i started getting this fake alert. from my brief research, it seems to be a trojan. i ran a full McAfee virus scan and it said it found a trojan and quarantined it but it still pops up. i tried using spy doctor as well as adaware but the trojan seems to block the programs from opening up.

i need help removing this thing.


thanks in advance

Recommended Answers

All 15 Replies

i need help removing this thing.

See if you are able to do this:

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.
What I want you to do, though, is this:
When you download it and it asks you to "Save File As," rename mbam-setup.exe to iexplore.exe and then download it to your Desktop as that.

  • DoubleClick iexplore.exe and follow the prompts to install MBA-M.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.


See if that will work - if it fails, we'll go in a different direction.

PP:)

See if you are able to do this:

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.
What I want you to do, though, is this:
When you download it and it asks you to "Save File As," rename mbam-setup.exe to iexplore.exe and then download it to your Desktop as that.

  • DoubleClick iexplore.exe and follow the prompts to install MBA-M.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.


See if that will work - if it fails, we'll go in a different direction.

PP:)

it seemed to work. i did everything you said above and restarted it. the popups don't pop up anymore. the only thing that had me confused was right before i accepted "Remove Selected", i got a message that said doing so will change my registry. i also got a popup message from McAfee that the registry settings have been changed. i'm assuming this is due to the fact that the trojan was removed and the registry settings were restored. is that correct?

let me know if i'm good to go.

thanks

Correct malicious software such as trojans alter the systems registry which is why they're so effective in messing up your computer. If all the issues have been fixed then you should be clear. One thing I have to recommend is loosing mcAfee, there is a reason why they are one of the cheaper name brand AV and they are partnered with companies (such as Comcast). mcAfee virus scanner is less than par and the firewall is completely unreliable. To avoid this issue in the futur I recommend finding a new internet security software. I had to remove a registry trojan simular to yours and I found Comodo - internet security it is a free version but works well, any attempt made to access your system will show you an allert which gives you control over any changes made to your computer.

i'm assuming this is due to the fact that the trojan was removed and the registry settings were restored. is that correct?
let me know if i'm good to go.

Probably - I'd need to see the MBAM log , though.
Generally, I would prefer to run a few other tools before I could make an accurate assessment.

PP :)

Does this post already resolved. I never saw an mbam logs. Anyway just want to share some information and additional removal procedure from this site.
<SNIP>

Does this post already resolved. I never saw an mbam logs. Anyway just want to share some information and additional removal procedure from this site.

The site noted in post by midnightsin is not reliable, please don't use that stranoblaze just follow the directions given by PhilliePhan.

Probably - I'd need to see the MBAM log , though.
Generally, I would prefer to run a few other tools before I could make an accurate assessment.

PP :)

ok..so do you want me to post the mbam log to this thread?

Yes

Probably - I'd need to see the MBAM log , though.
Generally, I would prefer to run a few other tools before I could make an accurate assessment.

PP :)

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.41
Database version: 3159
Windows 5.1.2600 Service Pack 3

11/13/2009 6:41:17 AM
mbam-log-2009-11-13 (06-41-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 205843
Time elapsed: 2 hour(s), 22 minute(s), 41 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 14
Registry Values Infected: 7
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 43

Memory Processes Infected:
C:\Documents and Settings\Charlene\Local Settings\Temp\u94m4ylf8.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\win32.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\stut32.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a45a4b15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a45a4b15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a45a4b15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002664a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009c210 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a45a4b15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\32118520 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yjafosi8kdf98winmdkmnkmfnwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ponmgmth (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\backup windows 2009 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: stut32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\32118520 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\stut32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\u94m4ylf8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\win32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Shared\lib.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\oqbkddrr.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ydlcgx.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\win16.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\1439027600.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\2307576512.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\2543503168.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\2792060576.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\3151858800.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\3242889696.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\3845946576.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\fd3f292b.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\spoolsv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\system.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\4278368368.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\_A00FB4631E8.exe.dat (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\notepad.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\o132h.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\cmd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\csrss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\drweb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\lsass.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\services.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\748775328.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temporary Internet Files\Content.IE5\4EN5A39Z\tdman[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temporary Internet Files\Content.IE5\4EN5A39Z\ccblp[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temporary Internet Files\Content.IE5\XBBSQH54\bymmdrvizn[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\habnf88jkefh87ifiks.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlene\Local Settings\Temp\pskfo83wijf89uwuhal8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Here is the MBAM log:

How are things running now?

I'd like to see a couple other scanlogs, just to be safe.

Let's do this first:
-- Download DDS by sUBs and save it to your Desktop
-- If your AV has a script blocker, please disable it
-- DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

- Copy&Paste the DDS.txt into your next post.
- Please post Attach.txt as an attachment to your post - there is no need to Zip it. If you don’t know how to post an attachment, please Copy&Paste it along with the DDS.txt scanlog.

I will check back as time permits - I'm a bit over-extended at the moment.

PP:)

How are things running now?

I'd like to see a couple other scanlogs, just to be safe.

Let's do this first:
-- Download DDS by sUBs and save it to your Desktop
-- If your AV has a script blocker, please disable it
-- DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

- Copy&Paste the DDS.txt into your next post.
- Please post Attach.txt as an attachment to your post - there is no need to Zip it. If you don’t know how to post an attachment, please Copy&Paste it along with the DDS.txt scanlog.

I will check back as time permits - I'm a bit over-extended at the moment.

PP:)

DDS.txt


DDS (Ver_09-10-26.01) - NTFSx86
Run by Charlene at 21:13:19.80 on Wed 11/18/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2030.1418 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\1XConfig.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Charlene\Desktop\dds by subs.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [<NO NAME>]
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} - hxxps://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37
Filter: text/html - {b7922673-fcae-4b7d-92fe-a5859ca3db5b} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-9 207280]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-8 210216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-13 24652]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S2 0194471258595744mcinstcleanup;McAfee Application Installer Cleanup (0194471258595744);c:\windows\temp\019447~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\019447~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

=============== Created Last 30 ================

2009-11-13 03:55:48 0 d-----w- c:\docume~1\charlene\applic~1\Malwarebytes
2009-11-13 03:55:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-13 03:55:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-13 03:55:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-13 03:55:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-11 02:30:34 206 ----a-w- c:\windows\system32\MRT.INI
2009-11-11 02:30:33 0 d-----w- c:\windows\system32\MpEngineStore
2009-11-10 04:05:30 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-11-10 04:05:25 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-11-10 04:05:13 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-11-10 03:59:59 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-10 03:59:53 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-10 03:59:52 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-10 03:59:52 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-10 03:59:42 0 d-----w- c:\program files\common files\PC Tools
2009-11-10 03:59:41 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-10 03:59:26 0 d-----w- c:\program files\Spyware Doctor
2009-11-10 03:59:26 0 d-----w- c:\docume~1\charlene\applic~1\PC Tools
2009-11-10 03:59:26 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-09 04:18:46 0 --sha-w- C:\-460919630
2009-11-08 22:23:25 12393 ----a-w- c:\windows\system32\Config.MPF
2009-11-08 22:16:21 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-08 22:16:21 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-08 22:16:20 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-08 22:16:10 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-08 22:14:45 0 d-----w- c:\program files\common files\McAfee
2009-11-08 22:14:41 0 d-----w- c:\program files\McAfee.com
2009-11-08 22:08:30 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-22 22:15:20 54156 ---ha-w- c:\windows\QTFont.qfn
2009-10-22 22:15:20 1409 ----a-w- c:\windows\QTFont.for

==================== Find3M ====================

2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-30 12:44:02 507904 ----a-r- c:\windows\system32\btwapi.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-02-13 19:57:07 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021320090214\index.dat

============= FINISH: 21:15:29.08 ===============

That looks OK.

How are things running?

A few minor things:

-- Looks like you still have remnants of Norton firewall. You should remove them.

All of these need to be uninstalled. Update them to the latest, more secure versions at their respective sites.

Ad-Aware 2007
Adobe Reader 7.0

Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 7

http://www.java.com/en/
http://www.adobe.com/products/reader/

I suggest removing these as well:
LimeWire 5.0.11
Viewpoint Manager (Remove Only)
Viewpoint Media Player

You should also enable System Restore . . . or better yet, back up your registry with ERUNT every month.

PP:)

That looks OK.

How are things running?

A few minor things:

-- Looks like you still have remnants of Norton firewall. You should remove them.

All of these need to be uninstalled. Update them to the latest, more secure versions at their respective sites.

Ad-Aware 2007
Adobe Reader 7.0

Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 7

http://www.java.com/en/
http://www.adobe.com/products/reader/

I suggest removing these as well:
LimeWire 5.0.11
Viewpoint Manager (Remove Only)
Viewpoint Media Player

You should also enable System Restore . . . or better yet, back up your registry with ERUNT every month.

PP:)

i honestly haven't used that laptop much since you said you wanted to check out a few more things. but it seems to run fine. just don't want to be logging into my hotmail or other accounts until i know it's safe.

but i'll do the other things you suggested.

i appreciate it!

how do i go about removing the Norton remnants?

You can download and run the Norton Removal Tool from HERE
Scroll through the list of tools, they are in alphabetical order. Just download, run the file and click a button to proceed with the uninstallation.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.