Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't access folders or My Computer


  • This topic is locked This topic is locked

#1
DyMt1Q

DyMt1Q

    New Member

  • Member
  • Pip
  • 8 posts
I've read a ton of topics about this... I did everything in the instructions, all the scans (web too) and all the anti-spyware programs and windows updates etc, and it still won't go away.

here's my log:

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Instant Messenger
AOLIcon
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
BitLord 1.1
CDisplay 1.8
CleanUp!
Command & Conquer Tiberian Sun
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Dante's Card Maker
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support 3.1
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
ESPNMotion
FlashGet(JetCar)
Full Tilt Poker
Games, Music, & Photos Launcher
GameTime+
GemMaster Mystic
Get High Speed Internet!
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Internet Service Offers Launcher
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Anti-Virus 6.0
Learn2 Player (Uninstall Only)
MCU
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
mIRC
Modem Helper
Mozilla (1.7.13)
Mozilla Firefox (1.5.0.7)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
Otto
Panda ActiveScan
PartyPoker
Poker Patterns
Poker Tracker Version 2.12.00b
PokerStars
PokerStove version 1.20
QuickTime
RealPlayer
Red Alert Windows 95
RM Converter 3.28
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Skype 2.0
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Spybot - Search & Destroy 1.3
Starcraft
Tourney Manager
UltimateBet
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VideoLAN VLC media player 0.8.5
Viewpoint Media Player
WGT Launcher
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246
WinRAR archiver
WordPerfect Office 12
XviD 1.1 final uninstall
  • 0

Advertisements


#2
Burton1

Burton1

    Member

  • Member
  • PipPipPip
  • 430 posts
Hello and welcome to Geekstogo.com, my name is Justin and I will be helping you. If you could please follow my instructions below
  • Please open HijackThis
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
DyMt1Q

DyMt1Q

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:02:30 AM, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Starcraft\BWLauncher.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ken Chen\Desktop\FIGHT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O1 - Hosts: 66.235.180.53 www.liquidpoker.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Build A Roll.lnk = C:\Program Files\Build A Roll\baroll.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

thanks!
  • 0

#4
Burton1

Burton1

    Member

  • Member
  • PipPipPip
  • 430 posts
I was just wondering have you installed a program called Ultimate Bet or use it?
  • 0

#5
DyMt1Q

DyMt1Q

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
yes, its a poker program, i use it. its not a virus.
  • 0

#6
Burton1

Burton1

    Member

  • Member
  • PipPipPip
  • 430 posts
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#7
DyMt1Q

DyMt1Q

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Report is below, interesting it came up with all this even after I ran Spybot and Adaware.
Thanks!

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.overture.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.webpower.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ken Chen\Cookies\ken [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ken Chen\Cookies\ken [email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ken Chen\Cookies\ken [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ken Chen\Cookies\ken [email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ken Chen\Cookies\ken [email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ken Chen\Cookies\ken [email protected][1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Ken Chen\Cookies\ken [email protected][1].txt
  • 0

#8
Burton1

Burton1

    Member

  • Member
  • PipPipPip
  • 430 posts
Please follow the steps below

Step 1

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step 2

Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click blbeta.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

Edited by Burton1, 25 October 2006 - 12:16 PM.

  • 0

#9
DyMt1Q

DyMt1Q

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Kaspersky:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, October 26, 2006 2:01:21 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/10/2006
Kaspersky Anti-Virus database records: 235001
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 148430
Number of viruses found: 2
Number of infected objects: 5 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:13:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0016_pdm_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0016_pdm_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0018_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\001c_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Ken Chen\Application Data\Aim\bftiaxol\KChenneth\cert8.db Object is locked skipped
C:\Documents and Settings\Ken Chen\Application Data\Aim\bftiaxol\KChenneth\key3.db Object is locked skipped
C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\cert8.db Object is locked skipped
C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\history.dat Object is locked skipped
C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\key3.db Object is locked skipped
C:\Documents and Settings\Ken Chen\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\parent.lock Object is locked skipped
C:\Documents and Settings\Ken Chen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ken Chen\Desktop\mirc62.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\Ken Chen\Desktop\mirc62.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\Ken Chen\Desktop\mirc62.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Ken Chen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ken Chen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ken Chen\Local Settings\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Ken Chen\Local Settings\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Ken Chen\Local Settings\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Ken Chen\Local Settings\Application Data\Mozilla\Firefox\Profiles\33bi345l.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Ken Chen\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ken Chen\Local Settings\History\History.IE5\MSHist012006101520061016\index.dat Object is locked skipped
C:\Documents and Settings\Ken Chen\Local Settings\History\History.IE5\MSHist012006102520061026\index.dat Object is locked skipped
C:\Documents and Settings\Ken Chen\Local Settings\History\History.IE5\MSHist012006102620061027\index.dat Object is locked skipped
C:\Documents and Settings\Ken Chen\Local Settings\Temp\~PST5970.tmp Object is locked skipped
C:\Documents and Settings\Ken Chen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ken Chen\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ken Chen\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Adobe\Web\Adobe Online Prefs Object is locked skipped
C:\Program Files\Common Files\Adobe\Web\AdobeOnline Inventory Object is locked skipped
C:\Program Files\Common Files\Adobe\Web\AdobeWeb.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP118\A0027717.exe Infected: not-a-virus:Downloader.Win32.DigStream skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP131\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{A34A1564-0381-4415-A772-4AA61ABDDEE8}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{83514D69-99C8-40D2-A5A0-75E9FD7012FA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd3533.sys Object is locked skipped
C:\WINDOWS\system32\FxsTmp\fxs22F2.tmp Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\cch~a6169049db9bb.htp Object is locked skipped
C:\WINDOWS\Temp\cch~a616904b73d71.htp Object is locked skipped
C:\WINDOWS\Temp\cch~a6254094d25fd.htp Object is locked skipped
C:\WINDOWS\Temp\cch~a62540bf114d0.htp Object is locked skipped
C:\WINDOWS\Temp\cch~a6256e04ca89f.htp Object is locked skipped
C:\WINDOWS\Temp\cch~a6256e4335dda.htp Object is locked skipped
C:\WINDOWS\Temp\cch~a6256e4e551fd.htp Object is locked skipped
C:\WINDOWS\Temp\cch~a6256e5001bcd.htp Object is locked skipped
C:\WINDOWS\Temp\cch~a62656c92867f.htp Object is locked skipped
C:\WINDOWS\Temp\cch~a62656caf1d84.htp Object is locked skipped
C:\WINDOWS\Temp\cch~a6380fbaa3aba.htp Object is locked skipped
C:\WINDOWS\Temp\cch~a6380fbc2a5eb.htp Object is locked skipped
C:\WINDOWS\Temp\cch~a6380fd60e9b2.htp Object is locked skipped
C:\WINDOWS\Temp\cch~a6380fd811be5.htp Object is locked skipped
C:\WINDOWS\Temp\~DFFE54.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Blacklight:
10/26/06 02:12:49 [Info]: BlackLight Engine 1.0.47 initialized
10/26/06 02:12:49 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/26/06 02:12:49 [Note]: 7019 4
10/26/06 02:12:49 [Note]: 7005 0
10/26/06 02:12:50 [Note]: 7006 0
10/26/06 02:12:50 [Note]: 7011 3620
10/26/06 02:12:50 [Note]: 7026 0
10/26/06 02:12:50 [Note]: 7026 0
10/26/06 02:13:00 [Note]: FSRAW library version 1.7.1020
10/26/06 02:18:13 [Note]: 7007 0
  • 0

#10
Burton1

Burton1

    Member

  • Member
  • PipPipPip
  • 430 posts
Step 1

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Step 2

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Step 3

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405
  • 0

#11
DyMt1Q

DyMt1Q

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ok i did all that, now what do i do?
  • 0

#12
Burton1

Burton1

    Member

  • Member
  • PipPipPip
  • 430 posts
How is everything running? We did not find any evidence that it was maleware related.
  • 0

#13
DyMt1Q

DyMt1Q

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
well everything is running faster and cleaner and fixed a bunch of little problems, but i still can't double click my computer or any folder, it pops up the same thing:

---------------------------------------------------------------------------------
Data Executing Prevention - Microsoft Windows
To help protect your computer, Windows has closed this program:

Name:Windows Explorer
Publisher: Microsoft Corporation

[Close Message]

Data Execution Prevention helps protect against damage from viruses
and other security threats.
---------------------------------------------------------------------------------
  • 0

#14
Burton1

Burton1

    Member

  • Member
  • PipPipPip
  • 430 posts
Well everything seems to be clean.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place?

Here is a site that may help with your perticular problem.

http://bubble.ro/Dat...Windows_XP.html
  • 0

#15
therock247uk

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP