Mbam found and removed (Rootkit.Agent) We may need to run another program for this. We'll see.
Have SuperAntispyware
remove the Tracking Cookies.
These two add-ons work together to prevent the Tracking Cookies form getting on the system.
Open Firefox> Tools> Options> Privacy section> UNCHECK 'accept all Cookies'> CHECK 'accept Cookies from Sites'.
Disable Real Time protection before running HijackThis again:
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
Update Java to v6u10 here:
http://java.com/en/download/manual.jsp
Update Adobe to v9 here:
https://www.techspot.com/downloads/2083-adobe-reader-dc.html
Please re-open HiJackThis and scan.
*Check* the boxes next to all the entries listed below:
C:\Program Files\Viewpoint\Common\ViewpointService.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe>> The poker games are known to put adware on your computer.
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Now close all windows other than HiJackThis, then click
Fix Checked. Close HiJackThis and reboot into Safe Mode:
Start> Run> type in ''msconfig' without the quotes> Selective Start-up> Startup tab> UNCHECK everything EXCEPT the antivirus an firewall processes> Apply> OK. This included the Dell Printer. This does not need to start at boot- you an start it manually when needed.
Go to Add/Remove program in Control Panel and uninstall anything to do with(if there).
Bodog Poker
All versions of JAVA except v6u10
All versions of Adobe Reader Except v9
Viewpoint Manager
Open your Task Manager> End Task for BPGame.exe
Start> Run> services.msc> right click> Properties on each of the following and change the Startup type to
Disabled:
ALL TrendoMicro
Real Time Service
Java QuickStart
Change and Dell Services for printer to Manual[/B]
Now close all windows other than HiJackThis, then click
Fix Checked. Close HiJackThis and reboot.
Scan with HijackThis again-with all Real Time protection temporarily disabled. See the following for more information:
Temporarily Disable Real Time Monitoring Programs:
http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs