SpySweeper will prevent registry entries from being removed. At what point did you install SpySweeper? That may be the problem.
I would suggest removing SpySweeper (Re-install later if you stay clean.)
After removing SpySweeper, update MBAM. There is a new version today. Run a scan.
Please run HijackThis and place a checkmark next to this following:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Close all other windows and click "Fix Checked". Close HijackThis.
Reboot.
Open HijackThis and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Select a place to save it. The list should open in notepad. Please copy and paste that list here along with your new MBAM log along with a new HijackThis log.
Hi Bugbatter, this is related to my Posts above about my Desktop BUT it concerns my Laptop this time. I hope you can tie these together for me so you can help me fix my Laptop, too. While following your advice with my Desktop, I discovered that my Dell Laptop has the identical problems (well, nearly-identical, I think). The problem is that my Laptop was not infected by that Virus Doctor, so I may have "caught" something somewhere else, maybe when I was downloading the same program to both PCs? I keep them nearly identical.
I applied all of your advice for my Desktop to my Laptop and the MBAM logs are absolutely identical -- same 2 files are infected. I will attach logs below, and add "Laptop" so as to not confuse matters (too much more!)
Although I did run HijackThis, I did not find anything even closely resembling that file you asked me to check and "Fix Checked" on my Desktop (O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)). I will attach a HijackThis log for my laptop below, too.
I even Re-Ran HijackThis to get an "uninstall" list of programs and Saved it so you can see what programs I'm running on the Laptop (different -- shorter!)
I'm also getting an error message when I open IE 7: “Internet Explorer – Search Provider Default: A program on your computer has corrupted your default search provider setting for Internet Explorer. Internet Explorer has reset this setting to your original search provider, Google (www.google.com). Internet Explorer will now open Search Settings, where you can change this setting or install more search providers.”
I can’t seem to fix it or get around it.Maybe it’s due to that malware?I don’t know.Both PCs have gotten a lot slower but I’m still cleaning them up several times a day now.
Could you kindly take a look at the MBAM, HijackThis, and Uninstall_List logs for my Laptop and tell me if you see the malware that I can't seem to get (or keep) removed from my Laptop? If you have any ideas about that IE error message, that would be great but don't knock yourself out on it. I'm more concerned with the Malware. I may be able to find someone else who specializes in IE issues and take that problem to them instead of wasting your time on it.
Also, that link you gave me last week from McAfee concerning stopping Windows Defender doesn't work -- Win Defender keeps loading. I had to stop it through System Configuration in Windows even though I'm not too happy I can't run it anymore.
Finally, did you know that the updated MBAM program tries to automatically load? WIndows stops it. FYI. Here are the logs for my Laptop. Any (more) help you could offer would be greatly appreciated! Have a great day tomorrow!
Mbam log from Laptop:
Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 6.0.6002 Service Pack 2
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:11:15 PM, on 9/10/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal
32 Bit HP CIO Components Installer Acrobat.com Acrobat.com Adobe AIR Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9 Advanced Audio FX Engine Advanced Video FX Engine AnswerWorks 5.0 English Runtime Apple Software Update Broadcom Management Programs CDDRV_Installer Complete Care Consumer Service Agreement Creative MediaSource 5 Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell PC TuneUp Dell Support Center (Support Software) Dell Touchpad Dell Webcam Center Dell Webcam Manager EDocs Fingerprint Reader Suite 5.6 Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer GoToAssist 8.0.0.514 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Imaging Device Functions 8.0 HP OCR Software 8.0 HP Photosmart Essential HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B HP Print Diagnostic Utility HP Solution Center 8.0 HP Update Intel(R) PROSet/Wireless Software Java(TM) 6 Update 5 KhalSetup Laptop Integrated Webcam Driver (1.03.01.1011) Live! Cam Avatar Creator Live! Cam Avatar v1.0 Malwarebytes' Anti-Malware McAfee SecurityCenter McAfee Virtual Technician mCore MediaDirect mHelp Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Live Add-in 1.3 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Small Business 2007 Microsoft Office Small Business 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable mMHouse mPfMgr MSN Money Investment Toolbox MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 and SOAP Toolkit 3.0 mWMI NVIDIA Drivers OGA Notifier 2.0.0048.0 OutlookAddinSetup QualXServ Service Agreement Quicken 2009 Quicken Home Inventory Manager QuickSet QuickTime Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB969679) Security Update for Microsoft Office Excel 2007 (KB969682) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB969693) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office Word 2007 (KB969604) SetPoint Sound Blaster Audigy ADVANCED MB Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB969907) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (kb973514) Virtual Account Numbers WIDCOMM Bluetooth Software 6.0.1.3100 Windows Live Mail Windows Live OneCare safety scanner Windows Live OneCare safety scanner Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Writer Windows Mobile Device Center Windows Mobile Device Center Driver Update Windows Mobile Feb. 2008 DST Updates
Yes, I'm now haunted by this seemingly imploding problem, now effecting two of my computers (Desktop & Laptop)! You are so nice to get back to me and so quickly, too, as I (on the other hand) miserably crawl my way through this unfamiliar territory. I'm now working on 2 computers at once.
Computer No. 1 (Desktop):
I did what you asked &, so far, it went without a glitch. Still need to see if the files will reappear, though. I will keep checking back.
Here it is: I uninstalled SpySweeper (Do you remember? I also stopped Windows Defender on account of the McAfee conflicts? Why do I suddenly feel so vulnerable?) I updated MBAB (but had to uninstall to reinstall the updated version for some reason, FYI). I ran HiJackThis & found your BHO file, Fix-Checked it, etc.
Here are the logs (all from my Desktop, BTW. Next post is about my Laptop -- JOY!!! (if you still have a sense of wonder, if not some humor, by then):
I'm off in the morning & won't be back until evening so may not respond until late, if you are able to get back to me on this before then, just so you know.
uninstall_list(from HijackThis):
32 Bit HP CIO Components Installer 32 bit Windows Card Reader Driver Acrobat.com Adobe AIR Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.1.2 Advanced Audio FX Engine Advanced Video FX Engine AnswerWorks 5.0 English Runtime Apple Mobile Device Support Apple Software Update Ask.com Toolbar ATI Catalyst Control Center Bonjour Catalyst Control Center - Branding CDDRV_Installer Choice Guard Complete Care Consumer Service Agreement Creative MediaSource 5 Dell DataSafe Online Dell Getting Started Guide Dell PC TuneUp Dell Support Center (Support Software) Dell Webcam Center Dell Webcam Manager Dell Wireless WLAN Card Dell Xcelerator(TM) for Portable Devices DirectXInstallService EDocs Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Hauppauge MCE XP/Vista Software Encoder (2.0.25296) Hauppauge TV Tuner Driver HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Driver Diagnostics HP Imaging Device Functions 8.0 HP OCR Software 8.0 HP Photosmart Essential HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B HP Print Diagnostic Utility HP Solution Center 8.0 HP Update Intel(R) Matrix Storage Manager Intel(R) PRO Network Connections 12.1.12.4 Intel(R) PRO Network Connections 12.1.12.4 iTunes Java(TM) 6 Update 13 Java(TM) 6 Update 5 Junk Mail filter update KhalSetup Live! Cam Avatar Creator Live! Cam Avatar v1.0 Malwarebytes' Anti-Malware McAfee SecurityCenter Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Recent Documents Gadget Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Small Business 2007 Microsoft Office Small Business 2007 Microsoft Office Small Business Connectivity Components Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Monitor Webcam (SP2208WFP) Driver (1.00.08.0720) MSN Money Investment Toolbox MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 and SOAP Toolkit 3.0 Music, Photos & Videos Launcher OGA Notifier 2.0.0048.0 PowerDVD Product Documentation Launcher QualXServ Service Agreement Quicken 2009 Quicken Home Inventory Manager QuickTime Roxio Activation Module Roxio CinePlayer Decoder Pack Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator Premier Roxio Creator Premier Roxio Creator Premier 10 Roxio Creator Tools Roxio Express Labeler Roxio Update Manager Safari Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB969679) Security Update for Microsoft Office Excel 2007 (KB969682) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB969693) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office Word 2007 (KB969604) SetPoint Sound Blaster Audigy ADVANCED MB Spelling Dictionaries Support For Adobe Reader 9 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB969907) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (kb973514) Virtual Account Numbers WD Diagnostics WIDCOMM Bluetooth Software 6.0.1.4300 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live OneCare safety scanner Windows Live OneCare safety scanner Windows Live Photo Gallery Windows Live Toolbar Windows Live Writer Windows Mobile Device Center Windows Mobile Device Center Driver Update Windows Mobile Feb. 2008 DST Updates XPS MiniView Gadget Yahoo! Toolbar
mbam-log (after removal of those 2 stubborn files -- again):
Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 6.0.6002 Service Pack 2
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05:05 PM, on 9/10/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal
Yes, I'm now haunted by this seemingly imploding problem, now effecting two of my computers (Desktop & Laptop)!
You are still getting ads for Virus Doctor?
Run DiskCleanup in each user's profile.
1. Open Disk Cleanup by clicking the Start button Picture of the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Cleanup.
2. In the Disk Cleanup Options dialog box, choose whether you want to clean up your own files only or all of the files on the computer. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you want to clean up, and then click OK.
4. Click the Disk Cleanup tab.
* Please make sure only the following are checked:
-- Downloaded Program Files
-- Temporary Internet Files
-- Recycle Bin
-- Temporary Files
5. When you finish selecting the files you want to delete, click OK, and then click Delete files to confirm the operation. Disk Cleanup proceeds to remove all unnecessary files from your computer.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.
Scroll down to where it says Java SE Runtime Environment (JRE) 6 Update 16 .
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each of the Java versions. Close Add/Remove.
* In Windows Explorer, navigate to C:\Program Files\Java =this folder. Delete any subfolders. * Do NOT delete C:\Program Files\ JavaVM =this folder, if found!
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.
Following that, please go offline. Disable McAfee.
If that does not work, please uninstall McAfee. (If you have the CD's, or use McAfee Support, you can re-install it once we have verified that the computer is clean.)
Please open McAfee Security Centre
Under Common Tasks click on Home
Click Computer Files
Click Configure
Make sure the following are disabled by ticking the "Off" button.
Virus protection Spyware protection System Guards Protection Script Scanning Protection (you may have to scroll down to see it)
Next, select never for "When to re-enable real time scanning"
You were answering while I was writing -- again. I briefly scanned thru your response and I understand most of what you wrote so I should be okay working through it. Thank you so much for the wealth of information. Will post when I get back Fri pm or, maybe, Sat. am - don't know when I'll be back. Just wanted to thank you for so quickly & thoroughly responding. Will keep following your advice and plugging away. Take care & thanks again.
You are most welcome. I'll check back here later to see how you are doing. If you are having a problem with both computers, we will handle one, and when that thread is finished, you can post the issues with the second computer in a new topic. That way, the researchers who use these topics won't get confused by our trying to clean two computers in one topic.
Hi, Bugbatter, nice post (above) - I like the graphics. My patience is about expired -- I have spent over a week on this and I think I'm making matters worse.
