And below is my hijackthis log. it wouldnt let me delete the 02-no name one it kept saying close all internet windows and explorer windows...i did that, i dont know..but attached it is!
Thanks
Junior Member
And below is my hijackthis log. it wouldnt let me delete the 02-no name one it kept saying close all internet windows and explorer windows...i did that, i dont know..but attached it is!
Thanks
Administrator
You should run HiJackThis again and put a checkmark next to this entry;
O2 - BHO: (no name) - {B7D8771B-4627-4EBE-8924-52FC713B1290} - C:\WINDOWS\system32\adsldpm.dll (file missing)
Once you have placed the checkmark then click the Fix Checked Button.
Exit HJT.
Then you need to update the java on this computer current version is version 6 Update 7.
Go HERE to download the latest version. Download the Offline Install and save it to the desktop.
Once you have done that then go to Start, Control Panel, Add/Remove and uninstall all old versions showing there. Once you have done that then double click that java install showing on the desktop and install the new version. When that has completed go back to the download page and on the right side you will see verify now. Click that to verify the installation was complete.
I recommend using either CodeStuffStarter or Mike Lin's Startup Control Panel to easily control auto starts. Don't use msconfig as this should be used only as a troubleshooting tool.
The start ups that I see that are totally unnecessary are;
Adobe Reader Speed Launcher
iTunesHelper
QuickTime Task
AdobeUpdater
Windows Media Player
iPod Service
All of the above can be run manually and don't need to run all the time in the background.
You CAN stop them by using HiJackThis, but I would use CodeStuff Starter or Mike Lin's and stop them that way.
Ad-Aware 2007 Service...Personally with this one, I would recommend uninstalling the entire program. This used to be a great program but the newer versions just aren't as good as the previous ones.
Just stick with Spybot S & D and Malwarebytes'-Anti-Malware for scanning weekly, be sure to update both programs prior to scanning and DON'T use the TeaTimer portion of Spybot.
Also add SpywareBlaster
to the computer. Truly a must have program and it is FREE and DOESN'T run in the background.
Junior Member
Ummm Judy...I did all that stuff up there, I must have gave u the wrong log. Hows this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 944 PM, on 8/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\CodeStuff\Starter\Starter.exe
C:\Documents and Settings\Owner\Desktop\Computer Cleaning Scanners\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {B7D8771B-4627-4EBE-8924-52FC713B1290} - C:\WINDOWS\system32\adsldpm.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3005838E-2A00-11D2-B701-006008D1E01C} (webctl Class) - https://www.wm-mobile.ubs.com/md/Navigator.cab
O16 - DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} (Reuters PlusWeb Excel Macro 1,5,0,8) - https://www.wm-mobile.ubs.com/md/plu...obil/excel.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1136432070497
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138118416109
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {7B70A888-E8AC-4757-B454-766DA6B0B761} (Reuters PlusWeb Excel PreCheck 1,5,0,1) - https://www.wm-mobile.ubs.com/md/plu...l/precheck.cab
O16 - DPF: {C0966447-1276-46EF-A5BB-1D5BCB6E8935} (PWSweep Class) - https://www.wm-mobile.ubs.com/CWM/pluswebsweeper.cab
O16 - DPF: {F822CC94-9D2F-4914-9CBB-8FBB9EDB1BF0} (PWAgent Class) - https://www.wm-mobile.ubs.com/md/pwagentclient.cab
O16 - DPF: {FF2B96CA-23B8-4B6F-8B90-873770F0D537} (PlusWebLocator Class) - https://www.wm-mobile.ubs.com/md/plusweblocator.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6968 bytes
And the code stuff starter doesnt have ANY of those programs to turn off...
Let me know now.
And like i said above: And below is my hijackthis log. it wouldnt let me delete the 02-no name one it kept saying close all internet windows and explorer windows...i did that, i dont know..but attached it is!
Administrator
That is fine, I had you stop them via the first HJT fix. No problem.code stuff starter doesnt have ANY of those programs to turn off...
When it says close internet windows....that means you should close all browsers and you shouldn't be connected to the internet. Your Firefox was definitely running when the scan was done. Also I see that Limewire was running as was CodeStuff starter. Neither or those two programs should be running in the background.
These unnecessary programs were running in the background when you did the HijackThis scan...ALL should be closed before cleaning or running HiJackThis.
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\CodeStuff\Starter\Starter.exe
One thing I just noticed, the second Malwarebytes-Anti-Malware log you posted was NOT the second time you ran it. It was the same log, with date and time as the first one.
Can you post the second one here?
Junior Member
Sorry! They're attached!
Administrator
You need to close everything again and re-run the MBAM program again and this time have it fix everything found. Reboot the computer and then run it again and also run HJT again.
Post all three logs here....number the MBAM logs 1 for the first one and then 2 for the second one.
You MUST update MBAM BEFORE you run it.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote