Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Installing Spybot ( other programs without internet access? )  (Read 20491 times)

0 Members and 1 Guest are viewing this topic.

Kryptonite

    Topic Starter


    Intermediate

  • It's not hard to tell where MY head is at
  • Thanked: 2
    Re: Installing Spybot ( other programs without internet access? )
    « Reply #15 on: August 05, 2008, 06:06:42 AM »
    Thanks for hanging in there with me; it's much appreciated!

    Stayed up til 1:40 AM to allow Dr Web to finish a "complete scan".
    The "quick scan" had FAR LESS issues than the complete one did; which took 4 and a half plus hours and had 40+ T_horse's and virus's; mostly TH's. i will post the report on it and anything else i noticed and wrote down or is recorded in a report.

    So here's the thing about not getting on the internet in the moment. One of my neighbors has a wireless which my laptop finds and access's. They know and are okay with it since i've been their computer geek fixing little stuff that most people should know but don't. The HP desktop has a network card in it but does not have a wireless card.

    But here's another reason for buying a used computer in the first place: my "home phone" is provided by a new device that just came to market in March of this year, it's called MagicJack. It, like Skype and a few other VOIP's need or at least work best with a high speed connection. ( i need to do a site search here on CH to see if it has been a topic of discussion.

    They theory behind the product is an excellent one and if it worked, ( the hardware which i suspect is the cause )  better than the one i have works, it would be a truly GREAT invention/product and could very well lead to changes in the billing structure of most communication GIANTS: ie ATT, Verizon, Sprint, etc etc.

    My product ( MagicJack ) doesn't work well and the company does not have ( and isn't this the irony of ironies ) a phone number of any kind: no tech, no Cus Service, nothing....they sell phone service and don't have a phone. If you need help you need to "chat" with someone who is clearly not an American; the kind that understand the nuances of communication. These idiots suggested that i try it on another computer. No one wants to allow a strange piece of equipment which downloads information in order to work to be stuck into their computer so i bought this one mostly as a computer that i can leave on 24/7 so i could have phone service all day instead of just when the laptop is on.

    i know, a long answer to a short question. Any short answer would lead to more questions so i hope that i covered the why it's not on the internet and why i bought it in the first place. This computer is also loaded with Office and several music, movie, and photo editors. With luck it will be working well and clean by Friday. That gives me some time to think about my own internet service. Any suggestions?
    The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

    Kryptonite

      Topic Starter


      Intermediate

    • It's not hard to tell where MY head is at
    • Thanked: 2
      Re: Installing Spybot ( other programs without internet access? )
      « Reply #16 on: August 05, 2008, 08:44:21 AM »
      It looks like Dr Web saved the file as an excel document. Never used excel so when i tried to do a select all to copy and past in a word, or notepad document it wouldn't allow me to do so. Any suggestions?
      The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 483
        • evilfantasy's blog
      • Experience: Familiar
      • OS: Windows 8
      Re: Installing Spybot ( other programs without internet access? )
      « Reply #17 on: August 05, 2008, 09:20:25 AM »
      Not sure on the Internet.

      Right click the Dr Web log excel file and choose Open with > Notepad.

      Then you can post the log.

      I will need a fresh HijackThis log also.


      Kryptonite

        Topic Starter


        Intermediate

      • It's not hard to tell where MY head is at
      • Thanked: 2
        Re: Installing Spybot ( other programs without internet access? )
        « Reply #18 on: August 05, 2008, 12:08:18 PM »
        DrWeb:

        rtmipr.dll;c:\windows\system32;Trojan.Fakealert.578;Deleted.;         
        824223.dll;C:\Documents and Settings\Faith\DoctorWeb\Quarantine;Trojan.Click.origin;Incurable.Moved.;         
        zfe1.exe;C:\Documents and Settings\HP_Administrator\Local Settings\Temp;Trojan.Fakealert.578;Deleted.;         
        SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Smokey\Desktop\New Stuff\SDFix.exe;Tool.Prockill;;         
        SDFix.exe;C:\Documents and Settings\Smokey\Desktop\New Stuff;Archive contains infected objects;Moved.;         
        KillWind.exe;C:\hp\bin;Tool.ProcessKill;Moved.;         
        data016\data001;C:\hp\bin\wbug\HPPavillion_Spring06.exe\data016;Adware.Msearch;;         
        data016\data005;C:\hp\bin\wbug\HPPavillion_Spring06.exe\data016;Adware.Msearch;;         
        data016;C:\hp\bin\wbug\HPPavillion_Spring06.exe;Archive contains infected objects;;         
        HPPavillion_Spring06.exe;C:\hp\bin\wbug;Archive contains infected objects;Moved.;         
        inetchk.exe;C:\Program Files\music_now;Trojan.Click.2093;Deleted.;         
        AOLCINST.EXE\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH\AOLCINST.EXE;Adware.Gdown;;         
        AOLCINST.EXE;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH;Archive contains infected objects;Moved.;         
        PPCInstall.dll;C:\Program Files\Online Services\PeoplePC;Probably STPAGE.Trojan;Moved.;         
        Process.exe;C:\SDFix\apps;Tool.Prockill;Moved.;         
        A0153073.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Virtumod.based.22;Deleted.;         
        A0153086.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Click.origin;Incurable.Moved.;         
        A0153209.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.6263;Deleted.;         
        A0153210.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153211.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153212.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153213.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153214.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153215.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153217.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153218.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153240.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.6263;Deleted.;         
        A0153241.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153242.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153243.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153244.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153245.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153246.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153251.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153252.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
        A0153292.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Fakealert.578;Deleted.;         
        A0153293.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Click.origin;Incurable.Moved.;         
        data016\data001;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153294.exe\data016;Adware.Msearch;;         
        data016\data005;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153294.exe\data016;Adware.Msearch;;         
        data016;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153294.exe;Archive contains infected objects;;         
        A0153294.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Archive contains infected objects;Moved.;         
        A0153295.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Click.2093;Deleted.;         
        A0153296.EXE\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153296.EXE;Adware.Gdown;;         
        A0153296.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Archive contains infected objects;Moved.;         
        sb6adts.htc\Script.0;C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard   L=Cupertino   S=Ca   C=US\Scripts\sb6adts.htc;Probably SCRIPT.Virus;;
        sb6adts.htc;C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard   L=Cupertino   S=Ca   C=US\Scripts;Archive contains infected objects;Moved.;
        firstopt.js;D:\I386\APPS\APP17062;Probably SCRIPT.Virus;Moved.;         
        data016\data001;D:\I386\APPS\APP27648\src\CompaqPresario_Spring06.exe\data016;Adware.Msearch;;         
        data016\data005;D:\I386\APPS\APP27648\src\CompaqPresario_Spring06.exe\data016;Adware.Msearch;;         
        data016;D:\I386\APPS\APP27648\src\CompaqPresario_Spring06.exe;Archive contains infected objects;;         
        CompaqPresario_Spring06.exe;D:\I386\APPS\APP27648\src;Archive contains infected objects;Moved.;         
        data016\data001;D:\I386\APPS\APP27648\src\HPPavillion_Spring06.exe\data016;Adware.Msearch;;         
        data016\data005;D:\I386\APPS\APP27648\src\HPPavillion_Spring06.exe\data016;Adware.Msearch;;         
        data016;D:\I386\APPS\APP27648\src\HPPavillion_Spring06.exe;Archive contains infected objects;;         
        HPPavillion_Spring06.exe;D:\I386\APPS\APP27648\src;Archive contains infected objects;Moved.;         
        data030\data002;D:\I386\APPS\APP27745\src\install\Worldwide-MediaCenter\games\cakemania-setup.exe\data030;Adware.SpywareStorm;;         
        data030;D:\I386\APPS\APP27745\src\install\Worldwide-MediaCenter\games\cakemania-setup.exe;Archive contains infected objects;;         
        cakemania-setup.exe;D:\I386\APPS\APP27745\src\install\Worldwide-MediaCenter\games;Archive contains infected objects;Moved.;         
        data016\data001;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153298.exe\data016;Adware.Msearch;;         
        data016\data005;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153298.exe\data016;Adware.Msearch;;         
        data016;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153298.exe;Archive contains infected objects;;         
        A0153298.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Archive contains infected objects;Moved.;         
        data016\data001;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153299.exe\data016;Adware.Msearch;;         
        data016\data005;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153299.exe\data016;Adware.Msearch;;         
        data016;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153299.exe;Archive contains infected objects;;         
        A0153299.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Archive contains infected objects;Moved.;         
        data030\data002;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153301.exe\data030;Adware.SpywareStorm;;         
        data030;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153301.exe;Archive contains infected objects;;         
        A0153301.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Archive contains infected objects;Moved.;         
        SDFix.exe\SDFix\apps\Process.exe;J:\SDFix.exe;Tool.Prockill;;         
        SDFix.exe;J:\;Archive contains infected objects;Moved.;         
        The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