I'm not getting Virus Doctor ads anymore. I had only gotten that first one but it scared me enough to check into any malware or viruses that may have loaded (I believed the "hoax" was true). Good thing, too, since I do have something on both of my computers and they don't want to get lost! I thought I finally got rid of those 2 files on my Desktop after I uninstalled Spysweeper but, if you can believe it, after hours at this yesterday -- and then, again, all day today, I ran another MBAM and they are back!!! There's another (but different) BHO (no name) [O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)] on my HijackThis log, too, so I'm attaching the log again below. Yet, I don't know if you want to waste your time on this yet because I haven't been able to follow all of your suggestions in your last post.
I ran Disk Cleanup - went fine. Haven't gotten any farther than that part, thou.
Java's giving me some grief only because I can't find the program to uninstall it -- well, I found it but not in an "uninstallable" form. I can only find the update files in Control Panel, Programs, Install/Uninstall Programs. There are only two Java files in my Control Panel - Install/Uninstall programs: Java (TM) 6 Update 5 (old), and Java TM 6 Update 15 (brand new). However, the file you asked me to download with the most current Java SE Runtime Environment looks like it may have an update 16. Your new download is sitting on my desktop waiting to get downloaded after I can figure out how to uninstall mine.
Having said all that, I found a menu in Control Panel, Programs, call Java, so I checked it out and it looks like I'm running a very current version -- just not the one you asked me to download - I don't think. I'm running Java 6 SE Runtime Environment with Update 15 (build 1.6.0_15-b03). It just updated today sometime.
I found my Java program file through Windows browsing. The program location is in C:\Windows\System32\Java [the Application file]. I don't know how or if you can uninstall programs from there and I didn't even want to try.
I would follow your advice and get rid of the old Java program with the old updates but I can't figure out how to uninstall the program correctly.
So, I didn't even get to the McAfee part, yet, but I'm unconcerned about it since I recently downloaded my licensed program and have it on my hard drive so I can uninstall and reinstall, if necessary. Unfortunately, even when you do it that way, you still have to allow the program to go online to verify your subscription. Lovely, I'll be a walking virus and malware PC, or two, soon!
My brain is about the explode so please go easy on me! Thanks!
BTW, how can I permit Malwarebytes to load with my program startups to stop this Windows warning from yelling at me everytime I startup my PC? I tried a couple different ways (Windows Defender being the 1st), but it won't allow me to enable permissions). Is this built into the new versiou of Malwarebytes Anti-Malware program released yesterday? Thanks, yes, I do ask a lot of questions :-)
Below are the latest logs from MBAM and HijackThis:
Malwarebytes' Anti-Malware 1.41 Database version: 2782 Windows 6.0.6002 Service Pack 2
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:05:33 PM, on 9/11/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal
You are saying that you cannot uninstall these using the Add/Remove programs? Java (TM) 6 Update 5 (old), and Java TM 6 Update 1. That is unusual. They are listed in Add/Remove, so you should be able to remove them that way.
Malwarebytes does not run at Startup unless you are using the paid version.
This is MBAM's showing you that it is correcting errors.The follow-up shows that these were corrected. This has been confusing for many people. If you allow MBAM to delete, it won't actually delete, but will return the keys to the way MS had them originally). Clicking "Remove Selected" removes (on re-boot) the "bad" and replaces it with the "good" therefore "fixing" it. Thus, MBAM doesn't actually "remove" or "quarantine" anything, it merely fixes a registry problem. Also, nothing will show up in the quarantine, the fix will only show up in your MBAM log files.
Please run HijackThis and place a checkmark next to these: R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) Close all other windows and click "Fix checked". Close HijackThis and reboot.
1. At the main page. Press on " Accept". After reading the contents. 2. At the next window Select Update. Allow the Database to update. Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run. 3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete. 4. Select Scan Report. 5. If any threats were found they will appear in the report 6. Select "Save error report as" Then in the file name just type in kaspersky Under "save as type" select text .txt Save it to your Desktop.
Please enable McAfee afterwards.
Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well. Also please post a fresh HijackThis log in your next reply.
Hi, Bugbatter. Another 24 hours working on this BIG BUG and I'm back, but not with great news, sorry to report.
I ran Hijack This and "Fix checked" the files you asked me to fix. = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
I got rid of the old Java files and loaded the new one you linked for me that came with the Update. That went well.
I disabled McAfee (but later even went further and uninstalled and reinstalled in case it saved anything I don't want on my PC).
I ran Kaspersky and, happy to report, No Viruses Found so the report was blank.
Uninstalled MBAM and HijackThis & reinstalled them again (just in case).
Cleaned Disk - again.
Ran MBAM and Hijack This. Clean.
BUT, I have been highly suspicious of that Dell PC Tuneup program since I think it's reloading those bad files back on my PC during “automatic maintenance” and, as luck would have it, right after I cleaned up my PC again, Dell PC Tuneup reported that there were "2 security vulnerabilities" on my PC and they wanted to fix them. I was going to say "Heck, NO!" but figured I would see if this was, indeed, the problem because this is getting outta hand.So I let it "fix" them (don't know how they do it, thou, maybe they dial back my registry?). Sure enough, I then ran MBAM again, and those 2 bad files were back again. UGH!So, I think PC Tuneup is reloading those bad files back on this PC - as well as my laptop & we're running in circles, regretably. Yet, I can't figure out how to disable that program – yet.I disabled all the automated tasks but they run anyway. I supposed I'll have to call Dell Customer Support. So much for a paid-subscription for an easy and "comprehensive" PC cleaner-upper, for which I thought I was much cleaner and safer.
BTW, I have followed all of your advice including to "Remove Selected" (I don't hit "Delete") in MBAM. Yet, I have noticed that those bad files identified do appear in the Quarantine folder, anyway, just FYI. Plus, it's Windows Defender that's blocking Malwarebytes Anti-Malware from loading on startup. I never had that occur before MBAM upgraded on 9/10/09 but, when I reinstalled its software this time, I took it directly from their website (vs. the links) so maybe they put in an auto-startup on the free software now? I didn't buy the license - yet.
At this point, I'm at a loss of what to do. I dread that phone call to Dell Customer Service to see how I can get rid of this Dell PC Tuneup, plus I thought it had some very useful options to use. However, I do believe that is what is causing these problems to recur.
Here are the last 2 MBAM & HijackThis logs with the reoccurrence of those 2 bugs that were fixed.Please let me know if you see anything else that I need to “fix” through HijackThis.Thank you so much!
On a final point, I'm going to post a MBAM & HijackThis log about my laptop on a separate post, as you suggested. I can't believe what MBAM "fixed" on it today - wait until you see it! Otherwise, everything that we’ve discussed in this post is identical to what’s happened on my Laptop and I’ve also applied all your advice to that PC, too.
Thanks again.
Malwarebytes' Anti-Malware 1.41 Database version: 2785 Windows 6.0.6002 Service Pack 2
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:31:31 PM, on 9/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal
As I explained earlier, they are not "bad" files.The notification simply means that something has changed your registry. If Dell's product makes those changes, it is not malware.
I do not see anything troubling in your HijackThis log. If you told me that you had the paid version of MBAM I missed it.
I dread that phone call to Dell Customer Service to see how I can get rid of this Dell PC Tuneup
Rather than contact Dell. I would first post at MBAM's forum and discuss this with them to get their opinion.
NOTE: The issue has been resolved, so this thread is now closed. Everyone else who is having a similar issue, please begin a New Message at the top of the forum.
I stand corrected: I should not be calling registry changes "bad" files.
You did not miss anything. I do not have a paid version of MBAM -- not at this time. Perhaps it's unique to me that my free version of MBAM wants to be included in my startup items.
Thanks for taking another look at my HijackThis log and I'm glad you don't see anything else in there that needs to come out.
As it turns out, Dell's product did not put those 2 registry changes back on my PC, so I don't know if it is malware, or not. I had already spoken with Dell before I saw your reply to me and I got lucky to reach a very talented techie so my "dread" was misplaced.
It's not Dell, and it's not Malwarebytes' Anti-Malware. Apparently, those 2 registry files cannot be fixed and that's why (1) Dell PC Tuneup keeps picking them up and trying to fix them (without success) over and over again, and (2) Malwarebytes keeps picking them up and trying to fix them (but they're also not fixing them). Yet, both programs report they have fixed the "security vulnerabilities" (Dell's product), or "Quarantined and deleted successfully" (Malwarebytes' Anti-Malware).
The good news is that I was assured that those 2 registry errors are not "bad." This Dell tech (wish I got his name) tracked them all the way into the system while I watched. They can't be inactivated, changed, or deleted (he tried all 3) and, since they're part of Windows OS, they shouldn't be set on fire (joking). Plus, they were empty. So, they are not "bad" (according to him, who I am inclined to believe, and he was quite familiar with Malwarebytes Anti-Malware, BTW). Yet, those 2 files will continue to get flagged by Dell PC Tuneup, or they'll get flagged if I run MBAM and, after 10 days (or so), I'm intent to ignore those two and get on with my life. I have so much "other" work to do since I've done nothing but work on trying to get these 2 registry changes fixed all this time - I'm not as fast as you and, clearly, I am clueless about these matters! But, I did learn a couple of things from you!
Thank you so much for your patience, help, very prompt responses -- and your good spirits, too. I'm glad you showed me how to run those MBAM scans in case something comes up in the future that may be more serious, and I may even run it from time to time to check to see if anything nasty sneaks into my computer or if my registry changes again. I'm also relieved that none of my MBAM scans showed that either of my PCs were infected with a ton of malware and spyware all over the place (like that pic of the MBAM results' screen that was shown at http://www.bleepingcomputer.com/virus-removal/remove-virus-doctor where you first sent me on this journey. I'm also very thankful that you helped me remove those files from those HijackThis logs (even though I really don't know what they meant!), and for helping me update my Java, which should also help to get rid of other security vulnerabilities.
As far as posting to MBAM's forum, I'll try to do that tomorrow or Monday, since you suggested it. At this point, though, I think I'm satisfied that I'm in the clear (for now) and I can begin to use my computer for real work, much of which is way behind and I must get to it.
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 10th, 2009 17:00
Are you still having problems with Virus Doctor?
SpySweeper will prevent registry entries from being removed. At what point did you install SpySweeper? That may be the problem.
I would suggest removing SpySweeper (Re-install later if you stay clean.)
After removing SpySweeper, update MBAM. There is a new version today. Run a scan.
Please run HijackThis and place a checkmark next to this following:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Close all other windows and click "Fix Checked". Close HijackThis.
Reboot.
Open HijackThis and click on the "Open the Misc Tools section" button.
Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Select a place to save it. The list should open in notepad.
Please copy and paste that list here along with your new MBAM log along with a new HijackThis log.
GottaProblem
13 Posts
0
September 10th, 2009 22:00
Hi Bugbatter, this is related to my Posts above about my Desktop BUT it concerns my Laptop this time. I hope you can tie these together for me so you can help me fix my Laptop, too. While following your advice with my Desktop, I discovered that my Dell Laptop has the identical problems (well, nearly-identical, I think). The problem is that my Laptop was not infected by that Virus Doctor, so I may have "caught" something somewhere else, maybe when I was downloading the same program to both PCs? I keep them nearly identical.
I applied all of your advice for my Desktop to my Laptop and the MBAM logs are absolutely identical -- same 2 files are infected. I will attach logs below, and add "Laptop" so as to not confuse matters (too much more!)
Although I did run HijackThis, I did not find anything even closely resembling that file you asked me to check and "Fix Checked" on my Desktop (O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)). I will attach a HijackThis log for my laptop below, too.
I even Re-Ran HijackThis to get an "uninstall" list of programs and Saved it so you can see what programs I'm running on the Laptop (different -- shorter!)
I'm also getting an error message when I open IE 7: “Internet Explorer – Search Provider Default: A program on your computer has corrupted your default search provider setting for Internet Explorer. Internet Explorer has reset this setting to your original search provider, Google (www.google.com). Internet Explorer will now open Search Settings, where you can change this setting or install more search providers.”
I can’t seem to fix it or get around it. Maybe it’s due to that malware? I don’t know. Both PCs have gotten a lot slower but I’m still cleaning them up several times a day now.
Could you kindly take a look at the MBAM, HijackThis, and Uninstall_List logs for my Laptop and tell me if you see the malware that I can't seem to get (or keep) removed from my Laptop? If you have any ideas about that IE error message, that would be great but don't knock yourself out on it. I'm more concerned with the Malware. I may be able to find someone else who specializes in IE issues and take that problem to them instead of wasting your time on it.
Also, that link you gave me last week from McAfee concerning stopping Windows Defender doesn't work -- Win Defender keeps loading. I had to stop it through System Configuration in Windows even though I'm not too happy I can't run it anymore.
Finally, did you know that the updated MBAM program tries to automatically load? WIndows stops it. FYI. Here are the logs for my Laptop. Any (more) help you could offer would be greatly appreciated! Have a great day tomorrow!
Mbam log from Laptop:
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6002 Service Pack 2
9/10/2009 10:48:53 PM
mbam-log-2009-09-10 (22-48-53).txt
Scan type: Quick Scan
Objects scanned: 81505
Time elapsed: 3 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
* * * * * * * *
HijackThis log from Laptop:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:15 PM, on 9/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Dell\PC TuneUp\IoloSGCtrl.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\System32\rpcnet.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM04Mon.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Dell\PC TuneUp\SystemGuardAlerter.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [OEM04Mon.exe] "C:\Windows\OEM04Mon.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] "C:\Windows\UpdReg.EXE"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell PC TuneUp Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\Windows\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Windows Mobile Device Center] "C:\Windows\WindowsMobile\wmdc.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\Dell\PC TuneUp\IoloSGCtrl.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 15373 bytes
* * * * * * * * *
Hijackthis uninstall_list from Laptop:
32 Bit HP CIO Components Installer
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Advanced Audio FX Engine
Advanced Video FX Engine
AnswerWorks 5.0 English Runtime
Apple Software Update
Broadcom Management Programs
CDDRV_Installer
Complete Care Consumer Service Agreement
Creative MediaSource 5
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell PC TuneUp
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
EDocs
Fingerprint Reader Suite 5.6
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Print Diagnostic Utility
HP Solution Center 8.0
HP Update
Intel(R) PROSet/Wireless Software
Java(TM) 6 Update 5
KhalSetup
Laptop Integrated Webcam Driver (1.03.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Virtual Technician
mCore
MediaDirect
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mMHouse
mPfMgr
MSN Money Investment Toolbox
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
mWMI
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OutlookAddinSetup
QualXServ Service Agreement
Quicken 2009
Quicken Home Inventory Manager
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
SetPoint
Sound Blaster Audigy ADVANCED MB
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb973514)
Virtual Account Numbers
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Live Mail
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile Feb. 2008 DST Updates
Thanks again,
Take care
GottaProblem
13 Posts
0
September 10th, 2009 22:00
Yes, I'm now haunted by this seemingly imploding problem, now effecting two of my computers (Desktop & Laptop)! You are so nice to get back to me and so quickly, too, as I (on the other hand) miserably crawl my way through this unfamiliar territory. I'm now working on 2 computers at once.
Computer No. 1 (Desktop):
I did what you asked &, so far, it went without a glitch. Still need to see if the files will reappear, though. I will keep checking back.
Here it is: I uninstalled SpySweeper (Do you remember? I also stopped Windows Defender on account of the McAfee conflicts? Why do I suddenly feel so vulnerable?) I updated MBAB (but had to uninstall to reinstall the updated version for some reason, FYI). I ran HiJackThis & found your BHO file, Fix-Checked it, etc.
Here are the logs (all from my Desktop, BTW. Next post is about my Laptop -- JOY!!! (if you still have a sense of wonder, if not some humor, by then):
I'm off in the morning & won't be back until evening so may not respond until late, if you are able to get back to me on this before then, just so you know.
uninstall_list (from HijackThis):
32 Bit HP CIO Components Installer
32 bit Windows Card Reader Driver
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.2
Advanced Audio FX Engine
Advanced Video FX Engine
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
Ask.com Toolbar
ATI Catalyst Control Center
Bonjour
Catalyst Control Center - Branding
CDDRV_Installer
Choice Guard
Complete Care Consumer Service Agreement
Creative MediaSource 5
Dell DataSafe Online
Dell Getting Started Guide
Dell PC TuneUp
Dell Support Center (Support Software)
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Dell Xcelerator(TM) for Portable Devices
DirectXInstallService
EDocs
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hauppauge MCE XP/Vista Software Encoder (2.0.25296)
Hauppauge TV Tuner Driver
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Driver Diagnostics
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Print Diagnostic Utility
HP Solution Center 8.0
HP Update
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections 12.1.12.4
Intel(R) PRO Network Connections 12.1.12.4
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Junk Mail filter update
KhalSetup
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Recent Documents Gadget
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
MSN Money Investment Toolbox
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Music, Photos & Videos Launcher
OGA Notifier 2.0.0048.0
PowerDVD
Product Documentation Launcher
QualXServ Service Agreement
Quicken 2009
Quicken Home Inventory Manager
QuickTime
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
SetPoint
Sound Blaster Audigy ADVANCED MB
Spelling Dictionaries Support For Adobe Reader 9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb973514)
Virtual Account Numbers
WD Diagnostics
WIDCOMM Bluetooth Software 6.0.1.4300
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Toolbar
Windows Live Writer
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile Feb. 2008 DST Updates
XPS MiniView Gadget
Yahoo! Toolbar
mbam-log (after removal of those 2 stubborn files -- again):
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6002 Service Pack 2
9/10/2009 10:33:06 PM
mbam-log-2009-09-10 (22-33-06).txt
Scan type: Quick Scan
Objects scanned: 90210
Time elapsed: 4 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
* * * * * * * * * * * * * * *
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:05 PM, on 9/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Windows\system32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Dell\PC TuneUp\IoloSGCtrl.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\system32\msiexec.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Dell\Xcelerator\bin\ehLumaQuarkD.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\Windows Mail\WindowsMailGadget.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] "C:\Windows\system32\rundll32.exe" HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [OEM05Mon.exe] "C:\Windows\OEM05Mon.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] "C:\Windows\UpdReg.EXE"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Dell PC TuneUp Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\Windows\KHALMNPR.EXE"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] "%windir%\WindowsMobile\wmdc.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SetPoint.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239330694884&h=8e2daa80bff45f3c95c4f380eb9ff825/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5724/mcfscan.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\Dell\PC TuneUp\IoloSGCtrl.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 17012 bytes
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 10th, 2009 22:00
You are still getting ads for Virus Doctor?
Run DiskCleanup in each user's profile.
1. Open Disk Cleanup by clicking the Start button Picture of the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Cleanup.
2. In the Disk Cleanup Options dialog box, choose whether you want to clean up your own files only or all of the files on the computer. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you want to clean up, and then click OK.
4. Click the Disk Cleanup tab.
* Please make sure only the following are checked:
-- Downloaded Program Files
-- Temporary Internet Files
-- Recycle Bin
-- Temporary Files
5. When you finish selecting the files you want to delete, click OK, and then click Delete files to confirm the operation. Disk Cleanup proceeds to remove all unnecessary files from your computer.
http://windowshelp.microsoft.com/Windows/en-US/Help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.
Close Add/Remove.
* In Windows Explorer, navigate to C:\Program Files\Java =this folder. Delete any subfolders.
* Do NOT delete C:\Program Files\ JavaVM =this folder, if found!
Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.
Following that, please go offline. Disable McAfee.
If that does not work, please uninstall McAfee. (If you have the CD's, or use McAfee Support, you can re-install it once we have verified that the computer is clean.)
Spyware protection
System Guards Protection
Script Scanning Protection (you may have to scroll down to see it)
Further info on disabling and re-enabling McAfee: http://help.aol.com/help/microsites/microsite.do?cmd=displayKCPopup&docType=kc&externalID=222820
Run a scan with HijackThis and place a checkmark by this entry:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Close all other windows and click "Fix Checked". Close Hijackthis.
Reboot.
Enable McAfee. Go back online.
Update MBAM and run a new scan. Please post that log with a new HijackThis log.
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 10th, 2009 22:00
Duplicate post deleted.
GottaProblem
13 Posts
0
September 10th, 2009 23:00
You were answering while I was writing -- again. I briefly scanned thru your response and I understand most of what you wrote so I should be okay working through it. Thank you so much for the wealth of information. Will post when I get back Fri pm or, maybe, Sat. am - don't know when I'll be back. Just wanted to thank you for so quickly & thoroughly responding. Will keep following your advice and plugging away. Take care & thanks again.
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 11th, 2009 10:00
You are most welcome. I'll check back here later to see how you are doing. If you are having a problem with both computers, we will handle one, and when that thread is finished, you can post the issues with the second computer in a new topic. That way, the researchers who use these topics won't get confused by our trying to clean two computers in one topic.
GottaProblem
13 Posts
0
September 11th, 2009 15:00
Hi, Bugbatter, nice post (above) - I like the graphics. My patience is about expired -- I have spent over a week on this and I think I'm making matters worse.
I'm not getting Virus Doctor ads anymore. I had only gotten that first one but it scared me enough to check into any malware or viruses that may have loaded (I believed the "hoax" was true). Good thing, too, since I do have something on both of my computers and they don't want to get lost! I thought I finally got rid of those 2 files on my Desktop after I uninstalled Spysweeper but, if you can believe it, after hours at this yesterday -- and then, again, all day today, I ran another MBAM and they are back!!! There's another (but different) BHO (no name) [O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)] on my HijackThis log, too, so I'm attaching the log again below. Yet, I don't know if you want to waste your time on this yet because I haven't been able to follow all of your suggestions in your last post.
I ran Disk Cleanup - went fine. Haven't gotten any farther than that part, thou.
Java's giving me some grief only because I can't find the program to uninstall it -- well, I found it but not in an "uninstallable" form. I can only find the update files in Control Panel, Programs, Install/Uninstall Programs. There are only two Java files in my Control Panel - Install/Uninstall programs: Java (TM) 6 Update 5 (old), and Java TM 6 Update 15 (brand new). However, the file you asked me to download with the most current Java SE Runtime Environment looks like it may have an update 16. Your new download is sitting on my desktop waiting to get downloaded after I can figure out how to uninstall mine.
Having said all that, I found a menu in Control Panel, Programs, call Java, so I checked it out and it looks like I'm running a very current version -- just not the one you asked me to download - I don't think. I'm running Java 6 SE Runtime Environment with Update 15 (build 1.6.0_15-b03). It just updated today sometime.
I found my Java program file through Windows browsing. The program location is in C:\Windows\System32\Java [the Application file]. I don't know how or if you can uninstall programs from there and I didn't even want to try.
In C:\Program Files, I found
Folder name: Java
2 Subdirectories: Jre1.6.0_05 (dated 9/26/08); and Jre6 (dated 9/11/09 - today).
I would follow your advice and get rid of the old Java program with the old updates but I can't figure out how to uninstall the program correctly.
So, I didn't even get to the McAfee part, yet, but I'm unconcerned about it since I recently downloaded my licensed program and have it on my hard drive so I can uninstall and reinstall, if necessary. Unfortunately, even when you do it that way, you still have to allow the program to go online to verify your subscription. Lovely, I'll be a walking virus and malware PC, or two, soon!
My brain is about the explode so please go easy on me! Thanks!
BTW, how can I permit Malwarebytes to load with my program startups to stop this Windows warning from yelling at me everytime I startup my PC? I tried a couple different ways (Windows Defender being the 1st), but it won't allow me to enable permissions). Is this built into the new versiou of Malwarebytes Anti-Malware program released yesterday? Thanks, yes, I do ask a lot of questions :-)
Below are the latest logs from MBAM and HijackThis:
Malwarebytes' Anti-Malware 1.41
Database version: 2782
Windows 6.0.6002 Service Pack 2
9/11/2009 4:45:31 PM
mbam-log-2009-09-11 (16-45-31).txt
Scan type: Quick Scan
Objects scanned: 90160
Time elapsed: 4 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
HijackThis - 9/11/09
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:33 PM, on 9/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Dell\Xcelerator\bin\ehLumaQuarkD.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\Windows Mail\WindowsMailGadget.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] "C:\Windows\system32\rundll32.exe" HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [OEM05Mon.exe] "C:\Windows\OEM05Mon.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] "C:\Windows\UpdReg.EXE"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Dell PC TuneUp Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\Windows\KHALMNPR.EXE"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] "%windir%\WindowsMobile\wmdc.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SetPoint.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5724/mcfscan.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\Dell\PC TuneUp\IoloSGCtrl.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 12946 bytes
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 11th, 2009 16:00
You are saying that you cannot uninstall these using the Add/Remove programs? Java (TM) 6 Update 5 (old), and Java TM 6 Update 1. That is unusual. They are listed in Add/Remove, so you should be able to remove them that way.
Malwarebytes does not run at Startup unless you are using the paid version.
Regarding these:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
This is MBAM's showing you that it is correcting errors.The follow-up shows that these were corrected. This has been confusing for many people.
If you allow MBAM to delete, it won't actually delete, but will return the keys to the way MS had them originally).
Clicking "Remove Selected" removes (on re-boot) the "bad" and replaces it with the "good" therefore "fixing" it.
Thus, MBAM doesn't actually "remove" or "quarantine" anything, it merely fixes a registry problem.
Also, nothing will show up in the quarantine, the fix will only show up in your MBAM log files.
Please run HijackThis and place a checkmark next to these:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
Close all other windows and click "Fix checked". Close HijackThis and reboot.
Run an online virus scan by Kaspersky from HERE.
2. At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Please enable McAfee afterwards.
Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well. Also please post a fresh HijackThis log in your next reply.
GottaProblem
13 Posts
0
September 12th, 2009 14:00
Hi, Bugbatter. Another 24 hours working on this BIG BUG and I'm back, but not with great news, sorry to report.
I ran Hijack This and "Fix checked" the files you asked me to fix. = R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
I got rid of the old Java files and loaded the new one you linked for me that came with the Update. That went well.
I disabled McAfee (but later even went further and uninstalled and reinstalled in case it saved anything I don't want on my PC).
I ran Kaspersky and, happy to report, No Viruses Found so the report was blank.
Uninstalled MBAM and HijackThis & reinstalled them again (just in case).
Cleaned Disk - again.
Ran MBAM and Hijack This. Clean.
BUT, I have been highly suspicious of that Dell PC Tuneup program since I think it's reloading those bad files back on my PC during “automatic maintenance” and, as luck would have it, right after I cleaned up my PC again, Dell PC Tuneup reported that there were "2 security vulnerabilities" on my PC and they wanted to fix them. I was going to say "Heck, NO!" but figured I would see if this was, indeed, the problem because this is getting outta hand. So I let it "fix" them (don't know how they do it, thou, maybe they dial back my registry?). Sure enough, I then ran MBAM again, and those 2 bad files were back again. UGH! So, I think PC Tuneup is reloading those bad files back on this PC - as well as my laptop & we're running in circles, regretably. Yet, I can't figure out how to disable that program – yet. I disabled all the automated tasks but they run anyway. I supposed I'll have to call Dell Customer Support. So much for a paid-subscription for an easy and "comprehensive" PC cleaner-upper, for which I thought I was much cleaner and safer.
BTW, I have followed all of your advice including to "Remove Selected" (I don't hit "Delete") in MBAM. Yet, I have noticed that those bad files identified do appear in the Quarantine folder, anyway, just FYI. Plus, it's Windows Defender that's blocking Malwarebytes Anti-Malware from loading on startup. I never had that occur before MBAM upgraded on 9/10/09 but, when I reinstalled its software this time, I took it directly from their website (vs. the links) so maybe they put in an auto-startup on the free software now? I didn't buy the license - yet.
At this point, I'm at a loss of what to do. I dread that phone call to Dell Customer Service to see how I can get rid of this Dell PC Tuneup, plus I thought it had some very useful options to use. However, I do believe that is what is causing these problems to recur.
Here are the last 2 MBAM & HijackThis logs with the reoccurrence of those 2 bugs that were fixed. Please let me know if you see anything else that I need to “fix” through HijackThis. Thank you so much!
On a final point, I'm going to post a MBAM & HijackThis log about my laptop on a separate post, as you suggested. I can't believe what MBAM "fixed" on it today - wait until you see it! Otherwise, everything that we’ve discussed in this post is identical to what’s happened on my Laptop and I’ve also applied all your advice to that PC, too.
Thanks again.
Malwarebytes' Anti-Malware 1.41
Database version: 2785
Windows 6.0.6002 Service Pack 2
9/12/2009 3:49:57 PM
mbam-log-2009-09-12 (15-49-57).txt
Scan type: Quick Scan
Objects scanned: 89994
Time elapsed: 3 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
***********
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:31 PM, on 9/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\Windows Mail\WindowsMailGadget.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell\Xcelerator\bin\ehLumaQuarkD.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] "C:\Windows\system32\rundll32.exe" HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [OEM05Mon.exe] "C:\Windows\OEM05Mon.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] "C:\Windows\UpdReg.EXE"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Dell PC TuneUp Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\Windows\KHALMNPR.EXE"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] "%windir%\WindowsMobile\wmdc.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SetPoint.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5724/mcfscan.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 12591 bytes
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 12th, 2009 15:00
Quote:
"those 2 bad files were back again"
As I explained earlier, they are not "bad" files.The notification simply means that something has changed your registry. If Dell's product makes those changes, it is not malware.
Rather than contact Dell. I would first post at MBAM's forum and discuss this with them to get their opinion.I do not see anything troubling in your HijackThis log. If you told me that you had the paid version of MBAM I missed it.
http://www.malwarebytes.org/forums/
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 12th, 2009 18:00
You're welcome.
NOTE: The issue has been resolved, so this thread is now closed.
Everyone else who is having a similar issue, please begin a New Message at the top of the forum.
GottaProblem
13 Posts
0
September 12th, 2009 18:00
I stand corrected: I should not be calling registry changes "bad" files.
You did not miss anything. I do not have a paid version of MBAM -- not at this time. Perhaps it's unique to me that my free version of MBAM wants to be included in my startup items.
Thanks for taking another look at my HijackThis log and I'm glad you don't see anything else in there that needs to come out.
As it turns out, Dell's product did not put those 2 registry changes back on my PC, so I don't know if it is malware, or not. I had already spoken with Dell before I saw your reply to me and I got lucky to reach a very talented techie so my "dread" was misplaced.
It's not Dell, and it's not Malwarebytes' Anti-Malware. Apparently, those 2 registry files cannot be fixed and that's why (1) Dell PC Tuneup keeps picking them up and trying to fix them (without success) over and over again, and (2) Malwarebytes keeps picking them up and trying to fix them (but they're also not fixing them). Yet, both programs report they have fixed the "security vulnerabilities" (Dell's product), or "Quarantined and deleted successfully" (Malwarebytes' Anti-Malware).
The good news is that I was assured that those 2 registry errors are not "bad." This Dell tech (wish I got his name) tracked them all the way into the system while I watched. They can't be inactivated, changed, or deleted (he tried all 3) and, since they're part of Windows OS, they shouldn't be set on fire (joking). Plus, they were empty. So, they are not "bad" (according to him, who I am inclined to believe, and he was quite familiar with Malwarebytes Anti-Malware, BTW). Yet, those 2 files will continue to get flagged by Dell PC Tuneup, or they'll get flagged if I run MBAM and, after 10 days (or so), I'm intent to ignore those two and get on with my life. I have so much "other" work to do since I've done nothing but work on trying to get these 2 registry changes fixed all this time - I'm not as fast as you and, clearly, I am clueless about these matters! But, I did learn a couple of things from you!
Thank you so much for your patience, help, very prompt responses -- and your good spirits, too. I'm glad you showed me how to run those MBAM scans in case something comes up in the future that may be more serious, and I may even run it from time to time to check to see if anything nasty sneaks into my computer or if my registry changes again. I'm also relieved that none of my MBAM scans showed that either of my PCs were infected with a ton of malware and spyware all over the place (like that pic of the MBAM results' screen that was shown at http://www.bleepingcomputer.com/virus-removal/remove-virus-doctor where you first sent me on this journey. I'm also very thankful that you helped me remove those files from those HijackThis logs (even though I really don't know what they meant!), and for helping me update my Java, which should also help to get rid of other security vulnerabilities.
As far as posting to MBAM's forum, I'll try to do that tomorrow or Monday, since you suggested it. At this point, though, I think I'm satisfied that I'm in the clear (for now) and I can begin to use my computer for real work, much of which is way behind and I must get to it.
Take care and thanks again.