May not be malware, but just checking

View previous topic View next topic Go down

May not be malware, but just checking

Post by fairydraik on 22nd December 2009, 10:58 pm

My computer's CD drive hasn't been working for no reason whatsoever - my mom checked the BIOS over and over and tried deleting it and reinstallingit, but nothing. She thinks it's disconneccted somewhere inside, but it's not just the CD, but the DVD,t oo. Also, my computer has been running rather slowly, although I think it's because it's getting full Goofy

I'm sorry if I'm wasting your time, but, I would like to make sure, since I got rid of a Personal Guard infction using your site back in October and I really, REALLY don't want to go through that again.

Here's the HiJack This! Please tell me if I'm just being a bother...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:50 PM, on 12/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Miranda Rian\Desktop\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8347 bytes

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by Belahzur on 22nd December 2009, 11:11 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


  • Press "Fix Checked"
  • Close Hijack This.

Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

I recommend you remove the Java Quick Starter because it's not needed.
To do so, follow these instructions.

Go to Start > Control Panel > Java.
In the Java control panel, open the click the Advanced tab. Click the + in front of Miscellaneous and uncheck the Java Quick Starter box.

See [You must be registered and logged in to see this link.] for more info.

Reboot normally.
How is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 22nd December 2009, 11:12 pm

...Holy crap. I have a lotta crap slowing down my computer! I'll follow your instructions right now, I have to go make pasta salad for my class party anyway, LOL.

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 22nd December 2009, 11:20 pm

...the ATF Cleaner seems to be taking a long time for the Windows files.. is this normal? Or does it just mean that there's too much crap on here?

EDIT: Woops! SPoke too soon, it just went Goofy Anyway, what are all those things you had me stop ith HJT? Just extra stuff I didn't need? I noticed Dell Support and some Java stuff, but, what about the other things?

EDIT2: Just rebooted, and turns out my computer is running quite a bit faster now! Thanks, Belahzur, that's two I owe ya!

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by Belahzur on 22nd December 2009, 11:34 pm

Yeah, just stuff that's not needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 23rd December 2009, 1:35 am

Yeah... my disc drive still doesn't work, but that's probably a hardware malfunction Goofy

Anyway, I'll (hopefully) not have to see you again anytime soon, unless you're one of the teachers in GeekPolice Acadamy, in which case you might be seeing me this summer... haven't decided if I'm going to do that this sumer or next.

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by Belahzur on 23rd December 2009, 1:37 am

Yeah, I'm one of them. Smile Upto you though if you want to try it, if not, cya around. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 23rd December 2009, 1:48 am

I do want to try it! I just don't have much free tiem... well, that's not true, it's just, I'm going through high school... I want someone to tell me whether or not to go for it!

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 23rd December 2009, 2:30 am

ACK! One thing - would anything you had me do mess with the images in Firefox? Because all of a sudden I'm getting a lotta broken images.

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by Belahzur on 23rd December 2009, 7:15 pm

ATF-Cleaner would have removed whatever was stored in the cache, but the images should start to be re-cached again. Is that not happening?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 23rd December 2009, 8:53 pm

Let me check - have to go onto a forum and look....

Nope. Still can't see most avatars and signatures on my proboards forum. Which is rather annoying, as people change their images all the time... oh, and I make them for others, too.

Is there something wrong with my internet? Please don't tell me I actually wasn't being paranoid...

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by Belahzur on 23rd December 2009, 8:56 pm

I doubt that, I've seen this happen before, fixed it by uninstalling, then re-installing Firefox.

While were at it, lets check what version of Firefox you have.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 23rd December 2009, 9:12 pm

7-Zip 4.57
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Adventure Tools
Apple Software Update
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
AVG Free 8.5
Banctec Service Agreement
Best Buy Digital Music Store
Character Builder
Clouded Horizons Character Creation Utility
Compatibility Pack for the 2007 Office system
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
D&D Character Generator Demo
Dell Driver Reset Tool
Dell Media Experience
Dell Support Center (Support Software)
DellSupport
Diamond Mine Deluxe 1.81y
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dungeon Siege
Easy-WebPrint
Hellfire
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6

Here it is... I see I have some old Java versions, should I get rid of those while I'm at it?

And thanks again for dealing with me, I know I'm probably known as an annoyance around here... Goofy

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by Belahzur on 23rd December 2009, 9:20 pm

Was expecting a bit more to that log, did you copy and paste all of it?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 23rd December 2009, 9:23 pm

Yeah - my mom goes and takes outunnecessary stuff every so often because she's a computer expert. I think it's only showing for my profile, too? I think I got it all. Let me try again.

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 23rd December 2009, 9:24 pm

Nope, it was NOT all! I only got part of it, forgot to scroll down - silly Miri~! *sigh* it's been a loooong couple weeks what with teachers trying to cram everything in before break... here's the FULL list!

Oh, and, um, one thing - I do run uTorrent, but I rarely use it straight from the internet - instead, mostly I use it to run files my friends send me, and know are trustworthy. I'm really sory,b ut, I don't want to remove it - please don't refuse to help me in the future... not that I want to have to get your help in the future!

7-Zip 4.57
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Adventure Tools
Apple Software Update
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
AVG Free 8.5
Banctec Service Agreement
Best Buy Digital Music Store
Character Builder
Clouded Horizons Character Creation Utility
Compatibility Pack for the 2007 Office system
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
D&D Character Generator Demo
Dell Driver Reset Tool
Dell Media Experience
Dell Support Center (Support Software)
DellSupport
Diamond Mine Deluxe 1.81y
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dungeon Siege
Easy-WebPrint
Hellfire
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Macromedia Flash Player
Malwarebytes' Anti-Malware
Matroska Pack - Lazy Man's MKV 0.9.9
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office Word Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft WinUsb 1.0
Microsoft XNA Framework Redistributable 2.0
Mozilla Firefox (3.5.6)
MSVCRT
MSXML 4.0
MSXML 4.0
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
NVIDIA PhysX v8.09.04
Police Quest Collection
PowerDVD 5.3
Project64 1.6
RadLight Ogg Media DirectShow filter (remove only)
Rhapsody
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Sierra Utilities
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live! 24-bit
Space Quest Collection
Spyware Doctor 6.1
StepMania (remove only)
Tetris Worlds
The Sims™ 2 Deluxe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
XP Codec Pack
Yahoo! Messenger

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by Belahzur on 23rd December 2009, 9:32 pm

Don't worry about uTorrent. It's an optional removal evne though we highly recommend, but if you know what your doing and are very careful, you should be okay.

Lets update some old software too.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    7-Zip 4.57
    Adobe Reader 8.1.2
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 15
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) SE Runtime Environment 6 Update 1
    Mozilla Firefox (3.5.6)

Lets see if we can fix the image issue.

Please download and re-install [You must be registered and logged in to see this link.]

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the second option where it says "This special release provides a few key fixes.".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u17-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.]

Let me know how the machine is after this. You should have a bit more HDD space too, now the old Java is gone.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 23rd December 2009, 9:35 pm

Alright. I'm going to head off to my IE window now so that I can get rid of Firefox and be okay with the rest ^^;;;

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 23rd December 2009, 9:56 pm

*sigh* Add-Remove takes SOOOO long to populate, I have wayyyy too much junk on here. Oh well, gives me room to install Diablo II once my CD drive gets working again Goofy

The reason I asked about uTorrent is because I remember reading the "read this first" and Doctor Inferno said that if you refuse to uninstall P2P programs, you guys could refuse to help that person... I'm glad that's not true... ^^;;;;;;

Everything is gone now, but some of it wants a restart, so I wanted to ask - should I remove the old versions of my .NET framework, or leave them? Also, I have no clue what "Easy-Webprint" is, so should I get rid of that too? I noticed you had me kill it with HiJack This...

UPDATE! Firefox is now back! Going to install the other thigns now~!

Update 2: Got everything,b ut, it put Java QuickStart back on my computer, and something called "Acrobat_com", which is some kind of web thing. How do I get rid of them? Thanks for helping, I have soooooo much space on my compuer now!

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by Belahzur on 23rd December 2009, 11:32 pm

Hello.

I recommend you remove the Java Quick Starter because it's not needed.
To do so, follow these instructions.

Go to Start > Control Panel > Java.
In the Java control panel, open the click the Advanced tab. Click the + in front of Miscellaneous and uncheck the Java Quick Starter box.

See [You must be registered and logged in to see this link.] for more info.

The Acrobat thing is probably in the startup area, go into Hijack This again and post a new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 23rd December 2009, 11:51 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:30 PM, on 12/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Miranda Rian\Desktop\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6234 bytes

There we go! Thanks again ^^

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by Belahzur on 23rd December 2009, 11:52 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

There, that should have solved it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 23rd December 2009, 11:57 pm

Holy crap! What's the nProtect doing there? I haven't had Trickster (the MMO that used that) installe din FOREVER because I lost my password and it was taking up space so I just deleted the file...

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 24th December 2009, 12:00 am

There we go. I think Acrobat_com is still in there though, I might have to go uninstall it.

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 24th December 2009, 2:46 pm

.....sadly, reinstalling Firefox only worked halfway to restoring pictures. It brought back MOST of the avatars oon the Proboards forum, and let's me see posted pictures again, but ten percent of the avs and all of the sigs, except for one, still show as broken or missing. *headdesk*

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by Belahzur on 24th December 2009, 5:25 pm

Clear Firefox again, but this time, use the internal option for clearing it.

Tools menu > Clear recent history.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 24th December 2009, 11:36 pm

alright, will do! In the meantime, using IE

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by Belahzur on 25th December 2009, 2:05 am

Okay.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: May not be malware, but just checking

Post by fairydraik on 25th December 2009, 10:53 pm

Alright, have done and I hope it works... IE seems to being a bit b**** about images on the forum, and several of my friends are reporting similar problems, so I'm beginning to wonder if it's a problem with Proboards and not my computer. Thank you for all you've done and a Merry Christmas to you!

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27826
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum