InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Problems with pop ups--Hijack this posted last entry of thread? |
|
Answer» To answer all questions, everything is fine. We will take care of the IMGRogue-WiniFighter_Small[1].gif. before we are done. S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-11 74480] S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328] S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-29 c:\windows\Tasks\User_Feed_Synchronization-{34BB2544-E314-4CD1-A261-BD1AA15CAABB}.job - c:\windows\system32\msfeedssync.exe [2009-07-30 20:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.comcast.net/a/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: comcast.net\www FF - ProfilePath - c:\users\Susan M\AppData\Roaming\Mozilla\Firefox\Profiles\wlpwrnl4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/a/ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-28 23:52 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected]?? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\System32\drivers\XAudio.exe c:\windows\System32\WUDFHost.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\System32\rundll32.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\windows\System32\wbem\WMIADAP.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2009-08-29 23:58 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-29 03:58 ComboFix2.txt 2009-08-29 00:03 Pre-Run: 236,156,841,984 bytes free Post-Run: 235,897,585,664 bytes free 247 --- E O F --- 2009-08-28 12:30 npersn31Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /u in the runbox * Make sure there's a space between Combofix and /u * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- Use the Kaspersky Lab Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. If needed, this animation will guide you through the process.I am concerned about what should be on and when as I am afraid stuff will interfer with other stuff, including stuff that appears in the tray, stuff that appears to the right of the Windows 'pearl'(Belarc icon, computer icon, internet explorer icon,Office Note 2007icon,Display Desktop icon,Firefox icon, Windows Media icon,Switch between windows icon,Spybot Search and Destroy icon [Tea timer icon not currently in system tray.]). In system tray upon start up/restart are Dell Support Center,Google Desktop[Desktop currently has both Google gadget icon and Google side bar],the button with options to add google gadgets(hides/shows sidebar),Dell Data Online,Avast, Avast Virus Recovery Database Generator icon,network icon,Realtek HD Audio Manager icon, and Safely remove hardware icon. What do I need to do about these? And now for the major questions: Questions to be answered before I run this: 1) I know where to find Tools on Internet Explorer favorites bar and from there Internet options and on General tab under Browsing History find Delete. I find :preserve favorites website data; temporary internet files;cookies;history;form data;passwords;InPrivate filtering data. Under this there is a delete button and a cancel button. I think that the Disk Cleanup used to have a regularly scheduled time, but when I had McAfee I got rid of that and McAfee's default cleaning as it was messing with D: where shadow copies are causing unauthorized access message in Event Viewer. How do I delete temporary internet files and temporary files? 2)What must be off when I run this Combo /u? I have turned on everything back on/or options to have in tray when run (SuperAntiSpyware Free) in order to go onto the internet. Does the firewall need to be off? And when I go back on to run TFC by OldTimer what do I do? Do I turn stuff off for the online download, and then, while modem is on standby, turn everything off? Then run TFC.exe? 3)What about that start up magnifier, the Dell Support Center in the tray, and the google gadget button with the google sidebar(on right side of screen)? Also,Dell Data online is in the tray upon start up? Will these interfer with anything? 4)After TfC.exe run: turn Windows firewall on with everything else off to do Kaspersky run? 5)Will Kaspersky let me choose settings before it starts scan? I looked at your automation for Kaspersky and noticed that you need to run Internet Explorer as administrator and I have no such option. What do I do about this? 6)What about dds.scr which is still on my desktop? 7)What about the C:\Program Files\Trend Micro\sniper.exe? The sniper shortcut on desk top and the downloaded sniper2.exe? I had problems with the renaming.... 8)Any special instructions for Spyware Blaster and SpyBot Search and Destroy? Tea time is still off --- I assume so since I have not gone back to Advanced Mode to turn it on. 9)I don't know if you need to know about PEB Corruption error that showed up in Problem reports in Windows vista(date of entry August 28). Do you? Sorry for the list of concerns and questions but I don't want to mess up. I think the last thing we tried had to do with siv, a program that I uninstalled long ago and tried to get it out of the registry without success. Also a long time ago a computer repair person put a marker in the registry--I think--so someone who knew what they were doing would find it.Did you read my list of questionable programs in an earlier post in this thread? Trying to make sure all the bases get covered! Thanks so much for the help thus far. npersn31 Quote How do I delete temporary internet files and temporary files? You will be doing that by running TFC from my prior instructions. Quote What must be off when I run this Combo /u? Nothing needs to be turned off. Just run Combo /u and then TFC. Quote Will Kaspersky let me choose settings before it starts scan? All of the options should already be set. Quote I looked at your automation for Kaspersky and noticed that you need to run Internet Explorer as administrator and I have no such option. What do I do about this? Right click the Internet Explorer icon in the system tray (bottom left) and choose Runs as Administrator. Quote What about dds.scr which is still on my desktop? Delete it. Quote What about the C:\Program Files\Trend Micro\sniper.exe Leave it for now. When we are done you can uninstall it in Add or Remove Programs. Quote Any special instructions for Spyware Blaster and SpyBot Search and Destroy? Tea time is still off Leave Tea Timer off. Don't worry about Spywareblaster. Quote I don't know if you need to know about PEB Corruption error that showed up in Problem reports in Windows vista(date of entry August 28). Do you? I have no clue what that is. Just run Kaspersky so we can see if any malware is left. Then we will deal with any remaining issues. Instructions followed; many files deleted, clicked IE 8 icon near pearl to run as administrator. Still got message that with Windows Vista you must run Kaspersky as administrator. Report follows. Did remove dds.scr to Recycle Bin and from there deleted it [after Combofix removal.] TFC.exe still on desktop. Npersn31 calling it a night. Reply when convenient and thanks! -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, August 30, 2009 Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, August 30, 2009 03:34:54 Records in database: 2718240 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 110011 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 01:52:19 No threats found. Scanned area is clean. Selected area has been scanned. Quote PEB Corruption error Are you sure this is spelled right?Evilfantasy: Here is the text taken from the Event viewer-----and you tell me! Product PEB_CORRUPTION Problem Driver host process disconnect Date 8/28/2009 11:45 PM Status Report Sent Description The Windows User-Mode Driver Framework detected that a driver host-process disconnected unexpectedly. This report contains information about the process and the drivers running within and will be used to improve the quality of these drivers. Problem signature Problem Event Name: WUDFHostProblem EventClass: HostProblem Problem: HostDisconnect DetectedBy: 2 UMDFVersion: 6.0.6001.18000. (longhorn_rtm.080118-1840) ExitCode: ffffffffffffffff Operation: 0 Message: 0 Status: ffffffff OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 1033 Extra information about the problem Bucket ID: 169643709 I have more details about what has been going on ,but don't have the time yet. npersn31 signing off.That error is most likely not malware related so we can finish up here. Post the information about the error in the Microsoft Windows forum and someone there will help. I deal with malware... Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Evilfantasy, lots of files were deleted but quarantine in SuperAntiSpyware was not affected.Trace.Known Threat Sources C:\Users\Susan M\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE8Y5QVT\IMGRogue-WiniFighter_Small[1].gif was still in quarantine and whether it was adviseable to remove, it has been done. I also checked to see if anything from McAfee had been forgotten and it had: some logs from McAfee(exported text),some logs from McAfee Virtual TECHNICIAN (html form),McAfee manuals(Adobe Acrobat pdf). I am going to remove these. Last hjt that I ran just to see what it looked like after all this(including reverted to last known good configuration with Combofix problem and not having ever removing/stopping any restore points before running a/v) showed: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: ::1 localhost Which doesn't take me where I want to go--- most of them. Im not sure what I am going to do next. The Avast questions, I guess I'll have to ask in Avast forum and ask about Windows firewall elsewhere too. Internet Explorer not having administrative rights is puzzling since when I had attempted to use BitDefender scanner I used administrative rights selection from a shortcut on my desktop instead of the one to the right of the 'pearl'. npersn31All of the entries in the HJT log are legitimate. You don't have to worry about them or you can fix them with HJT. What is wrong with Avast and Windows Firewall?Before I forget,I hope you don't take this as a request for instant help---I appreciate the help when it comes. Also I still have the Oldtimer executable on my desktop: what does it take to get this removed? In reference to your question about Avast and my firewall, I would refer you to the hjt that I just used the tool to evaluate but I cannot figure how to get back to the evaluation. This evaluation did not recognize my firewall. As for what is wrong with Avast, I cannot get it to scan my email in my Windows Mail inbox. I do not understand their settings and what they mean by redirected email. I don't think that I used your method to run IE 8 as administrator when installing Avast and am wondering if I need to reinstall it. What do you think? Also there seems to be a reference to McAfee here:O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5551/mcfscan.cab. What about it? Here is the HJT that I used: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:03:18 PM, on 9/1/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe C:\Windows\System32\rundll32.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar NOTIFIER BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected] O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5551/mcfscan.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7140 bytes npersn31 Quote Also I still have the Oldtimer executable on my desktop: what does it take to get this removed? Just delete it. Quote In reference to your question about Avast and my firewall, I would refer you to the hjt that I just used the tool to evaluate but I cannot figure how to get back to the evaluation. This evaluation did not recognize my firewall. As for what is wrong with Avast, I cannot get it to scan my email in my Windows Mail inbox. I do not understand their settings and what they mean by redirected email. I don't think that I used your method to run IE 8 as administrator when installing Avast and am wondering if I need to reinstall it. What do you think? Your files are scanned automatically. You don't need to do anything. Quote O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5551/mcfscan.cab Fix it with HJT.evil fantasy, I ran the Secunia Software Inspector and it ran over an hour, hanging up on D:---or so it seemed to me. I ran it after updating Java 6 update 15 to Java 6 update 16. Backtracking a second, recall that the Internet explorer 8 shortcut as well as the Internet explorer "e" icon on the desktop had no "run as administrator" option available in previous steps of this malware chase, I have used the one in the tray to create a new "launch Internet Explorer" shortcut with the option desired. Using this shortcut and the available "run as administrator" option, I ran the Secunia Inspector in Internet Explorer 8[I do have Foxfire, but not as default browser.] I am logged in as administrator, so I don't know if this was necessary or not---right clicking the option, that is. Just making sure circumstances surrounding the "hanging up" on D: are clearly understood. D: has the "shadow copies" and is not a separate drive from C:. The insecure programs were listed as the process went on and 8 programs were listed as found, 3 were insecure,5 were patched. I choose to go directly to sites to get the updates. Adobe Flash, Adobe Acrobat Reader,and Mozilla Foxfire were the insecure ones. I have had second thoughts about those legitimate sites you said I could take out using HJT. I have asked someone about the PEB corruption, and am wondering if my administrative rights questions are too much to ask. I have not posted any internet explorer questions yet. If you think this is ok, we can end this thread. I wait your reply and thank you so much for your patience and help. npersn31Yes we can wrap this up now. |
|
