GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Although I have read your request for downloads my problem s

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 8:26 pm

Hello.
Since we got that worked, lets run this to take out some malware I can see, then we'll try Combofix.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\lu.dat
    c:\windows\system32\796525
    c:\windows\system32\790151
    c:\windows\ld08.exe
    c:\docume~1\alluse~1.win\applic~1\90604206
    c:\docume~1\alluse~1.win\applic~1\10594214
    c:\windows\system32\onqcib.exe
    c:\windows\system32\SYS32DLL.exe
    c:\installer\id53.exe
    c:\windows\systb.dll
    c:\windows\system32\bridge.dll

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "sysldtray"=-
    "mswspl"=-
    "stcinstaller"=-
    "vgjkefyfgf"=-
    "10594214"=-
    "90604206"=-
    "KernelFaultCheck"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SYS32DLL"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7f15ac4-e0a9-43f0-921b-70dfea621220}]


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 8:32 pm

c:\windows\system32\onqcib.exe moved successfully.
c:\windows\system32\SYS32DLL.exe moved successfully.
c:\installer\id53.exe moved successfully.
LoadLibrary failed for c:\windows\systb.dll
c:\windows\systb.dll NOT unregistered.
c:\windows\systb.dll moved successfully.
File/Folder c:\windows\system32\bridge.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysldtray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mswspl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\stcinstaller deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vgjkefyfgf deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\10594214 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\90604206 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SYS32DLL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7f15ac4-e0a9-43f0-921b-70dfea621220}\\ deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05192009_163209

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 8:40 pm

Okay, now we have internet access, lets get Hijack This installed because I want to use that.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 8:47 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:26 PM, on 5/19/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-4EB3-A6B3-CF7F71866DD6} - C:\PROGRA~1\Lycos\IEagent\IEagent.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Ebates. - [You must be registered and logged in to see this link.] Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - [You must be registered and logged in to see this link.] Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
O16 - DPF: {01118D00-3E00-11D2-8470-0060089874ED} - [You must be registered and logged in to see this link.]
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - [You must be registered and logged in to see this link.]
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - [You must be registered and logged in to see this link.]
O16 - DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - [You must be registered and logged in to see this link.]
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - [You must be registered and logged in to see this link.]
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe

--
End of file - 7799 bytes

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 8:57 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {00000000-0000-4EB3-A6B3-CF7F71866DD6} - C:\PROGRA~1\Lycos\IEagent\IEagent.dll
    O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - [You must be registered and logged in to see this link.] Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - [You must be registered and logged in to see this link.]
    O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - [You must be registered and logged in to see this link.]
    O16 - DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - [You must be registered and logged in to see this link.]
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - [You must be registered and logged in to see this link.]


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 9:10 pm

Do you want me to re-boot the computer (in order for the Fix to be completed by Hijack this) before I run Malawarebytes? I do already have malawarebytes loaded onto my computer and I have just made sure that it is updated.

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 9:11 pm

If you can do it in safe mode with networking till after the scan is done and you've removed everything, that would be great. Better safe than sorry.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 9:13 pm

If I do re-boot do I still try to re-boot into safe mode with networking or re-boot as normal?

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 9:16 pm

OK...I actually am running the scan without having re-booted after the Hijack program ran...should I abort my scan and re-boot the computer to safe mode?

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 9:18 pm

Nah, let it run.
Did you update the database?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 9:41 pm

Malwarebytes' Anti-Malware 1.36
Database version: 2155
Windows 5.1.2600

5/19/2009 5:34:04 PM
mbam-log-2009-05-19 (17-34-04).txt

Scan type: Quick Scan
Objects scanned: 93856
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\y537.y537mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y537.y537mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\systemsecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\advertismen (Adware.AdvertMan) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Don Hunter.SHAMAN\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\lxxv.aeu (Trojan.Gumblar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temp\6f893edhp93eda.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temp\mrar.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temp\s_6002_fHx8fHx8fDEyNDI0NTczNTd8_.dbx (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temp\wvsmbPLg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\7SOLMQT9\6244[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\B91XYEPZ\nfr[1].exe (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\BFG3B4F4\6244[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\BFG3B4F4\ckMa[1].jpg (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\BFG3B4F4\load[1].php (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\BFG3B4F4\nfr[1].exe (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\BFG3B4F4\nicknew2_install[1].exe (Rogue.SystemSecurity2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Local Settings\Temporary Internet Files\Content.IE5\Y7K0ZTTV\mrar[1].exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Start Menu\Programs\System Security\System Security 2009 Support.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Start Menu\Programs\System Security\System Security 2009.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Hunter.SHAMAN\Desktop\System Security 2009.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 9:51 pm

Okay, re-run and post a new DDS log now please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 9:53 pm

DDS (Ver_09-05-14.01) - NTFSx86
Run by Don Hunter at 17:52:39.26 on Tue 05/19/2009
Internet Explorer: 6.0.2600.0000
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.511.319 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Don Hunter.SHAMAN\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [Ink Monitor] c:\program files\epson\ink monitor\InkMonitor.exe
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_01\bin\jusched.exe
mRun: [mm_server] c:\program files\musicmatch\musicmatch jukebox\mm_server.exe
mRun: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AdaptecDirectCD] "c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\donhun~1.sha\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: Ebates. - [You must be registered and logged in to see this link.] files\ebatesmoemoneymaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - [You must be registered and logged in to see this link.]
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - [You must be registered and logged in to see this link.]
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - [You must be registered and logged in to see this link.]
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll
Trusted Zone: bankofamerica.com\www
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {01118D00-3E00-11D2-8470-0060089874ED} - [You must be registered and logged in to see this link.]
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - [You must be registered and logged in to see this link.]
DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - [You must be registered and logged in to see this link.]
DPF: {33564D57-9980-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\donhun~1.sha\applic~1\mozilla\firefox\profiles\q8bfz9p9.lisa testing\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\don hunter.shaman\application data\mozilla\firefox\profiles\q8bfz9p9.lisa testing\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

S2 mrtRate;mrtRate; [x]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-25 18560]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2005-12-27 196409]

=============== Created Last 30 ================

2009-05-19 16:44 --d----- c:\program files\Trend Micro
2009-05-19 16:32 --d----- C:\_OTMoveIt
2009-05-19 16:14 --d-h--- c:\windows\PIF
2009-05-18 21:45 13,824 a------- C:\Job and Income Search.xls
2009-05-17 18:22 19,456 a------- C:\Music to Peep and Cop.xls
2009-05-17 18:19 --d----- C:\Somerset HOA
2009-05-16 12:16 --d----- c:\program files\common files\xing shared
2009-05-11 16:45 --d----- c:\windows\SxsCaPendDel
2009-05-11 16:26 --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-11 16:26 --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-11 16:26 --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-11 16:26 --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-11 16:22 --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-05-11 16:22 --d----- c:\program files\Spybot - Search & Destroy
2009-04-26 16:15 17,408 a------- C:\Front Yard Dimensions.xls

==================== Find3M ====================

2009-05-17 13:41 28,256 a------- c:\windows\system32\drivers\MxlW2k.sys
2009-05-11 15:35 244,420 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-04-13 18:30 40,960 ac------ c:\windows\uneng.exe
2009-04-13 18:30 55,216 a------- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-13 18:30 45,056 a------- c:\windows\system32\cdrtc.dll
2009-04-13 18:30 45,056 a------- c:\windows\system32\cdral.dll
2009-04-13 18:30 22,713 a------- c:\windows\system32\drivers\cdralw2k.sys
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-08-30 16:35 24 ac------ c:\documents and settings\don hunter.shaman\jagex_runescape_preferences.dat
2006-06-03 14:29 1,270 a------- c:\documents and settings\don hunter.shaman\293322.bin
2005-12-27 00:16 96 ac------ c:\documents and settings\don hunter.shaman\31242705.dat
2005-02-07 21:11 2,207,307 a------- c:\program files\k-litepro.exe
2004-05-03 09:20 2,241,714 ac------ c:\program files\RD1080_1090UpdateUtility_FW415.exe
2004-04-13 14:28 16,706,160 ac------ c:\program files\AdbeRdr60_enu_full.exe
2004-01-10 16:45 6,594,452 ac------ c:\program files\klcodec220f.exe
2003-11-11 14:57 62 ac------ c:\program files\users.dat
2003-10-10 21:25 8,633,430 ac------ c:\program files\klcodec205f.exe
2003-10-01 10:34 1,897,672 ac------ c:\program files\winzip81.exe
2003-10-01 10:25 24,345,318 ac------ c:\program files\DrvSetup.exe
2003-10-01 08:24 451,136 ac------ c:\program files\GoogleToolbarInstaller.exe
2003-10-01 08:15 1,694,551 ac------ c:\program files\Ad Aware.exe
2003-09-30 21:54 16,251,072 ac------ c:\program files\Adobe Reader 60.exe
2003-09-09 15:52 5,473,872 ac------ c:\program files\Java Virtual Machine.exe
2003-07-14 17:10 5,348,903 ac------ c:\program files\kfpsetup.exe
2003-07-13 21:58 47,823 ac--h--- c:\program files\palm.GID
2003-07-12 03:36 2,798,875 ac------ c:\program files\kazaa_lite_kpp_edition_240_english.exe
2003-07-11 15:22 5,745,248 ac------ c:\program files\Mixmeister 3.1.exe
2003-07-11 15:22 5,745,248 ac------ c:\program files\mixm3.exe
2003-07-08 01:54 4,085,904 ac------ c:\program files\wma9_redist.exe
2003-07-08 01:53 2,041,744 ac------ c:\program files\wma8_redist.exe
2003-07-08 01:50 3,633,775 ac------ c:\program files\Easy CD File Converter.exe
2003-07-07 22:07 5,030,400 ac------ c:\program files\EaseMP3WAVConverter.exe
2003-07-07 21:04 6,430,208 ac------ c:\program files\AudioConverter.exe
2003-01-23 19:56 8,839,120 ac------ c:\program files\AcroReader51_ENU.exe
2008-07-27 13:06 88 ---shr-- c:\windows\system32\7D78F8143B.sys
2008-07-27 13:06 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:53:02.81 ===============

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 9:56 pm

I have spybot search and destroy, ad-aware, and malawarebytes anti-malaware programs installed on my computer. Do I have a need for all of these programs?

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 9:57 pm

Hello.

Uninstall Ad-aware and Spybot if you want, their removal methods aren't that good.

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 10:05 pm

Ad-aware 6 Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player Plugin
Adobe Reader 7.0.9
ArcSoft Software Suite
Bridge
Brother MFL-Pro Suite
Creative Jukebox Driver
Creative MediaSource
Creative System Information
Creative WebCam Center
Creative WebCam Live! Ultra Driver (1.01.03.0127)
Creative WebCam Live! Ultra User's Guide (English)
Creative Zen Touch
Dell ResourceCD
DivX Web Player
Easy CD Creator 5 Basic
EPSON Printer Software
ESPN Java Check
HijackThis 2.0.2
Ink Monitor
J2SE Runtime Environment 5.0 Update 1
Kazaa Lite K++ v2.4.3
K-Lite Codec Pack 2.20 Full
K-Lite Pro 2.5
K-litePro 1.0.0.0
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Lycos Search
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MediaFACE II
Microsoft Office 2000 Professional
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH® Jukebox
Nero 7 Essentials
neroxml
PictureProject
Quicken 2004
RealPlayer
RON Display
Shockwave
Sony Picture Utility
Sony USB Driver
Sound Blaster Live! Web 2K/XP
The Best Offers
The KMPlayer (remove only)
URL Display
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows SR 2.0
Windows XP Hotfix (SP1) [See Q317181 for more information]
WinTools Easy Installer
WinZip
Yahoo! Messenger
Yahoo! Toolbar

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 10:09 pm

Hello.
Install Avira antivirus NOW, you aren't protected right now, you'll only get re-infected again if you don't.

I see that you are running Kazaa.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Kazaa is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Adobe Reader 7.0.9
  • J2SE Runtime Environment 5.0 Update 1
  • Kazaa Lite K++ v2.4.3
  • LiveReg (Symantec Corporation)
  • LiveUpdate 2.6 (Symantec Corporation)
  • Lycos Search

Then download and install [You must be registered and logged in to see this link.]

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 3.0.8 you currently have installed, so you won't lose any bookmarked websites.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 10:13 pm

It is running great! If I get rid of Kazaa Lite K++ v2.4.3 is there another copy that would work better or is this an infected copy and we are just outta luck on using it anymore? We have used it for years, however I believe that my husband did install a newer version recently. I don't know all the details I just remember it was working and then it stopped and then he did something and it started working again...I know he paid for the old version not sure if he paid for this one.

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 10:16 pm

ALL P2P programs will get you infected!


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 10:19 pm

Lycos Search won't let me uninstall it

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 10:20 pm

What about the other versions of Kazaa lite that are installed? Kazaa Lite Pro 2.5 and Kazaa lite 1.0.0? Not sure what P2P programs are unless that means person to person?

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 10:26 pm

Peer to peer. We don't promote P2P, I will not help you on that matter.

If you get infected again through P2P, we may not help you at Geekpolice.
We are against malware, trying to make a difference, I don't see how that's possible when people go against direct advice not to use P2P.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 10:32 pm

No problem...I didn't know that is why I was asking. I understand that your stance and what P2P is now. I will make sure to inform my husband of this information and we will take it off the computer. We were unaware since as I said it is a program we have had for so long and we paid for it so we thought it was a safe program to use.

Do you have any advise on how I can get the Lycos Search to uninstall?

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 10:34 pm

Also, sorry I didn't see your note about the p2p and Kazaa in the earlier note. Not sure how I missed it, but I did. Sorry

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 10:38 pm

We can remove OTMoveIt now.

  • Please double-click OTMoveIt3.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 10:45 pm

I thought you said to get rid of my Ad-Aware and Spybot programs? Should I keep them or get rid of them I am now confused as this last post says to install them.

Thanks

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 10:49 pm

Don't install them. LMBO or ROFL
Sorry, I didn't think to edit them out.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 10:59 pm

So what about not being able to uninstall Lycos Search??? Should I be worried??

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 11:01 pm

What error does it give you?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 11:04 pm

Nothing...it just blips on the screen and doesn't do anything. Exactly like what my computer was doing before when I was trying to open any of my programs.

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 11:06 pm

Download RevoUninstall from here:
[You must be registered and logged in to see this link.]

Install it, and run the program.
Find Lycos Search on the list and press the "Uninstall" or "Remove" button at the top.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Tue May 19, 2009 11:09 pm

You have an answer for everything don't you! Smile

Should I keep all the programs we used today installed on my computer or should I delete some of them?

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Tue May 19, 2009 11:13 pm

You can get rid of Hijack This, etc if you want, but I would keep MBAM and Revo Uninstaller, both can be quite useful.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Wed May 20, 2009 12:00 am

Ok...last question...I think! Should I change my Network Proxy setting back? It is now on "No Proxy".


Thank you so much for all of your help! You are a miracle worker! I have added you to all my blog sites...they are all mom sites they have already gotten really excited at the prospect of having a site to help them out. After I am sure my computer isn't infected with anything in a few days I will make a donation...right now as confident as I am that it is fixed I am still leery of putting my credit card info on it just yet! My laptop is using someone elses wireless (shhh!) so I know I won't use my card on that computer!

Thanks again.
Lisa

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by Belahzur on Wed May 20, 2009 12:06 am

Hello.
No, the proxy settings were changed by malware to block out internet connection, that's why you had internet connection problems in the first place.

Don't get infected again. LMBO or ROFL


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Although I have read your request for downloads my problem s

Post by happymom on Wed May 20, 2009 12:30 am

Ha Ha Ha...your pretty funny there Belahzur. Annoyed or Unimpress I will do my best not to get infected again! Thanks again for all of your help!

happymom
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-05-19
Gender : Female
OS : windows xp
Points : 27576
# Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum