Avast WEBforum
Other => Viruses and worms => Topic started by: Chrysta on February 17, 2010, 03:12:47 AM
-
Awhile ago I got infected with the 'Personal Antivirus' virus, and I had MacAfee at the time. Then I downloaded Malwarebytes and Avast and got rid of it. I think I still have something connected to it that didn't get deleted.
Now a couple months later, I had another fake alert telling me that my computer was infected with tons of viruses. I downloaded Spyware Doctor and Spybot Search and Destroy. I can't pay for Spyware doctor, and I deleted what I found from Spybot. I believe Spyware doctor found Trojan.fakealert. In the past I ran Malwarebytes and Avast scans and they came clean, and just now I ran both scans and they came clean.
Now part of me wants to not necessarily believe Spyware doctor or Spybot and trust what their scan tells me. On the other hand, they found things that Avast and Malwarebytes didn't.
So I need help determining if my computer is really infected and if it is, how I get rid of Trojan.fakealert and the other things it found, especially since Avast didn't find anything.
-
Download Hitman Pro (http://www.surfright.nl/en/downloads/), and execute it holding the left Ctrl key.
Do a scan and check the infected files, remove infections as needed, restart if needed.
-
Hi,
Welcome to the avast forum,
You may to :
1. Download Combofix (http://www.combofix.org/download.php)
2. Please follow the user guidance for Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) usage
Hopefully may help you.
Cheers,
-
I hope you removed McAfee before you installed avast?
Did you update Malwarebytes befor you scanned? Latest is 1.44 database 3749
can you post the scan log
How to remove Personal Antivirus (Removal Guide)
http://www.bleepingcomputer.com/virus-removal/remove-personal-antivirus
You can also try
SuperAntiSpyware 4.33.1000 http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26
-
I had the misfortune of picking up the same infection less than four hours after a fresh windows install.Spyware doctor called it fakealert and warned me about allowing an installer which I allowed anyway, then wham! This is a particularly nasty piece of malware. Lucky for me my father in law came over to babysit that night and is a pro IT guru! Look at running processes in your task manager and if you see bnz.exe or bno.exe right click and select end process tree, then yes to are you sure prompts. go to cnet and download malwarebytes and ccleaner. Ccleaner has a tool that allows you to easily see all processes that load on startup and deactivate any you want to. You can probably kill most of them, but pay special attention to bno.exe and bnz.exe.. bad stuff, they replicate in your system and a new copy reactivates everytime a program removes its infection. use your windows search function to search your system for them and delete manually then run ccleaner to clean your systems temp files, recycle bin etc. then run malwarebytes. You may still not be rid of it though! Avast won't find it, only anti-spyware type programs like spybot. Keep trying different anti malware, spyware, adware etc. till your system consistently comes clean. Also this thing installed a program.. can't remember what it was called. So look at installed programs in your add/remove programs in control panel. If you don't recognize it, its not a windows update or component, and you don't use it.. consider getting rid of it.
-
hmmm... try to goto in safemode by the way of restarting ur pc and click "F5" or "F6" i think.
and scan ur pc using http://malwarebytes.org
Good luck and God bless...
-
Hi iloqutiss1
Try to do a scan with updated version of Malwarebytes Antimalware. download it from http://www.filehippo.com/download_malwarebytes_anti_malware/ (http://www.filehippo.com/download_malwarebytes_anti_malware/)
if the malware did not allow you to run Malwarebytes Antimalware, download the Hitman Pro from http://www.surfright.nl/en/downloads/ (http://www.surfright.nl/en/downloads/), Hold the Ctrl Key and double click on hitmanpro.exe to run, keep Ctrl key holding until Hitman Pro screen appear, click on next and let it scan and remove the malwares it find (During removal you might active 30 days trial version). after Hitman Pro removed the malware reboot the computer and scan with Malwarebytes Antimalware.
-
I had a 30 trial of McAfee and I waited until it ended to download Avast.
And yes, I have updated Malwarebytes and done scans, and they come up clean.
I don't know whose advice to follow, since you all said something different, so I will go down the line through each one.
I downloaded SUPERantispyware and ran a scan, it found three tracking cookies, that was it, I deleted them and ran the scan again and it came out clean. Should I run it again in safe mode? Should I run any of these scans in safe mode?
Anyway, thanks for the replies.
-
Hi Chrysta
Since you have done Malwarebytes Antimalware ans SUPERAntiSpyware, now you might try Hitman Pro http://www.surfright.nl/en/downloads/ (http://www.surfright.nl/en/downloads/)
Also, Posting here a HiJackThis log (http://www.softpedia.com/get/Antivirus/Trend-Micro-HijackThis.shtml) would give us more info.
-
@Chrysta remember it is not advisable to use two antivirus in your pc., bcos it caused a conflict and ur pc will having trouble,..
use only one, only avast and uninstall ur Mcafee. ;)
-
Awhile ago I got infected with the 'Personal Antivirus' virus, and I had MacAfee at the time.
The next time you get one of these fake pop up (most likely while you are surfing the net) saying you are infected, DONT PANICK, you are not infected YET-- press ctrl-alt-delete to open the task manager and close ALL occurances of iexplorer (this action has now stoped the FAKE dead and your PC is still clean) DO NOT close the pop up using the red X top right corner nor using the cancel or no button as this will infect you more by means of a DRIVE BY DOWNLOAD
hope it helps ya
-
I ran Hitman Pro and the scan came up clean. I deleted the program and then installed Combofix.
This is my Combofix log. --- Not really sure what it all means. Did it delete the bad things for me? Can I delete Combofix now and run the next program on my list?
Not all of the log fits in one post so I will do it in two posts.
ComboFix 10-02-18.07 - Chrysta 02/18/2010 20:23:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3034.1661 [GMT -6:00]
Running from: c:\users\Chrysta\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\$recycle.bin\S-1-5-21-648665810-3373998031-3992693303-500
c:\program files\Common Files\Uninstall
c:\program files\PAV
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\oem6.inf
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-01-19 to 2010-02-19 )))))))))))))))))))))))))))))))
.
2010-02-19 02:29 . 2010-02-19 02:29 -------- d-----w- c:\users\Chrysta\AppData\Local\temp
2010-02-19 02:06 . 2010-02-19 02:06 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-02-19 02:06 . 2010-02-19 02:06 -------- d-----w- c:\programdata\Hitman Pro
2010-02-19 02:06 . 2010-02-19 02:06 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-02-17 21:13 . 2010-02-17 21:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-17 21:13 . 2010-02-19 02:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-17 21:13 . 2010-02-19 02:04 -------- d-----w- c:\users\Chrysta\AppData\Roaming\SUPERAntiSpyware.com
2010-02-16 04:13 . 2010-02-16 04:13 -------- d-----w- c:\users\Chrysta\AppData\Local\Threat Expert
2010-02-15 06:44 . 2010-02-17 02:56 -------- d-----w- c:\program files\Spyware Doctor
2010-02-13 03:35 . 2010-02-13 03:56 -------- d-----w- c:\program files\Celebrity Toolbar
2010-01-22 22:39 . 2009-12-16 11:44 834048 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 22:39 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-20 17:05 . 2010-01-20 17:05 -------- d-----w- c:\programdata\Office Genuine Advantage
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 05:58 . 2009-10-10 00:25 -------- d-----w- c:\program files\uTorrent
2010-02-16 05:58 . 2009-07-10 06:56 -------- d-----w- c:\users\Chrysta\AppData\Roaming\uTorrent
2010-02-16 03:48 . 2009-05-04 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 03:48 . 2009-06-12 08:06 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-16 03:23 . 2009-05-04 17:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-16 03:22 . 2009-05-04 17:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-16 00:21 . 2009-05-01 23:01 1356 ----a-w- c:\users\Chrysta\AppData\Local\d3d9caps.dat
2010-02-11 22:19 . 2009-05-15 03:37 2926 ----a-w- c:\users\Chrysta\AppData\Roaming\wklnhst.dat
2010-02-11 09:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-20 17:04 . 2009-04-25 13:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 14:47 . 2009-04-25 12:59 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 17:12 . 2009-10-03 07:46 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 22:07 . 2009-05-04 14:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-05-04 14:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 02:17 . 2010-01-01 02:17 -------- d-----w- c:\program files\Coupons
2009-12-11 11:43 . 2010-02-10 19:30 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 19:30 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 19:30 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 19:30 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 19:30 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 19:30 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 19:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 19:30 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 19:30 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 19:30 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 19:30 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 19:30 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 19:30 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 19:30 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 19:30 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 19:30 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 19:30 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 22:42 . 2009-05-20 02:10 1669040 ----a-w- c:\programdata\WildTangent\Game Console - WildGames\Downloads\en-us\Installers\SetupGamesClient.exe
2009-11-24 23:54 . 2009-06-01 13:48 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:49 . 2009-06-01 13:48 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-06-01 13:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-06-01 13:48 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-04-25 15:04 . 2009-04-25 15:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
-
Second half of Combofix log.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-4-25 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-04-25 13:07 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ba,5e,ca,3d,af,53,ca,01
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/1/2009 7:48 AM 114768]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe [4/25/2009 9:28 AM 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/1/2009 7:48 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/1/2009 7:48 AM 53328]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [12/18/2008 12:05 PM 155648]
S2 SftService;SoftThinks Agent Service;"c:\windows\sminst\sftservice.EXE" --> c:\windows\sminst\sftservice.EXE [?]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [11/4/2008 5:16 PM 22904]
--- Other Services/Drivers In Memory ---
*Deregistered* - SASENUM
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 20:29
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
Completion time: 2010-02-18 20:32:04
ComboFix-quarantined-files.txt 2010-02-19 02:32
Pre-Run: 90,708,385,792 bytes free
Post-Run: 90,655,232,000 bytes free
- - End Of File - - 5641BDFAB7B84067BD1808AADF34DFCF
-
To iloqutiss - Neither one of these 'bno.exe and bnz.exe' were there when I went to the task manager. Should I still do ccleaner?
Nosnibor- When the fake alert popped up, I exited out of it by hitting the red 'x', which I figured I shouldn't have done.
So it looks like I've done everything that everyone said besides HijackThis, which I am going to do now.
-
Here is the HijackThis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:14 PM, on 2/18/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: Dell Remote Access.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: SoftThinks Agent Service (SftService) - Unknown owner - C:\Windows\sminst\sftservice.EXE (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
End of file - 7245 bytes
-
Should I still do CCleaner?
Nosnibor- When the fake alert popped up, I exited out of it by hitting the red 'x', which I figured I shouldn't have done.
You are correct ;D in figuring you should not have exited using that method. Exiting ANY web based page by using the red X in the top right corner or by using the Cancel or exit Button is probably the most common user induced Security Breach ever found.
Whenever i close any web based page i always close it using Windows Task Manager there by removing the risk.
Also i think you should use CCleaner. I've used it for over 3 years and highly recommend it.
P.S. you might also like some of the programs I've got links for in my signature below ;D
Model: Hewlett Packard COMPAQ Presario V5305WM Laptop
OS: Windows XP Professional Media Center Edition (SP3)
Processor: x86 Family 15 Model 44 Stepping 2 Authentic AMD Mobile Sempron 1994 MHz
Memory: 1536MB (1.5GB)
Security: http://www.comodo.com/ * http://www.avast.com/ * http://www.fileshredder.org/
Tools: http://www.piriform.com/products * http://www.disktrix.com/ * http://www.revouninstaller.com/ * http://www.antp.be/software/moviecatalog/ * http://www.free-codecs.com/index.htm * http://technet.microsoft.com/en-ca/sysinternals/default.aspx
The BEST phone carrier http://www.magicjack.com
If you have questions about any of them don't hesitate to ask
-
Ok, I ran ccleaner. I went to the 'cleaner' section and deleted everything in there. Should I also run the 'registry' section and then fix the selected items?
-
CCleaner's Registery Cleaner is the only one i use or recomend
Be sure to select "YES" to make a back up of the registry. I've never had to use a backup in over 3 years but it doesn't hurt to be cautious.
What did you select for settings in CCleaner ??? this might help if you have questions about settings http://docs.piriform.com/ccleaner
-
How do you make a back up of the registry?
This is what was automatically checked in the 'cleaner' section. What came up, I deleted.
Internet Explorer
Temportary Internet Files
Cookies
History
Recently Typed URLs
Index.dat files
Last Download location
Windows Explorer
Recent Documents
Run (in start menu)
Other Explorer MRUs
Thumbnail Cache
System
Empty Recycle Bin
Temporary Files
Clipboard
Memory Dumps
Chkdsk Fild Fragments
Windows Log Files
Things that are automatically checked in the 'registry' section are: Which I haven't done anything with yet.
Registry Integrity
Missing Shared DLLs
Unused File Extensions
ActiveX and Class Issues
Type Libraries
Applications
Fonts
Application Paths
Help Files
Installer
Obsolete Software
Run at Startup
Start Menu Ordering
MUI Cache
Again, how do I create a registry backup?
-
STOP STOP STOP First step make sure you have the most current version of ccleaner (update link-bottom right corner of CCleaner GUI) In CCleaner first go to the "Options tab" and make sure Show prompt to backup registry issues is selected. Then select the Registey button, then select everything, press scan for issues. How many issues where found??? Then press fix selected issues a pop up will ask if you want to back up the registry, Select yes I recomend placing all CCleaner Registry backup's in a folder called "CCleaner Data" placed in your "My Documents Folder" Then select clean all n ya good to go.
Be sure to check http://docs.piriform.com/ccleaner for an explanation about everything related to ccleaner
-
Ok. Thank you very much for all the instructions. I really appreciate it. :D
I made a registry backup.
It found and fixed 143 items.
-
It found and fixed 143 items.
OMG thats a lot ??? I install and uninstall a lot and i wouldn't get that many in a year
chk my past post with all the links. I use them all and highly recomend them all.
If you like contact my MSN if you need live help with any PC problem 8)
-
@Chrysta: your HijackThis log files look likes to be clean, just upgrade the Internet Explorer to version 8.
-
Ok. Thank you very much for all the instructions. I really appreciate it. :D
P.S. Every time i install something NEW i always do thefollowing steps
1. Close ALL open programs including those in the system tray except for antivirus and firewall.
2. Make a "System restore point"
Now your free to chk out the new program. Tweek it, check out ALL the settings, see what it does, let your fingers guide you lol. If you dont like the new program or if it made UNWANTED CHANGES to your system or if the user made unwanted changes lol BOOM get rid of it USING Revo then use "System Restore" to revert to a time before you installed the unwanted program.
3. Whenever i uninstall something (or for aditional cleaning) i use "Revo Uninstaller" http://www.revouninstaller.com/ as windows leaves behind a lot of CRAP n temp stuff when it installs, uninstalls or just from daily usage.
WARNING
Revo is very powerfull and you could inadvertantly delete stuff you need.