- Referred by DomHennig -

**JaclynCrummey** · 08-30-2008, 11:33 AM

here it is... I'm now going to run the other three scans again. and will post those logs as well.

**JaclynCrummey** · 08-30-2008, 11:53 AM

here is the new Malwarebytes Anti-Malware Log. Next, running combofix.

**JaclynCrummey** · 08-30-2008, 12:24 PM

here is the last two logs, Combofix and Hijackthis.

If theres anything else I should do, please let me know!

Thanks in advance.

**DomHennig** · 08-30-2008, 12:39 PM

Judy,

I already told her about the last post you gave me about my computer:

Originally Posted by jholland1964

Things look fine to me.

Ok, ONE anti-virus program, ONE firewall....as noted before any of those that PhilliePhan notes HERE are ALL excellent programs.
As I said, I am using Antivir. I am also using the built in Windows Firewall. Both have worked well for me. But for those doing a lot of downloading, gaming or (heaven forbid) P2P file sharing (which is dangerous in itself) I would go with one of the firewall's that PP notes in his thread. PP's advice is always right on so you CAN trust anything you would choose that he lists.
For anti-spy program I use SpywareBlaster. I DO NOT have any antispy programs that run all the time in the background.
For scanning I use SpyBot S & D and Malwarebytes-Anti-Malware. I use them weekly after manually updating each. I also update SpywareBlaster weekly. Some weeks it has updates, some weeks it doesn't. I use ATF-Cleaner at weekly to keep my temp files cleaned out. I also have my browsers set to accept ONLY 1st party cookies and to block 3rd party cookies. They also allow session cookies, which are the cookies used by a website while you are on it to make surfing on different pages of the website easier and faster. Those do not stay on the computer once you leave the particular website. I use the pop up blocker on both Firefox and Internet Explorer.
My Anti-vir auto updates at least daily, sometimes more than once and I scan with it once a week.

So once your done with her, and tell her what she needs to do after u read all those scans, I'll go over there and get all those going on her computer too. (It's my girlfriend, she lives about 4 miles away )
Edit/Delete Message

**jholland1964** · 08-30-2008, 02:31 PM

Other than those I noted in my HJT fix for her I don't see any. Think she has that part really pretty well under control. If you want, once you get over there if you want to you can open HJT and click on Misc. Tools. At the top is a button which will give you a list of Start ups. You can do that and post it if you wish, but from what I seen in the regular log it seems as if she doesn't have too many that are not necessary.
Judy

**JaclynCrummey** · 08-31-2008, 03:17 PM

Hey Judy,

I just got over here with enough time to sit down. attached is the start up list. Ill work on everything else now

**JaclynCrummey** · 08-31-2008, 03:48 PM

And below is my hijackthis log. it wouldnt let me delete the 02-no name one it kept saying close all internet windows and explorer windows...i did that, i dont know..but attached it is!

Thanks

**jholland1964** · 08-31-2008, 04:16 PM

You should run HiJackThis again and put a checkmark next to this entry;
O2 - BHO: (no name) - {B7D8771B-4627-4EBE-8924-52FC713B1290} - C:\WINDOWS\system32\adsldpm.dll (file missing)
Once you have placed the checkmark then click the Fix Checked Button.
Exit HJT.

Then you need to update the java on this computer current version is version 6 Update 7.
Go HERE to download the latest version. Download the Offline Install and save it to the desktop.
Once you have done that then go to Start, Control Panel, Add/Remove and uninstall all old versions showing there. Once you have done that then double click that java install showing on the desktop and install the new version. When that has completed go back to the download page and on the right side you will see verify now. Click that to verify the installation was complete.

I recommend using either CodeStuffStarter or Mike Lin's Startup Control Panel to easily control auto starts. Don't use msconfig as this should be used only as a troubleshooting tool.

The start ups that I see that are totally unnecessary are;
Adobe Reader Speed Launcher
iTunesHelper
QuickTime Task
AdobeUpdater
Windows Media Player
iPod Service
All of the above can be run manually and don't need to run all the time in the background.

You CAN stop them by using HiJackThis, but I would use CodeStuff Starter or Mike Lin's and stop them that way.

Ad-Aware 2007 Service...Personally with this one, I would recommend uninstalling the entire program. This used to be a great program but the newer versions just aren't as good as the previous ones.
Just stick with Spybot S & D and Malwarebytes'-Anti-Malware for scanning weekly, be sure to update both programs prior to scanning and DON'T use the TeaTimer portion of Spybot.
Also add SpywareBlaster
to the computer. Truly a must have program and it is FREE and DOESN'T run in the background.

**JaclynCrummey** · 08-31-2008, 08:28 PM

Ummm Judy...I did all that stuff up there, I must have gave u the wrong log. Hows this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9

44 PM, on 8/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\CodeStuff\Starter\Starter.exe
C:\Documents and Settings\Owner\Desktop\Computer Cleaning Scanners\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {B7D8771B-4627-4EBE-8924-52FC713B1290} - C:\WINDOWS\system32\adsldpm.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3005838E-2A00-11D2-B701-006008D1E01C} (webctl Class) - https://www.wm-mobile.ubs.com/md/Navigator.cab
O16 - DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} (Reuters PlusWeb Excel Macro 1,5,0,8) - https://www.wm-mobile.ubs.com/md/plu...obil/excel.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1136432070497
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138118416109
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {7B70A888-E8AC-4757-B454-766DA6B0B761} (Reuters PlusWeb Excel PreCheck 1,5,0,1) - https://www.wm-mobile.ubs.com/md/plu...l/precheck.cab
O16 - DPF: {C0966447-1276-46EF-A5BB-1D5BCB6E8935} (PWSweep Class) - https://www.wm-mobile.ubs.com/CWM/pluswebsweeper.cab
O16 - DPF: {F822CC94-9D2F-4914-9CBB-8FBB9EDB1BF0} (PWAgent Class) - https://www.wm-mobile.ubs.com/md/pwagentclient.cab
O16 - DPF: {FF2B96CA-23B8-4B6F-8B90-873770F0D537} (PlusWebLocator Class) - https://www.wm-mobile.ubs.com/md/plusweblocator.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6968 bytes

And the code stuff starter doesnt have ANY of those programs to turn off...

Let me know now.

And like i said above: And below is my hijackthis log. it wouldnt let me delete the 02-no name one it kept saying close all internet windows and explorer windows...i did that, i dont know..but attached it is!

**jholland1964** · 08-31-2008, 10:23 PM

code stuff starter doesnt have ANY of those programs to turn off...

That is fine, I had you stop them via the first HJT fix. No problem.

When it says close internet windows....that means you should close all browsers and you shouldn't be connected to the internet. Your Firefox was definitely running when the scan was done. Also I see that Limewire was running as was CodeStuff starter. Neither or those two programs should be running in the background.

These unnecessary programs were running in the background when you did the HijackThis scan...ALL should be closed before cleaning or running HiJackThis.

C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\CodeStuff\Starter\Starter.exe

One thing I just noticed, the second Malwarebytes-Anti-Malware log you posted was NOT the second time you ran it. It was the same log, with date and time as the first one.
Can you post the second one here?

Thread: - Referred by DomHennig -

Thread Tools

Display

Hybrid View

ESET LOG

Thread Information

Users Browsing this Thread

Posting Permissions