This is mostly my own fault, but solving the problem has got me beat so far.
I subscribed to a list from laughternetwork.com called freefunnyjokes.
Recently their site said "to continue getting our newsletter goto http://freefunnyjokes.info/update.php ". Going to this site said "To continue Click here" - a link to http://laughternetwork.com/installer/videos/new_videos.exe"
More fool me, I clicked on the link, and it has installed something that shows on the system tray as a smiley with a drop down list for assorted kinds of videos.
I cannot find any way of removing this. There is nothing obvious in Add/Remove Programs. I have various software programs showing me what should run at startup, and it all *looks* legitimate. Task Manager gives all the processes running, but again there is nothing obvious there.
I have sent the owners of this list an email asking how to get rid of it, but there has been no response in over a week. Does anyone have any idea of how to get rid of this?

Norman

jbennet commented: some rep to get you started +4

because this is spyware related i will move you to the spyware section ,

commented: good +4

I'm not 100% sure this is spyware, but in any case Ad-aware doesn't come up with anything. I have attached the log from HijackThis if anyone cares to scan it for something out of the ordinary.
(Just as an aside - references to Whale are legitimate - it's the application I need to use to access my company's network). I can identify most of what's there, but there are some things I really don't know what they do!

Norman

Hi Norman,

Let's have a look, shall we?

FIRST:
Download HijackThis from http://downloads.malwareremoval.com/hijackthis_sfx.exe

Save the setup file on your desktop.
Then, DoubleClick on it and by default it should install to C:\Program Files\HijackThis
Continue through the setup and allow it to create a desktop icon for you. Follow all the prompts, click Finish

-- Run HJT > Click Do a system scan and save a logfile and submit that for me.

EDIT PP: Missed your last post - please do the below as well....


ALSO:
Let's get a StartupList.
Run HijackThis and open the Misc Tools section.
-- Check the boxes to List minor sections & List empty sections
-- Click Generate StartupList & Yes
-- Please submit that log for me as well.


Will check back as time permits. Lotta playoff football to watch this weekend! ;)

PP

As requested

As requested

Hi Norman,

I'm sorry! I am doing ten things at once and was a bit distracted . . ..

What I meant to ask for was the Uninstall List via HJT's Misc Tools.
-- Also, I have attached unstll.zip to this post
-- Please download unstll.zip and extract it to your Desktop.
-- A folder labeled unstll will appear on your Desktop.
-- Open the folder and DoubleClick unstll.bat and give it a couple seconds to run.
A very large log should pop up in Notepad. Please attach that (unstll.txt) for me.

BTW - You should be advised that anytime somebody in any forum gives you an unknown program to run (even a simple batch like this one), it is strictly a "Use At Your Own Risk" proposition!

Anyhoo, it is up to you if you want to trust me :)

-----------------------------------------

I did take a quick look at your Startuplist and saw a couple things. I doubt if they are still active. You've got plenty of anti-spy protection installed and I imagine they cleaned the threat, but I thought I'd point them out to you (these are the only ones that jumped out at me at quick glance):


aaudstum: \??\C:\DOCUME~1\Norman\LOCALS~1\Temp\aaudstum.sys (manual start) --> I don't know what this is. Doesn't look right to me.

mchInjDrv: \??\C:\WINDOWS\TEMP\mc22.tmp (disabled)---> this is related to a nasty backdoor trojan with keylogging capabilities. Probably no longer active, but you may want to investigate further.


Gotta run - Will try to check back as time permits.
In the meantime, you may want to have a look at the unstll.txt and see if you can find the unwanted proggy.

Best :)
PP

get ms windows defender (free) - choose NOT to join spynet and remember to do a ms update after install to get the definitions

run a FULL scan. this has helped me before.

get ms windows defender (free) - choose NOT to join spynet and remember to do a ms update after install to get the definitions

run a FULL scan. this has helped me before.

That might be a bit of overkill in this case. ;) The HJT Log shows the following active anti-spy apps:

Spy Sweeper
Spyware Doctor
Winpatrol

These are solid apps. Plus, I'm not so sure we are dealing with a baddie as much as a nuisance program.

PP :)

mchInjDrv: \??\C:\WINDOWS\TEMP\mc22.tmp (disabled)---> this is related to a nasty backdoor trojan with keylogging capabilities. Probably no longer active, but you may want to investigate further.

LOL! :)

That last post jogged my memory . . . . mc22.tmp may very well be a driver related to the Spyware Doctor component of Spy Sweeper.

Good grief! How do they expect us to keep track of the good and the bad.....


PP :)

That might be a bit of overkill in this case. The HJT Log shows the following active anti-spy apps:

Spy Sweeper
Spyware Doctor
Winpatrol

sorry, didnt see that (never used HJT before)

sorry, didnt see that (never used HJT before)

No worries - It was a good suggestion! :)

And, if you hadn't gotten me thinking about it, I'd probably never have placed that questionable driver with Spyware Doctor......

PP :)

commented: nice +4

i ony ever had a keylogger, 2 trojans and an adware bar on any of my pcs and ive been running them for years

i dont know how ppl keep getting so many viruses.........

GOTCHA. The uninstall list came up witha couple of curious names I didn't recognise, one of which was "mvi". I uninstalled this and *gone*. I don't know how I missed it in the first place, but having a simple list rather than the info that Add/Remove Programs generates makes it much easier to find something that tries to be anonymous.

GOTCHA. The uninstall list came up witha couple of curious names I didn't recognise, one of which was "mvi". I uninstalled this and *gone*.

Great! Happy to hear it :)

You can also dump J2SE Runtime Environment 5.0 Update 3 and install the latest update.

Java Runtime Environment (JRE) 6

Cheers :)
PP

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.