New to computer security & I have no clue....?

Sept9 · #1 (**permalink**) 25-03-2009, 02:00 AM

Hi, Im going to first apologize if I ask stupid questions. I am new to this & I dont want to mess my computer up. I appreciate any help. I have a new laptop( Gateway M-series, ) & I have Verizon as my provider. I also have an old laptop (Acer-Aspire series). They're both working fine but they both have been infected by Antivirus 2009. I dont know how I got it on both. I have Verizon Security Suite as my security but weird things happen. Sometimes if I click on a link all my tabs will close out & take me to my desktop. I have it set so I dont have to sign in w/ my user name & pw & e verytime I go to different sites I have to log in again. A "dropped packet" message box comes up. A script error box pops up. Some times I get a message saying they cant find my server. Its just little things that mak me think Im not protected very well. So I wanted to clean everything up on the new one & maybe install new security software but Im not sure how to do that. I think 'i did install an Ebay toolbar & now it says something is not letting me update it. & I wanted to ask a few questions that I cant seem to get a straight answer for.
1) What is a hijack my log & how do I do it & what is it for?
2)Is there a way to find out if a virus is or was ever on my computer?
3) What is everything I need for good security?(antivirus, firewall, defender,etc)
4) Can I install these separately & do I have to uninstall my security suite first?
5) I did a back up when I first got my laptop, should I just do a system restore?

Any help would be appreciated. I havent really installed anything new so whatever is on there came w/ the computer but i dont know how to run safe mode & Im not sure how to get rid of what I dont need. Here are some programs I do have, Malwarebytes, Clean It UP, CCleaner, Google, Ebay toolbars. I also have Vista & use IE 6 or 7, not sure. Thank you so much.
5)

Neal · #2 (**permalink**) 25-03-2009, 10:00 PM

Hijackthis is a tool we use to see what is possibly infecting your computer, so if you will follow these instructions below and copy/paste it back in to this thread we can take a look for you, one computer at a time tho.

Are the two computers connected together via a router?

Let's start with new laptop Gateway M-series.

Please download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:TrendSecure | Download TrendMicro HijackThis

1. Save HJTInstall.exe to your desktop.
2. Double-click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
8. Come back here to this thread and paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Have you ran Malwarebytes?

It is a good killer of Antivirus 2009.

Sept9 · #3 (**permalink**) 25-03-2009, 11:25 PM

Ok, Thank you responding. Yes we can do the Gateway. Im not too worried about the old one. & I havent ran Malwarebytes in about a month. I wanted to wait to see if I could find out what the problem was before I erased it. Both are laptops using wireless. From time to time I have to plug in the ethernet cable to the old one but never the Gateway. I think I just have a modem. I have 1 small black box plugged in to the wall & a phone jack & it has the ethernet cable attached, but its not attached to either of the laptops. I have IE7 & vista.(wasnt sure if that mattered but I didnt know initially). Oh, & when I initially tried to install "HijackThis" it went all the way to right after I accept terms & a box popped up saying something like" ...problem caused this program to stop working correctly..Windows will notify you w/ a solution". But when I closed everything out & tried it again it install w/out a problem. You have no idea how much I appreciate you responding so quickly. I want to add a printer, I want to connect my digital camera, I want to get all new security software, I want to do so much on this computer but Im afraid anything new I add will get corrupted too. Thanks again. This site will definately get my donation.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:48 PM, on 3/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Rebates, Cash Back, Discount Coupons, Online Coupons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8216 bytes

Neal · #4 (**permalink**) 27-03-2009, 05:45 PM

* Open Windows Defender
* Click Tools
* Click General Settings
* Scroll down to Real Time Protection Options
* Uncheck Turn on Real Time Protection (recommended)
* After you uncheck this, click on the Save button
* Close Windows Defender

Once your system has been deemed free from malware, you can re-enable Windows Defender's Real Time Protection.

Run hijackthis and click on "scan system only" button and put checks next to these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Please close ALL browser windows (including this one).

Everything closed out but hijackthis and click on "fix checked"

Reboot your PC.

If you are looking for new security programs then read this page:

Read This First - IMPORTANT Instructions

Sept9 · #5 (**permalink**) 30-03-2009, 04:51 AM

SORRY! Worked 2 doubles. Im doing what you said above right now. Thank you so much for your time. This is the only site that has even responded to my questions let alone with an answer that makes sense. Ill post again in a few minutes.

Sept9 · #6 (**permalink**) 30-03-2009, 07:23 AM

This is what happened:

Opened Windows Defender, unchecked Real Time Protection Options box, saved & closed.

Ran HijackThis, clicked on "system scan only", message box came up saying something like...(I wrote down exact words if you need them).
"For some reason your system has denied write access to the hosts files.. HijackThis may not be able to fix them...may have to edit files yourself... If so run notepadC:Windows\system32\drivers\etc\hosts & hit Enter. Save file as "hosts", including quotes & reboot.

When I tried to close this box another box popped up & said Windows is trying to find a solution ( I cant remember the reason it gave). It then said Windows has to shut down all programs. Everything closed & I was back to my desktop. This is exactly what had been happening before. Anyway this process happened twice. On the third try I was able to select the 3 files & I closed everything out before I clicked fix the checked boxes.

As I rebooted everything, for a split second I noticed a message bubble coming from my security sftware icon in the bottom right w/ a warning that my computer might be at risk because of something. It turned off before I could read the rest. I hope I explained this correctly. I have 2 quick questions - Is it ok to use the Gateway normally w/ the Real Time Protection box unchecked?

& Im a little confused about where to post the hijacked logs. For example, Im gonna assume you will eventually want to see another log. Do I just use the post reply button here like Ive been doing or do I have to put it in another forum? Again, I apologize if these are redundant questions for you.

If you need any more info just let me know. I'm off for 2 days so I will be readily available. Thanks for security software link too.

Sept9 · #7 (**permalink**) 31-03-2009, 12:36 AM

Hi, Im a little confused . Was I supposed to re-check the Real Time Protection Options box after I deleted those 3 files & rebooted? I dont know if this has anything to do w/ the box being unchecked but all day today my computer wouldnt stay connected to the internet. It kept saying "Page could not be displayed" whenever I opened a new tab. It did this about 5 times in an hour. Should I begin installing/uninstalling new security software? I ran another Hijack This log just to look at & I noticed the first 2 files you asked me to check were still there, but the 3rd one wasnt. I didnt do anything else. Just closed everything. Please let me know what I should do next. Thanks again

Neal · #8 (**permalink**) 01-04-2009, 06:58 PM

Yes you can probably re-enable and see if the bubble thing goes away and yes if you can post a hijackthis log back here. If you have trouble doing hijackthis try re-nameing it foolyou.exe instead of hijackthis.exe

You can change security programs now if you want, just make sure you download what you are going to use to your desktop before uninstalling the old stuff, once that is uninstalled install new programs you have chosen and run scans from that and post back what is going on now.

Thanks.