Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Log [RESOLVED]


  • This topic is locked This topic is locked

#16
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Clean out your Java Cache

2. Please double-click Killbox.exe to run it.
  • Select
    • "Delete on Reboot
    • Then click on the "All Files" button if there are more than 1 file to delete.
  • Please copy the file path(s) below to the clipboard by highlighting ALL of them and pressing CTRL + C

    C:\WINDOWS\SYSTEM32\samifier.exe
    C:\WINDOWS\Temp\ft30s.exe
    C:\WINDOWS\Temp\setup4.exe



  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.


3. The other files are in your System Restore Cache and will be dealt with during the final cleanup.

Your log looks good. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures and recommendations.

Trevuren
  • 0

Advertisements


#17
NOS2006

NOS2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
How do I clean the Java cache?


Also, while browsing through Java, I found this folder which, deep within, contains this file:
C:\Program Files\Java\j2re1.4.2\lib\ext\wildtangent.jar
You mentioned deleting Wild Tangent before, should I get rid of this?


Third, in my Add/Remove Programs list, I still have the following programs listed:
  • autosearch
  • Viewpoint Media Player
  • Web Search
Is there anything wrong with those programs?


And, last, is that I occassionally get a message when I open things that Windows Explorer had an error and it asks whether or not I should send an error report. Does that have anything to do with malware?


Thanks!

Edited by NOS2006, 16 August 2006 - 10:20 PM.

  • 0

#18
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
A. Cleaning Java Cache

Go into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

B. Try UNINSTALLING them in Safe Mode.

C. There may be some damage done to your system. After doing the above, please try the following:

1. Please go to Start -> Run -> type cmd and press Enter.

2. At the command prompt type sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter. This will run the System File Checker.

3. Follow the prompts, and insert your Windows installation CD if requested.

4. Then please REBOOT your computer.

Please tell me how things went and we will start the final cleanup procedures.

Regards,

Trevuren

  • 0

#19
NOS2006

NOS2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
When trying the "sfc /scannow" in the command prompt, I get the following message:


Windows File Protection could not initiate a scan of protected system files.
The specific error code is 0x000006ba [The RPC server is unavailable].



EDIT: When I use "sfc \scannow" I get this message:

Microsoft® Windows XP Windows File Checker Version 5.1 © 1999-2000 Microsoft Corp. All rights reserved

Scans all protected system files and replaces incorrect versions with correct Microsoft versions.

SFC [/SCANNOW] [/SCANONCE] [/SCANBOOT] [/REVERT] [/PURGECACHE] [/CACHESIZE=x]

/SCANNOW Scans all protected system files immediately
/SCANONCE Scans all protected system files once at the next boot
/SCAN BOOT Scans all protected system files at every boot
/REVERT Return scan to default setting.
/PURGECACHE Purges the file cache.
/CACHESIZE=x Sets the file cache size.

Edited by NOS2006, 16 August 2006 - 10:44 PM.

  • 0

#20
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Did you perform the other 2 steps first?

Trevuren

  • 0

#21
NOS2006

NOS2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Yes I did, please see me editted post above (Post #19).
  • 0

#22
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. I am sorry but I am still confused about your response. I mean did you clean your Java Cache and Uninstall those two programs first?

2. You may have to do a system repair due to the extent of the damage done.

3. Please answer question 1. If we can procede, I'll give you the final cleanup procedures to make sure that there is no more malware on your machine then I'll post on how to do a system repair.

Trevuren
  • 0

#23
NOS2006

NOS2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Yes, I tried steps one and two. Step one was completely successful, but step two wasn't as successful (I couldn't uninstall everything in safe mode through add/remove programs).

So, let's continue with what you just said in #3, continue removing malware, then possibly do a system repair..
  • 0

#24
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
You asked for info on the following programs:

autosearch: http://www.bleepingc...AutoSearch.html

Web Search: http://www.bleepingc...Web-Search.html

Viewpoint Media Player: Is considered "foistware", that is, not malware "per se" but is usually added to your system by a service without your consent.


Your call. Please get back to me with your decision.


Trevuren

  • 0

#25
NOS2006

NOS2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Alright, I got rid of Viewpoint, but the instructions to get rid of the others say to just follow the steps in Add/Remove Programs. However, my computer won't let me uninstall/delete autosearch or WebSearch through the Add/Remove Programs screen.. Oh, what to do, what to do...
  • 0

Advertisements


#26
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please post a fresh HJT log.

Thanks,

Trevuren

  • 0

#27
NOS2006

NOS2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:10:25 PM, on 8/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Mine\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#28
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Go to Start >Run and type cmd
Press enter to start a command window

2. Copy this command and then right click in the command window. Choose Paste from the menu.

Dir /s /a C:\PROGRAM FILES > folders.txt & Start notepad folders.txt

This will take a look at the folder and open a file named folder.txt

3. Copy and paste the contents of folder.txt into your next reply here.

Regards,

Trevuren

  • 0

#29
NOS2006

NOS2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
:whistling: This is all that comes up:

Volume in drive C has no label.
Volume Serial Number is 18FE-D7B5
  • 0

#30
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Sorry, this should work better for you:

1. Go to Start->Run and type in notepad and hit OK.

2. Then copy and paste the content of the following codebox into Notepad:

cd C:\Program Files
dir C:\Program Files >> folders.txt & Start Notepad folders.txt

3. Save the file as "folders.bat". Make sure to save it with the quotes.

4. Double click folders.bat.

5. This will take a look at Program Files and open a file named folders.txt

6. Copy and paste the contents of folders.txt into your next reply here


Regards,

Trevuren

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP