Although I have read your request for downloads my problem s

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Although I have read your request for downloads my problem starts there...

Post by happymom on 19th May 2009, 4:03 pm

My problem is with my desktop which is a Dell that runs Windows XP, I am on my laptop as my desktop is 100% locked up. There is a desktop virus/trojan that states: Warning Your in Danger! Your computer is infected with Spyware! It goes on to explain why this is bad and how all my actions are logged and then says Secure yourself right now! Remove all spyware from your PC! There is a System Security pop up and an IE window pop up from greatmarketing.com..... We only run Mozilla on our computers and have deleted (so we thought) IE from them. Now back to what I was trying to explain. I would download the information you asked of me however whatever is on my computer will not allow me to access the internet or any files at all. I am not able to do a system restore or start the computer in Safe Mode...I tried to open is safe mode using F8 and F12, neither worked. We do have Kazaa loaded on that computer, however we have had it loaded on there for years and never had a problem.
Any ideas on how to solve this problem would be greatly appreciated! I have never had a virus/trojan this out of hand! Whatever it is will not allow me to open my malawarebytes or ad aware either.

One of the little ie pop up windows did say Trojan SPM/LX, however this seems like a pretty low impact trojan to have caused all the issues on my computer, none the less I can't reboot in safe mode to try to remove it anyway.

Thanks so much!
Lisa

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 4:49 pm

Hello.
Can you use another machine to download tools and transfer tools via USB?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 4:53 pm

I attempted that, however the computer would not allow the download to run.

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 4:57 pm

Even from another clean machine?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 5:01 pm

Sorry, I was able to download from the clean machine, however I was not able to download the program from my USB onto the infected computer. The infected computer would not allow the download to run.

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 5:03 pm

You don't need to download from the infected machine.

Download Hijack This from the clean machine and put it on USB. Then transport the Hijack This setup file via USB to the infected machine.

Then try running the setup file from the USB and see if it will run.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 5:04 pm

The infected computer won't even acknowledge the USB card.

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 5:13 pm

Please download this file: [You must be registered and logged in to see this link.]

  1. Insert a black CD into your CD draw.
  2. Double click the rescuecd.exe file on your Desktop.
  3. Hit the "Burn CD" button and allow it to burn, it shouldn't take too long.
  4. Next, reboot your computer, keep the CD inside the draw.
  5. Your computer should boot from the CD and boot to the Avira rescue disc.
  6. Next, see this guide here: [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 5:35 pm

To Clarify I am downloading the program onto my laptop and then burning it onto a cd (loaded on my laptop) removing the cd from laptop and loading it into the cd slot on the infected computer and then rebooting and following instructions from there. Correct.

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 5:39 pm

Yep, correct. Wink


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 6:16 pm

OK...I downloaded from the link you gave me and it looked as though my computer was downloading it, however I can not locate the file anywhere on my computer?? Any ideas? I am sure this must be simple, but I can't find it. The computer I am using runs Windows Vista. Thank you

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 6:19 pm

Are you using Firefox or Internet Explorer? Some setting set the download location to temp files, and not the Desktop.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 6:22 pm

Firefox

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 6:23 pm

I can not find it in temp files either...of course I can not seem to locate the temp files on this computer either.

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 6:27 pm

OK I found my temp files, however don't see the one I just downloaded

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 6:29 pm

Okay, check Firefox's download location.
Go to the "Tools" menu > Options. In the main tab, look under the "Downloads" section.

Mine is currently set to "Save files to", then "Desktop"
If yours isn't Desktop, press the Browse button and choose the desktop.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 6:48 pm

I don't know if I am doing something wrong, however now that I have burned the program to the cd I am trying to re-boot the other computer and although it sounds like it is running the cd, it will not actually open the file on the cd, it just keeps opening the same way it did before. Should I have run the program on the good computer before downloading it to the disk?

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 7:00 pm

No, because it's a boot disc that uses Linux software, and if the clean machine works, it's not gonna detect any problems on that machine.

If it won't boot on the infected machine, the boot order might need changing.
See here:
[You must be registered and logged in to see this link.]

Every BIOS is different, but that's a general guide on how to change a machines boot order.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 7:03 pm

OK, I downloaded the file again this time directly to the cd, however it still will not automatically boot up on the infected computer. It is completely ignoring the request of the cd to load

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 7:22 pm

Hello.
If you can boot the infected machine normally, would I see a CD in the CD drive? We can try putting tools on CD rather than USB.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 7:38 pm

OK, in trying to re-boot the computer like you suggested by changing he boot order I ended up being able to open the computer in "safe mode" do you have any suggestions of anything I can do in this safe mode or should I re-boot again and try to change the boot order?

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 7:57 pm

Ah, is that safe mode with networking?

If so, try downloading DDS.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 8:00 pm

I did use Safe Mode w/ Networking however when I try to log on to the network it tells me Proxy Server Refused Connection

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 8:05 pm

You mean internet?

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 8:19 pm

DDS (Ver_09-05-14.01) - NTFSx86 NETWORK
Run by Don Hunter at 16:17:27.10 on Tue 05/19/2009
Internet Explorer: 6.0.2600.0000
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.511.257 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Don Hunter.SHAMAN\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
mSearchAssistant = [You must be registered and logged in to see this link.]
mCustomizeSearch = [You must be registered and logged in to see this link.]
uURLSearchHooks: H - No File
BHO: SOFTWARE - No File
BHO: {00000000-0000-4eb3-a6b3-cf7f71866dd6} - c:\progra~1\lycos\ieagent\IEagent.dll
BHO: Band Class: {01f44a8a-8c97-4325-a378-76e68dc4ab2e} - c:\windows\systb.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: brdg Class: {9c691a33-7dda-4c2f-be4c-c176083f35cf} - c:\windows\system32\bridge.dll
BHO: {E3215F20-3212-11D6-9F8B-00D0B743919D} - No File
BHO: 796525 Class: {e7f15ac4-e0a9-43f0-921b-70dfea621220} - c:\windows\system32\796525\796525.dll
TB: {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [SYS32DLL] SYS32DLL
mRun: [Ink Monitor] c:\program files\epson\ink monitor\InkMonitor.exe
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [mswspl]
mRun: [stcinstaller] c:\installer\id53.exe
mRun: [vgjkefyfgf] c:\windows\system32\onqcib.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_01\bin\jusched.exe
mRun: [mm_server] c:\program files\musicmatch\musicmatch jukebox\mm_server.exe
mRun: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AdaptecDirectCD] "c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [10594214] c:\documents and settings\all users.windows\application data\10594214\10594214.exe
mRun: [90604206] c:\documents and settings\all users.windows\application data\90604206\90604206.exe
mRun: [sysldtray] c:\windows\ld08.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\donhun~1.sha\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: Ebates. - [You must be registered and logged in to see this link.] files\ebatesmoemoneymaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - [You must be registered and logged in to see this link.]
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - [You must be registered and logged in to see this link.]
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - [You must be registered and logged in to see this link.]
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll
Trusted Zone: bankofamerica.com\www
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {01118D00-3E00-11D2-8470-0060089874ED} - [You must be registered and logged in to see this link.]
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - [You must be registered and logged in to see this link.]
DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - [You must be registered and logged in to see this link.]
DPF: {33564D57-9980-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} - [You must be registered and logged in to see this link.]
DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - [You must be registered and logged in to see this link.]
DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\donhun~1.sha\applic~1\mozilla\firefox\profiles\q8bfz9p9.lisa testing\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\don hunter.shaman\application data\mozilla\firefox\profiles\q8bfz9p9.lisa testing\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

S2 mrtRate;mrtRate; [x]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-25 18560]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-21 38496]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2005-12-27 196409]

=============== Created Last 30 ================

2009-05-19 16:14 --d-h--- c:\windows\PIF
2009-05-19 09:43 282 a------- c:\windows\lu.dat
2009-05-19 09:36 --d----- c:\windows\system32\796525
2009-05-18 21:45 13,824 a------- C:\Job and Income Search.xls
2009-05-18 18:54 16,384 a------- c:\windows\system32\SYS32DLL.exe
2009-05-18 18:54 --d----- c:\windows\system32\790151
2009-05-18 18:53 15,360 ----h--- c:\windows\ld08.exe
2009-05-18 18:53 --d----- c:\docume~1\alluse~1.win\applic~1\90604206
2009-05-18 18:53 --d----- c:\docume~1\alluse~1.win\applic~1\10594214
2009-05-17 18:22 19,456 a------- C:\Music to Peep and Cop.xls
2009-05-17 18:19 --d----- C:\Somerset HOA
2009-05-16 12:16 --d----- c:\program files\common files\xing shared
2009-05-11 16:45 --d----- c:\windows\SxsCaPendDel
2009-05-11 16:26 --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-11 16:26 --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-11 16:26 --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-11 16:26 --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-11 16:22 --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-05-11 16:22 --d----- c:\program files\Spybot - Search & Destroy
2009-04-26 16:15 17,408 a------- C:\Front Yard Dimensions.xls

==================== Find3M ====================

2009-05-17 13:41 28,256 a------- c:\windows\system32\drivers\MxlW2k.sys
2009-05-11 15:35 244,420 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-04-13 18:30 40,960 ac------ c:\windows\uneng.exe
2009-04-13 18:30 55,216 a------- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-13 18:30 45,056 a------- c:\windows\system32\cdrtc.dll
2009-04-13 18:30 45,056 a------- c:\windows\system32\cdral.dll
2009-04-13 18:30 22,713 a------- c:\windows\system32\drivers\cdralw2k.sys
2008-08-30 16:35 24 ac------ c:\documents and settings\don hunter.shaman\jagex_runescape_preferences.dat
2006-06-03 14:29 1,270 a------- c:\documents and settings\don hunter.shaman\293322.bin
2005-12-27 00:16 96 ac------ c:\documents and settings\don hunter.shaman\31242705.dat
2005-02-07 21:11 2,207,307 a------- c:\program files\k-litepro.exe
2004-05-03 09:20 2,241,714 ac------ c:\program files\RD1080_1090UpdateUtility_FW415.exe
2004-04-13 14:28 16,706,160 ac------ c:\program files\AdbeRdr60_enu_full.exe
2004-01-10 16:45 6,594,452 ac------ c:\program files\klcodec220f.exe
2003-11-11 14:57 62 ac------ c:\program files\users.dat
2003-10-10 21:25 8,633,430 ac------ c:\program files\klcodec205f.exe
2003-10-01 10:34 1,897,672 ac------ c:\program files\winzip81.exe
2003-10-01 10:25 24,345,318 ac------ c:\program files\DrvSetup.exe
2003-10-01 08:24 451,136 ac------ c:\program files\GoogleToolbarInstaller.exe
2003-10-01 08:15 1,694,551 ac------ c:\program files\Ad Aware.exe
2003-09-30 21:54 16,251,072 ac------ c:\program files\Adobe Reader 60.exe
2003-09-09 15:52 5,473,872 ac------ c:\program files\Java Virtual Machine.exe
2003-07-14 17:10 5,348,903 ac------ c:\program files\kfpsetup.exe
2003-07-13 21:58 47,823 ac--h--- c:\program files\palm.GID
2003-07-12 03:36 2,798,875 ac------ c:\program files\kazaa_lite_kpp_edition_240_english.exe
2003-07-11 15:22 5,745,248 ac------ c:\program files\Mixmeister 3.1.exe
2003-07-11 15:22 5,745,248 ac------ c:\program files\mixm3.exe
2003-07-08 01:54 4,085,904 ac------ c:\program files\wma9_redist.exe
2003-07-08 01:53 2,041,744 ac------ c:\program files\wma8_redist.exe
2003-07-08 01:50 3,633,775 ac------ c:\program files\Easy CD File Converter.exe
2003-07-07 22:07 5,030,400 ac------ c:\program files\EaseMP3WAVConverter.exe
2003-07-07 21:04 6,430,208 ac------ c:\program files\AudioConverter.exe
2003-01-23 19:56 8,839,120 ac------ c:\program files\AcroReader51_ENU.exe
2008-07-27 13:06 88 ---shr-- c:\windows\system32\7D78F8143B.sys
2008-07-27 13:06 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 16:17:49.21 ===============

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 8:26 pm

Hello.
Since we got that worked, lets run this to take out some malware I can see, then we'll try Combofix.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\lu.dat
    c:\windows\system32\796525
    c:\windows\system32\790151
    c:\windows\ld08.exe
    c:\docume~1\alluse~1.win\applic~1\90604206
    c:\docume~1\alluse~1.win\applic~1\10594214
    c:\windows\system32\onqcib.exe
    c:\windows\system32\SYS32DLL.exe
    c:\installer\id53.exe
    c:\windows\systb.dll
    c:\windows\system32\bridge.dll

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "sysldtray"=-
    "mswspl"=-
    "stcinstaller"=-
    "vgjkefyfgf"=-
    "10594214"=-
    "90604206"=-
    "KernelFaultCheck"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SYS32DLL"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7f15ac4-e0a9-43f0-921b-70dfea621220}]


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 8:32 pm

c:\windows\system32\onqcib.exe moved successfully.
c:\windows\system32\SYS32DLL.exe moved successfully.
c:\installer\id53.exe moved successfully.
LoadLibrary failed for c:\windows\systb.dll
c:\windows\systb.dll NOT unregistered.
c:\windows\systb.dll moved successfully.
File/Folder c:\windows\system32\bridge.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysldtray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mswspl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\stcinstaller deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vgjkefyfgf deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\10594214 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\90604206 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SYS32DLL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7f15ac4-e0a9-43f0-921b-70dfea621220}\\ deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05192009_163209

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 8:40 pm

Okay, now we have internet access, lets get Hijack This installed because I want to use that.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 8:47 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:26 PM, on 5/19/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-4EB3-A6B3-CF7F71866DD6} - C:\PROGRA~1\Lycos\IEagent\IEagent.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Ebates. - [You must be registered and logged in to see this link.] Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - [You must be registered and logged in to see this link.] Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
O16 - DPF: {01118D00-3E00-11D2-8470-0060089874ED} - [You must be registered and logged in to see this link.]
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - [You must be registered and logged in to see this link.]
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - [You must be registered and logged in to see this link.]
O16 - DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - [You must be registered and logged in to see this link.]
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - [You must be registered and logged in to see this link.]
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe

--
End of file - 7799 bytes

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 8:57 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {00000000-0000-4EB3-A6B3-CF7F71866DD6} - C:\PROGRA~1\Lycos\IEagent\IEagent.dll
    O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - [You must be registered and logged in to see this link.] Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - [You must be registered and logged in to see this link.]
    O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - [You must be registered and logged in to see this link.]
    O16 - DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - [You must be registered and logged in to see this link.]
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - [You must be registered and logged in to see this link.]


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 9:10 pm

Do you want me to re-boot the computer (in order for the Fix to be completed by Hijack this) before I run Malawarebytes? I do already have malawarebytes loaded onto my computer and I have just made sure that it is updated.

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 9:11 pm

If you can do it in safe mode with networking till after the scan is done and you've removed everything, that would be great. Better safe than sorry.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 9:13 pm

If I do re-boot do I still try to re-boot into safe mode with networking or re-boot as normal?

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 9:16 pm

OK...I actually am running the scan without having re-booted after the Hijack program ran...should I abort my scan and re-boot the computer to safe mode?

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 9:18 pm

Nah, let it run.
Did you update the database?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 9:41 pm

Malwarebytes' Anti-Malware 1.36
Database version: 2155
Windows 5.1.2600

5/19/2009 5:34:04 PM
mbam-log-2009-05-19 (17-34-04).txt

Scan type: Quick Scan
Objects scanned: 93856
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\y537.y537mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y537.y537mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\systemsecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\advertismen (Adware.AdvertMan) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Don Hunter.SHAMAN\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\lxxv.aeu (Trojan.Gumblar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temp\6f893edhp93eda.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temp\mrar.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temp\s_6002_fHx8fHx8fDEyNDI0NTczNTd8_.dbx (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temp\wvsmbPLg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\7SOLMQT9\6244[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\B91XYEPZ\nfr[1].exe (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\BFG3B4F4\6244[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\BFG3B4F4\ckMa[1].jpg (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\BFG3B4F4\load[1].php (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\BFG3B4F4\nfr[1].exe (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\BFG3B4F4\nicknew2_install[1].exe (Rogue.SystemSecurity2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\Y7K0ZTTV\mrar[1].exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Start Menu\Programs\System Security\System Security 2009 Support.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Start Menu\Programs\System Security\System Security 2009.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Desktop\System Security 2009.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 9:51 pm

Okay, re-run and post a new DDS log now please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 9:53 pm

DDS (Ver_09-05-14.01) - NTFSx86
Run by Don Hunter at 17:52:39.26 on Tue 05/19/2009
Internet Explorer: 6.0.2600.0000
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.511.319 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Don Hunter.SHAMAN\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [Ink Monitor] c:\program files\epson\ink monitor\InkMonitor.exe
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_01\bin\jusched.exe
mRun: [mm_server] c:\program files\musicmatch\musicmatch jukebox\mm_server.exe
mRun: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AdaptecDirectCD] "c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\donhun~1.sha\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: Ebates. - [You must be registered and logged in to see this link.] files\ebatesmoemoneymaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - [You must be registered and logged in to see this link.]
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - [You must be registered and logged in to see this link.]
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - [You must be registered and logged in to see this link.]
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll
Trusted Zone: bankofamerica.com\www
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {01118D00-3E00-11D2-8470-0060089874ED} - [You must be registered and logged in to see this link.]
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - [You must be registered and logged in to see this link.]
DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - [You must be registered and logged in to see this link.]
DPF: {33564D57-9980-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\donhun~1.sha\applic~1\mozilla\firefox\profiles\q8bfz9p9.lisa testing\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\don hunter.shaman\application data\mozilla\firefox\profiles\q8bfz9p9.lisa testing\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

S2 mrtRate;mrtRate; [x]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-25 18560]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2005-12-27 196409]

=============== Created Last 30 ================

2009-05-19 16:44 --d----- c:\program files\Trend Micro
2009-05-19 16:32 --d----- C:\_OTMoveIt
2009-05-19 16:14 --d-h--- c:\windows\PIF
2009-05-18 21:45 13,824 a------- C:\Job and Income Search.xls
2009-05-17 18:22 19,456 a------- C:\Music to Peep and Cop.xls
2009-05-17 18:19 --d----- C:\Somerset HOA
2009-05-16 12:16 --d----- c:\program files\common files\xing shared
2009-05-11 16:45 --d----- c:\windows\SxsCaPendDel
2009-05-11 16:26 --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-11 16:26 --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-11 16:26 --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-11 16:26 --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-11 16:22 --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-05-11 16:22 --d----- c:\program files\Spybot - Search & Destroy
2009-04-26 16:15 17,408 a------- C:\Front Yard Dimensions.xls

==================== Find3M ====================

2009-05-17 13:41 28,256 a------- c:\windows\system32\drivers\MxlW2k.sys
2009-05-11 15:35 244,420 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-04-13 18:30 40,960 ac------ c:\windows\uneng.exe
2009-04-13 18:30 55,216 a------- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-13 18:30 45,056 a------- c:\windows\system32\cdrtc.dll
2009-04-13 18:30 45,056 a------- c:\windows\system32\cdral.dll
2009-04-13 18:30 22,713 a------- c:\windows\system32\drivers\cdralw2k.sys
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-08-30 16:35 24 ac------ c:\documents and settings\don hunter.shaman\jagex_runescape_preferences.dat
2006-06-03 14:29 1,270 a------- c:\documents and settings\don hunter.shaman\293322.bin
2005-12-27 00:16 96 ac------ c:\documents and settings\don hunter.shaman\31242705.dat
2005-02-07 21:11 2,207,307 a------- c:\program files\k-litepro.exe
2004-05-03 09:20 2,241,714 ac------ c:\program files\RD1080_1090UpdateUtility_FW415.exe
2004-04-13 14:28 16,706,160 ac------ c:\program files\AdbeRdr60_enu_full.exe
2004-01-10 16:45 6,594,452 ac------ c:\program files\klcodec220f.exe
2003-11-11 14:57 62 ac------ c:\program files\users.dat
2003-10-10 21:25 8,633,430 ac------ c:\program files\klcodec205f.exe
2003-10-01 10:34 1,897,672 ac------ c:\program files\winzip81.exe
2003-10-01 10:25 24,345,318 ac------ c:\program files\DrvSetup.exe
2003-10-01 08:24 451,136 ac------ c:\program files\GoogleToolbarInstaller.exe
2003-10-01 08:15 1,694,551 ac------ c:\program files\Ad Aware.exe
2003-09-30 21:54 16,251,072 ac------ c:\program files\Adobe Reader 60.exe
2003-09-09 15:52 5,473,872 ac------ c:\program files\Java Virtual Machine.exe
2003-07-14 17:10 5,348,903 ac------ c:\program files\kfpsetup.exe
2003-07-13 21:58 47,823 ac--h--- c:\program files\palm.GID
2003-07-12 03:36 2,798,875 ac------ c:\program files\kazaa_lite_kpp_edition_240_english.exe
2003-07-11 15:22 5,745,248 ac------ c:\program files\Mixmeister 3.1.exe
2003-07-11 15:22 5,745,248 ac------ c:\program files\mixm3.exe
2003-07-08 01:54 4,085,904 ac------ c:\program files\wma9_redist.exe
2003-07-08 01:53 2,041,744 ac------ c:\program files\wma8_redist.exe
2003-07-08 01:50 3,633,775 ac------ c:\program files\Easy CD File Converter.exe
2003-07-07 22:07 5,030,400 ac------ c:\program files\EaseMP3WAVConverter.exe
2003-07-07 21:04 6,430,208 ac------ c:\program files\AudioConverter.exe
2003-01-23 19:56 8,839,120 ac------ c:\program files\AcroReader51_ENU.exe
2008-07-27 13:06 88 ---shr-- c:\windows\system32\7D78F8143B.sys
2008-07-27 13:06 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:53:02.81 ===============

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 9:56 pm

I have spybot search and destroy, ad-aware, and malawarebytes anti-malaware programs installed on my computer. Do I have a need for all of these programs?

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 9:57 pm

Hello.

Uninstall Ad-aware and Spybot if you want, their removal methods aren't that good.

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 10:05 pm

Ad-aware 6 Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player Plugin
Adobe Reader 7.0.9
ArcSoft Software Suite
Bridge
Brother MFL-Pro Suite
Creative Jukebox Driver
Creative MediaSource
Creative System Information
Creative WebCam Center
Creative WebCam Live! Ultra Driver (1.01.03.0127)
Creative WebCam Live! Ultra User's Guide (English)
Creative Zen Touch
Dell ResourceCD
DivX Web Player
Easy CD Creator 5 Basic
EPSON Printer Software
ESPN Java Check
HijackThis 2.0.2
Ink Monitor
J2SE Runtime Environment 5.0 Update 1
Kazaa Lite K++ v2.4.3
K-Lite Codec Pack 2.20 Full
K-Lite Pro 2.5
K-litePro 1.0.0.0
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Lycos Search
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MediaFACE II
Microsoft Office 2000 Professional
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH® Jukebox
Nero 7 Essentials
neroxml
PictureProject
Quicken 2004
RealPlayer
RON Display
Shockwave
Sony Picture Utility
Sony USB Driver
Sound Blaster Live! Web 2K/XP
The Best Offers
The KMPlayer (remove only)
URL Display
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows SR 2.0
Windows XP Hotfix (SP1) [See Q317181 for more information]
WinTools Easy Installer
WinZip
Yahoo! Messenger
Yahoo! Toolbar

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 10:09 pm

Hello.
Install Avira antivirus NOW, you aren't protected right now, you'll only get re-infected again if you don't.

I see that you are running Kazaa.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Kazaa is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Adobe Reader 7.0.9
  • J2SE Runtime Environment 5.0 Update 1
  • Kazaa Lite K++ v2.4.3
  • LiveReg (Symantec Corporation)
  • LiveUpdate 2.6 (Symantec Corporation)
  • Lycos Search

Then download and install [You must be registered and logged in to see this link.]

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 3.0.8 you currently have installed, so you won't lose any bookmarked websites.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 10:13 pm

It is running great! If I get rid of Kazaa Lite K++ v2.4.3 is there another copy that would work better or is this an infected copy and we are just outta luck on using it anymore? We have used it for years, however I believe that my husband did install a newer version recently. I don't know all the details I just remember it was working and then it stopped and then he did something and it started working again...I know he paid for the old version not sure if he paid for this one.

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 10:16 pm

ALL P2P programs will get you infected!


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 10:19 pm

Lycos Search won't let me uninstall it

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 10:20 pm

What about the other versions of Kazaa lite that are installed? Kazaa Lite Pro 2.5 and Kazaa lite 1.0.0? Not sure what P2P programs are unless that means person to person?

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 10:26 pm

Peer to peer. We don't promote P2P, I will not help you on that matter.

If you get infected again through P2P, we may not help you at Geekpolice.
We are against malware, trying to make a difference, I don't see how that's possible when people go against direct advice not to use P2P.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 10:32 pm

No problem...I didn't know that is why I was asking. I understand that your stance and what P2P is now. I will make sure to inform my husband of this information and we will take it off the computer. We were unaware since as I said it is a program we have had for so long and we paid for it so we thought it was a safe program to use.

Do you have any advise on how I can get the Lycos Search to uninstall?

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on 19th May 2009, 10:34 pm

Also, sorry I didn't see your note about the p2p and Kazaa in the earlier note. Not sure how I missed it, but I did. Sorry

happymom
Novice
Novice

Posts Posts : 34
Joined Joined : 2009-05-19
Gender Gender : Female
OS OS : windows xp
Points Points : 27636
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on 19th May 2009, 10:38 pm

We can remove OTMoveIt now.

  • Please double-click OTMoveIt3.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum