages

Solved
By lizmcreations
Apr 8, 2010
Topic Status:
Not open for further replies.
  1. lizmcreations

    lizmcreations Newcomer, in training Topic Starter Posts: 60

    ok, sorry it took me so long to finish all this ... but here is the final hijackthis log!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:09:33 PM, on 4/17/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    C:\Program Files\IOGEAR\MFP Server Control Center\Control Center.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring(1004).Resources\ko.lproj\quicktimequicktimeresources.exe
    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring(1004).Resources\ko.lproj\quicktimequicktimeresources.exe
    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring(1004).Resources\ko.lproj\quicktimequicktimeresources.exe
    C:\Program Files\Adobe\Adobe Dreamweaver CS3\configuration\Flash Objects\Flash Text\templatetext.exe
    C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Required\PatternsDefault.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\eFax Messenger 4.4\J2GTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\TimeLeft3\TimeLeft.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ÿþ127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: VMN Toolbar - {078fed71-52f2-4a49-a0ab-6453e2ca72ba} - C:\Program Files\vmndtx\vmndx.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\IPSBHO.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Security Helper {D63F58E9-B8BB-4DBA-B2A0-44F72C2A61BD} - {D63F58E9-B8BB-4DBA-B2A0-44F72C2A61BD} - C:\Program Files\vmndtx\auxi\vmndAu.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: VMN Toolbar - {078fed71-52f2-4a49-a0ab-6453e2ca72ba} - C:\Program Files\vmndtx\vmndx.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\IOGEAR\MFP Server Control Center\Control Center.exe -mini
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [VisualJavaTM] c:\program files\java\jre6\bin\new_plugin\toolkitjavatm.exe
    O4 - HKLM\..\Run: [ToolkitJava] C:\Program Files\Java\jre6\bin\new_plugin\ToolkitJavaTM.exe
    O4 - HKLM\..\Run: [svchost] c:\windows\temp\lqcc.tmp\svchost.exe
    O4 - HKLM\..\Run: [QuickTimeResourcesQuickTime] c:\program files\quicktime\qtsystem\quicktimeauthoring(1004).resources\ko.lproj\quicktimequicktimeresources.exe
    O4 - HKLM\..\Run: [tipresxOperativni] c:\program files\common files\microsoft shared\ink\sr-latn-cs\tipresxtipresx.exe
    O4 - HKLM\..\Run: [QuickTimeResourcesQuickTime7.6.6] c:\program files\quicktime\qtsystem\quicktimeauthoring(1004).resources\ko.lproj\quicktimequicktimeresources.exe
    O4 - HKLM\..\Run: [QuickTimeQuickTimeResources] C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring(1004).Resources\ko.lproj\quicktimequicktimeresources.exe
    O4 - HKLM\..\Run: [templatetext] c:\program files\adobe\adobe dreamweaver cs3\configuration\flash objects\flash text\templatetext.exe
    O4 - HKLM\..\Run: [PatternsDefault22302] c:\program files\adobe\adobe illustrator cs3\support files\contents\windows\required\patternsdefault.exe
    O4 - HKLM\..\RunServices: [EuropeGeneral] c:\program files\common files\adobe\color\settings\extrasettings\generaleurope3229.exe
    O4 - HKLM\..\RunServices: [DataASubformSet110238] c:\program files\adobe\acrobat 8.0\designer 8.0\en\samples\subformset\outputs\subformset1dataa12731.exe
    O4 - HKLM\..\RunServices: [tipresxOperativni] c:\program files\common files\microsoft shared\ink\sr-latn-cs\tipresxtipresx.exe
    O4 - HKLM\..\RunServices: [npjp2npdeploytk] C:\Program Files\Java\jre6\bin\new_plugin\ToolkitJavaTM.exe
    O4 - HKLM\..\RunServices: [svchost] c:\windows\temp\lqcc.tmp\svchost.exe
    O4 - HKLM\..\RunServices: [QuickTimeResourcesQuickTime] c:\program files\quicktime\qtsystem\quicktimeauthoring(1004).resources\ko.lproj\quicktimequicktimeresources.exe
    O4 - HKLM\..\RunServices: [tipresxWindows] c:\program files\common files\microsoft shared\ink\sr-latn-cs\tipresxtipresx.exe
    O4 - HKLM\..\RunServices: [QuickTimeQuickTimeResources] C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring(1004).Resources\ko.lproj\quicktimequicktimeresources.exe
    O4 - HKLM\..\RunServices: [msgfiltOffice2008.1108.6414.1000] c:\program files\common files\microsoft shared\filters\systemmsgfilt.exe
    O4 - HKLM\..\RunServices: [ssPluginSCMRDS] c:\program files\adobe\adobe dreamweaver cs3\configuration\sourcecontrol\scmrdslink1.0.1.1.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [cdloader] "C:\Users\Liz\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [3w8ko5uwvtb4] C:\Windows\temp\m.2678C.tmp.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [3w8ko5uwvtb4] C:\Windows\temp\m.2678C.tmp.exe (User 'Default user')
    O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
    O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - C:\Users\Liz\AppData\Local\Temp\9B73.tmp
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: McAfee Application Installer Cleanup (0150581269993434) (0150581269993434mcinstcleanup) - Unknown owner - C:\Windows\TEMP\015058~1.EXE (file missing)
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Micro Niche Finder Background Download Service - Unknown owner - C:\Program Files\Micro Niche Finder\srvany.exe
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

    --
    End of file - 15439 bytes

    Have a great weekend and thanks again for all your help!

    Liz
  2. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Disable Windows Defender, as it'll interfere with cleaning process:
    - Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
    - Click Tools
    then...

    ++ Windows XP:
    - Click General Settings
    - Scroll down to Real Time Protection Options
    - Uncheck Turn on Real Time Protection
    - After you uncheck this, click on the Save button
    - Close Windows Defender

    ++ Windows Vista:
    - Click Options
    - Under Administrator options, clear the Use Windows Defender check box, and then click Save.

    Enable Windows Defender, when all cleaning is done.

    ========================================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    O4 - HKLM\..\Run: [svchost] c:\windows\temp\lqcc.tmp\svchost.exe
    O4 - HKLM\..\RunServices: [svchost] c:\windows\temp\lqcc.tmp\svchost.exe
    O4 - HKUS\S-1-5-18\..\Run: [3w8ko5uwvtb4] C:\Windows\temp\m.2678C.tmp.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [3w8ko5uwvtb4] C:\Windows\temp\m.2678C.tmp.exe (User 'Default user')



    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [unless you have paid version]
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [unless you have paid version]



    5. Click on Fix checked button.

    6. Go Start>Run (Vista users - "Start search"), type in:
    cmd
    Click OK (Vista users - hold CTRL, and SHIFT keys, press Enter).

    Command Prompt window will open.
    Type in:
    sc stop "McAfee Application Installer Cleanup"
    Press Enter.
    Wait for the service to be stopped.

    Type in:
    sc delete "McAfee Application Installer Cleanup"
    Press Enter.
    Wait for confirmation.

    If for some reason, "McAfee Application Installer Cleanup" name doesn't work, try to replace it with 0150581269993434 (no quotes), or 0150581269993434mcinstcleanup (no quotes)

    7. Restart computer.

    8. Post new HijackThis log.
  3. lizmcreations

    lizmcreations Newcomer, in training Topic Starter Posts: 60

    ugh, ok, I can't get rid of the mcafee uninstaller ... I had mcafee from Comcast, then they changed the anti-virus software that they are offering to Norton ... I used the Mcafee uninstaller to uninstall macafee (versus using control panel uninstall because I have had issues with the control panel uninstall not fully uninstalling mcafee before).

    I tried the three options you gave and they all said that it wasn't found or something of that nature (I forget exactly what it said sorry).

    Also, this may be completely unrelated - but I cannot get Windows Media Player to work anymore. It keeps giving me an error trying to say that my sound device doesn't have the right drivers, but I've checked the driver updates and also the sound device is working because I can listen to streaming audio or anything else.

    Liz
  4. lizmcreations

    lizmcreations Newcomer, in training Topic Starter Posts: 60

    here is the newest HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:35:53 PM, on 4/19/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    C:\Program Files\IOGEAR\MFP Server Control Center\Control Center.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\eFax Messenger 4.4\J2GTray.exe
    C:\Program Files\TimeLeft3\TimeLeft.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Users\Liz\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ÿþ127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: VMN Toolbar - {078fed71-52f2-4a49-a0ab-6453e2ca72ba} - C:\Program Files\vmndtx\vmndx.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\IPSBHO.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Security Helper {D63F58E9-B8BB-4DBA-B2A0-44F72C2A61BD} - {D63F58E9-B8BB-4DBA-B2A0-44F72C2A61BD} - C:\Program Files\vmndtx\auxi\vmndAu.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: VMN Toolbar - {078fed71-52f2-4a49-a0ab-6453e2ca72ba} - C:\Program Files\vmndtx\vmndx.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\IOGEAR\MFP Server Control Center\Control Center.exe -mini
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [VisualJavaTM] c:\program files\java\jre6\bin\new_plugin\toolkitjavatm.exe
    O4 - HKLM\..\Run: [tipresxOperativni] c:\program files\common files\microsoft shared\ink\sr-latn-cs\tipresxtipresx.exe
    O4 - HKLM\..\Run: [svchost] c:\windows\temp\lqcc.tmp\svchost.exe
    O4 - HKLM\..\RunServices: [EuropeGeneral] c:\program files\common files\adobe\color\settings\extrasettings\generaleurope3229.exe
    O4 - HKLM\..\RunServices: [DataASubformSet110238] c:\program files\adobe\acrobat 8.0\designer 8.0\en\samples\subformset\outputs\subformset1dataa12731.exe
    O4 - HKLM\..\RunServices: [tipresxOperativni] c:\program files\common files\microsoft shared\ink\sr-latn-cs\tipresxtipresx.exe
    O4 - HKLM\..\RunServices: [npjp2npdeploytk] C:\Program Files\Java\jre6\bin\new_plugin\ToolkitJavaTM.exe
    O4 - HKLM\..\RunServices: [tipresxWindows] c:\program files\common files\microsoft shared\ink\sr-latn-cs\tipresxtipresx.exe
    O4 - HKLM\..\RunServices: [svchost] c:\windows\temp\lqcc.tmp\svchost.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [cdloader] "C:\Users\Liz\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunServices: [DefaultPatterns] C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Required\PatternsDefault.exe
    O4 - HKCU\..\RunServices: [texttemplate] c:\program files\adobe\adobe dreamweaver cs3\configuration\flash objects\flash text\templatetext.exe
    O4 - HKCU\..\RunServices: [QuickTimeQuickTimeResources7.6.6] c:\program files\quicktime\qtsystem\quicktimeauthoring(1004).resources\ko.lproj\quicktimequicktimeresources.exe
    O4 - HKCU\..\RunServices: [OpenerAdobe25740] c:\program files\adobe\adobe bridge cs3\resources\el\preferencesadobe27791.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
    O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - C:\Users\Liz\AppData\Local\Temp\9B73.tmp
    O23 - Service: McAfee Application Installer Cleanup (0150581269993434) (0150581269993434mcinstcleanup) - Unknown owner - C:\Windows\TEMP\015058~1.EXE (file missing)
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Micro Niche Finder Background Download Service - Unknown owner - C:\Program Files\Micro Niche Finder\srvany.exe
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

    --
    End of file - 12655 bytes
  5. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    As for WMP, you'll have to start new topic in appropriate forum.

    As for McAfee...

    Download OTL to your Desktop.
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      SRV - File not found [Auto | Stopped] --  -- (0150581269993434mcinstcleanup) McAfee Application Installer Cleanup (0150581269993434)
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  6. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Are you still there?
  7. lizmcreations

    lizmcreations Newcomer, in training Topic Starter Posts: 60

    yes, sorry ... have been having to play catch up a little bit from before when my computer wasn't 100% working :) ...

    ran the fix earlier and am going to do the quick scan shortly ...

    Liz
  8. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    OK.........
  9. lizmcreations

    lizmcreations Newcomer, in training Topic Starter Posts: 60

    ok, attached is the log from the fix and then the quick scan ...

    Liz

    Attached Files:

  10. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    My bad. I put it into wrong OTL section.
    Let's try again...

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] --  -- (0150581269993434mcinstcleanup) McAfee Application Installer Cleanup (0150581269993434)
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  11. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Are you still out there?
     
  12. lizmcreations

    lizmcreations Newcomer, in training Topic Starter Posts: 60

    Results of "run fix" scan:

    All processes killed
    ========== OTL ==========
    Error: No service named 0150581269993434mcinstcleanup) McAfee Application Installer Cleanup (0150581269993434 was found to stop!
    Service\Driver key 0150581269993434mcinstcleanup) McAfee Application Installer Cleanup (0150581269993434 not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Liz
    ->Temp folder emptied: 18475802 bytes
    ->Temporary Internet Files folder emptied: 20461201 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 38100949 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 44158 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 12489 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 59742800 bytes

    Total Files Cleaned = 130.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.1.3 log created on 04272010_084251

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\WebEx\Log\427\atashost.log scheduled to be moved on reboot.
    C:\Windows\temp\00002V4P0004.CDX moved successfully.
    C:\Windows\temp\00002V4P0005.CDX moved successfully.
    C:\Windows\temp\00002V4P0006.CDX moved successfully.

    Registry entries deleted on Reboot...


    Ok, "quick scan" log attached.

    Liz

    Attached Files:

    • OTL.Txt
      File size:
      96.6 KB
      Views:
      1
  13. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    I don't understand this...
    It's not a big deal, but I hate, when something refuses to go.
    Can you try to check the issue manually?

    Go Start and in "Start search" type in:
    services.msc
    Press Enter.

    Services window will open.
    Look for anything similar to:
    (0150581269993434mcinstcleanup) McAfee Application Installer Cleanup (0150581269993434)
    If you find it, stop the service, then right click on it, click "Properties" and under "Startup type", select "Disable" from drop-down menu.
  14. lizmcreations

    lizmcreations Newcomer, in training Topic Starter Posts: 60

    OK, I did find it -- but it wasn't running so no need to stop it, but I did "Disable" the startup type.

    Liz
  15. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Guess what?
    I'm really glad to say officially...


    Your computer is clean [​IMG]

    1. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
  16. lizmcreations

    lizmcreations Newcomer, in training Topic Starter Posts: 60

    yay!!! :) :grinthumb

    thank you very much! I really appreciate your time and assistance!

    Liz
  17. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    You're very welcome :)
    Don't forget to run those last steps.
    I'll be very happy to mark this thread as resolved :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.