        Kryptonite

          Topic Starter


          Intermediate

        • It's not hard to tell where MY head is at
        • Thanked: 2
          Re: Installing Spybot ( other programs without internet access? )
          « Reply #19 on: August 05, 2008, 12:11:46 PM »
          Malwarebytes' Anti-Malware 1.24
          Database version: 1012
          Windows 5.1.2600 Service Pack 2

          11:48:34 AM 8/5/2008
          mbam-log-8-5-2008 (11-48-34).txt

          Scan type: Quick Scan
          Objects scanned: 82158
          Time elapsed: 10 minute(s), 42 second(s)

          Memory Processes Infected: 0
          Memory Modules Infected: 0
          Registry Keys Infected: 28
          Registry Values Infected: 1
          Registry Data Items Infected: 28
          Folders Infected: 5
          Files Infected: 19

          Memory Processes Infected:
          (No malicious items detected)

          Memory Modules Infected:
          (No malicious items detected)

          Registry Keys Infected:
          HKEY_CLASSES_ROOT\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1} (Trojan.Zlob) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{0dfba66b-db48-4292-831a-e7186d8a61ae} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{46f309ae-9d11-4c10-9d20-2c084b1c8bce} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{4cb95561-af37-4bbd-823c-1e355a744a43} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{76157861-4996-4711-90e4-6d868b877b24} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{81da01db-8100-4865-b9b0-a83f54378435} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{910ef37b-a486-41fc-8a1b-28c5581ab3ac} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{a6b2bc38-7f2a-4202-9b43-a28615727fee} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{b11da4c8-52dc-44a2-b21b-02bf7a93eb5b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{b5adbfca-c6de-4e5a-a2da-70aa2933b696} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{b5ae5932-f1b3-45e4-842a-59eea65b13a8} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{ba18ba7b-9567-4408-9b87-3d3990c3969e} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{d56509ab-9821-4db0-bf2f-115159804140} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{dff203ea-222c-44fa-8b78-ed88b4587aa2} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{eb22b708-e0d3-4fce-800b-6dd0c5b30d42} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{f1ea02f8-e536-4828-bfb7-3de7fa4d4b09} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{f6e18622-dfa8-4dba-b05e-d3d147e16d44} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Typelib\{23624bd0-2a69-4f91-be6a-9f1f22b72c13} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\ParisHilton (Adware.NaviPromo) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusheat 4.4.exe 4.4 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusheat 4.4 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\virusheat 4.4 (Rogue.VirusHeat) -> Quarantined and deleted successfully.

          Registry Values Infected:
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.

          Registry Data Items Infected:
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61 85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35e39329-7823-4a4c-b025-8ee21ae56824}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35e39329-7823-4a4c-b025-8ee21ae56824}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4d589907-2d53-4dba-8511-d302d05be3eb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{885f0345-ae0c-4623-9660-8d23adbee7cf}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{885f0345-ae0c-4623-9660-8d23adbee7cf}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{892900fc-9814-4488-99c0-81491c1ee93d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{892900fc-9814-4488-99c0-81491c1ee93d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d74b1918-fb1e-4e3d-9d7e-91f8add8bf48}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61 85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{35e39329-7823-4a4c-b025-8ee21ae56824}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{35e39329-7823-4a4c-b025-8ee21ae56824}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4d589907-2d53-4dba-8511-d302d05be3eb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{885f0345-ae0c-4623-9660-8d23adbee7cf}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{885f0345-ae0c-4623-9660-8d23adbee7cf}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{892900fc-9814-4488-99c0-81491c1ee93d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{892900fc-9814-4488-99c0-81491c1ee93d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d74b1918-fb1e-4e3d-9d7e-91f8add8bf48}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61 85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{35e39329-7823-4a4c-b025-8ee21ae56824}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{35e39329-7823-4a4c-b025-8ee21ae56824}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{4d589907-2d53-4dba-8511-d302d05be3eb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{885f0345-ae0c-4623-9660-8d23adbee7cf}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{885f0345-ae0c-4623-9660-8d23adbee7cf}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{892900fc-9814-4488-99c0-81491c1ee93d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{892900fc-9814-4488-99c0-81491c1ee93d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d74b1918-fb1e-4e3d-9d7e-91f8add8bf48}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

          Folders Infected:
          C:\Documents and Settings\HP_Administrator\Start Menu\Programs\VirusHeat 4.4 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          C:\Documents and Settings\HP_Administrator\Application Data\Seekmo (Adware.Agent) -> Quarantined and deleted successfully.
          C:\Documents and Settings\All Users\Application Data\SeekmoSA (Adware.Seekmo) -> Quarantined and deleted successfully.
          C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
          C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

          Files Infected:
          C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ylwian_navps.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
          C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ylwian_nav.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
          C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ylwian.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
          C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ylwian.exe (Adware.Navipromo) -> Quarantined and deleted successfully.
          C:\Documents and Settings\HP_Administrator\Start Menu\Programs\VirusHeat 4.4\Uninstall VirusHeat 4.4.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          C:\Documents and Settings\HP_Administrator\Start Menu\Programs\VirusHeat 4.4\VirusHeat 4.4 Website.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          C:\Documents and Settings\HP_Administrator\Start Menu\Programs\VirusHeat 4.4\VirusHeat 4.4.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
          C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht (Adware.Seekmo) -> Quarantined and deleted successfully.
          C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht (Adware.Seekmo) -> Quarantined and deleted successfully.
          C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo\Reset Cursor.lnk (Adware.Seekmo) -> Quarantined and deleted successfully.
          C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk (Adware.Seekmo) -> Quarantined and deleted successfully.
          C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo\Seekmo Uninstall Instructions.lnk (Adware.Seekmo) -> Quarantined and deleted successfully.
          C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
          C:\Documents and Settings\HP_Administrator\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
          C:\Documents and Settings\HP_Administrator\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
          C:\Documents and Settings\HP_Administrator\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
          C:\Documents and Settings\HP_Administrator\Start Menu\VirusHeat 4.4.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
          C:\Documents and Settings\HP_Administrator\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
          The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

          Kryptonite

            Topic Starter


            Intermediate

          • It's not hard to tell where MY head is at
          • Thanked: 2
            Re: Installing Spybot ( other programs without internet access? )
            « Reply #20 on: August 05, 2008, 12:12:59 PM »
            Logfile of Trend Micro HijackThis v2.0.0 (BETA)
            Scan saved at 2:00:52 PM, on 8/5/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\WINDOWS\arservice.exe
            C:\Program Files\Bonjour\mDNSResponder.exe
            C:\WINDOWS\eHome\ehRecvr.exe
            C:\WINDOWS\eHome\ehSched.exe
            C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Trend Micro\BM\TMBMSRV.exe
            C:\WINDOWS\system32\dllhost.exe
            C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
            C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\ehome\ehtray.exe
            C:\WINDOWS\eHome\ehmsas.exe
            C:\WINDOWS\RTHDCPL.EXE
            C:\WINDOWS\ARPWRMSG.EXE
            C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
            C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
            C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
            C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            C:\HP\KBD\KBD.EXE
            C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            c:\windows\system\hpsysdrv.exe
            C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
            C:\Program Files\iTunes\iTunesHelper.exe
            C:\Program Files\iPod\bin\iPodService.exe
            J:\HiJackThis_v2.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
            O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
            O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
            O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
            O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
            O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
            O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
            O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
            O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
            O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
            O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
            O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"
            O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
            O4 - HKLM\..\Run: [kdikh.exe] C:\WINDOWS\system32\kdikh.exe
            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
            O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
            O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
            O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
            O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
            O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
            O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
            O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
            O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
            O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183160767453
            O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
            O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
            O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
            O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
            O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
            O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
            O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
            O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

            --
            End of file - 9926 bytes
            The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 483
              • evilfantasy's blog
            • Experience: Familiar
            • OS: Windows 8
            Re: Installing Spybot ( other programs without internet access? )
            « Reply #21 on: August 05, 2008, 12:18:33 PM »
            Are you online with the PC now? How did you get MBAM to run?

            Kryptonite

              Topic Starter


              Intermediate

            • It's not hard to tell where MY head is at
            • Thanked: 2
              Re: Installing Spybot ( other programs without internet access? )
              « Reply #22 on: August 05, 2008, 05:19:33 PM »
              Are you online with the PC now? How did you get MBAM to run?

              On hold with Time Warner now. Downloaded the program to the jump drive and it looks like it cleaned things up nicely from what I can see.

              Got a way to connect now but the computer won't connect. What a waste of time waiting for these people to have time to help you. Been on hold now for 17 minutes listening to bad music.

              The modem and cable seem to work on my laptop but not on the desktop.
              The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 483
                • evilfantasy's blog
              • Experience: Familiar
              • OS: Windows 8
              Re: Installing Spybot ( other programs without internet access? )
              « Reply #23 on: August 05, 2008, 10:14:05 PM »
              Let me know what you find out about the Internet connection so I will know which way to go next.


              Kryptonite

                Topic Starter


                Intermediate

              • It's not hard to tell where MY head is at
              • Thanked: 2
                Re: Installing Spybot ( other programs without internet access? )
                « Reply #24 on: August 06, 2008, 08:21:42 AM »
                Yes I managed to get connected.

                Obviously everything that was scheduled to update either tried to do so or Trend Micro was asking me if i wanted to allow the connection; which i denied.
                i wanted to load spybot and firefox before i did anything else...( i was concerned about signing onto to Computerhope or any other sight that required signing-in and also wondered if a Trojan Horse or any other adware, virus, might search for the new information that i needed to just get by the password protect sign-in screen which i wasn't on and "guest" wasn't an option.

                So here's where i'm at: back on my laptop mainly because there is an obvious problem detecting and removing one of those "bad things" that doesn't want to be removed.

                All of those programs that you advised me to use worked well enough for me to rid the computer of what seemed like ALL of the "bad things". But spybot found quite a few other problems. And for the first time since i started using spybot, it informed me that one problem needed to be removed after a restart. After restart spybot displayed a screen that is new to me; it ran in it's own window over a desktop with no icons. It took over 20 minutes to run and when it was done the rest of the desktop appeared. i installed firefox, upgraded it, then loaded Zone Alarm. Now there are warnings about "an application" that is trying to access the internet which i keep denying.
                Since i didn't want to sign into Computerhope on that computer and could only access the net with one computer or the other ( at least for now ) Since it was around 1:30 AM when spybot stopped running for the second time and it seemed to find that same problem which they claim couldn't be removed until restart; i turned everything off and went to sleep.
                This morning i unplugged the network cable from the desktop, plugged it into the laptop, turned on the modem, and signed on here while the desktop is still running...whatever this "bad thing" is i need it gone!
                Until the program stops running i can't get the latest version of hijack this.

                BTW Where and when in this whole process should i go to MS update sight and get service pack 3 and any other update that might be needed?
                The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                Kryptonite

                  Topic Starter


                  Intermediate

                • It's not hard to tell where MY head is at
                • Thanked: 2
                  Re: Installing Spybot ( other programs without internet access? )
                  « Reply #25 on: August 06, 2008, 08:41:58 AM »
                  That "Application" that is trying to access the internet is: ( SpFnUp )
                  The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Calm like a bomb
                  • Thanked: 483
                    • evilfantasy's blog
                  • Experience: Familiar
                  • OS: Windows 8
                  Re: Installing Spybot ( other programs without internet access? )
                  « Reply #26 on: August 06, 2008, 03:27:58 PM »
                  Download Combofix by sUBs from one of the below links. Be sure top save it to the Desktop.
                  Link #1
                  Link #2

                  Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.

                  Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
                   
                  Double click combofix.exe & follow the prompts.
                   
                  When finished ComboFix will produce a log for you.Post that log in your next reply.

                  Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

                  Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

                  Kryptonite

                    Topic Starter


                    Intermediate

                  • It's not hard to tell where MY head is at
                  • Thanked: 2
                    Re: Installing Spybot ( other programs without internet access? )
                    « Reply #27 on: August 07, 2008, 06:32:28 AM »
                    Sorry that this is taking so long.

                    As soon as i finish doing my bill pay stuff on this laptop i'll turn off the modem and plug it into the desktop to download those Link #1
                    Link #2
                    then post the results.

                    But i would like to tell you another thing i found out about this last "bad thing" that i found out from other sources. The last "bad thing" is what spybot calls " 3 PUPS " from "WildTangent. Still a little confused about this. It seems that WildTangent is a game company. Yes there are a few games on this computer that didn't come with the Windows OS. Gaming is not my thing so i could easily do away with the games. However one site instructs us to uninstall WildTangent from add/remove in the control panel. i don't see it there.
                    Another site says that WildTangent can come with a movie program of which there are more than one. The one that i've heard some bad things about is called "Muvee". i don't need a movie editor or a program other than Media Center by MS.
                    Is there a way of identifying which "games" and movie programs that are related to WildTangent and uninstalling them?
                    Can i delete a folder from my root directory using windows explorer? If not the folder AND it's contents maybe just the contents since i found the folder related to the warning?

                    Will get back to you soon with the results of your last instructions.
                    The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                    Kryptonite

                      Topic Starter


                      Intermediate

                    • It's not hard to tell where MY head is at
                    • Thanked: 2
                      Re: Installing Spybot ( other programs without internet access? )
                      « Reply #28 on: August 07, 2008, 06:51:58 AM »
                      From: http://www.tempusfugit.ca/hp_dv6408ca.html

                      Widtangent spyware - do a search for this!
                      what they say on their support page: WildTangent is not spyware. Some of our games do collect anonymous usage information.
                      Very interesting that the think that thy have to say this!!!!!!

                      So maybe this came with HP since it is a media model?
                      The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                      Kryptonite

                        Topic Starter


                        Intermediate

                      • It's not hard to tell where MY head is at
                      • Thanked: 2
                        Re: Installing Spybot ( other programs without internet access? )
                        « Reply #29 on: August 07, 2008, 08:21:59 AM »
                        Went to download the links you posted and got a warning from Trend Micro. So i did a search and found this:
                        It has recently been discovered, that there is a rootkit in the wild that can cause Combofix to start wiping files from hard drives. Therefore, Combofix has been withdrawn and is not safe to use, until further notice.

                        I urge anyone who has a copy of Combofix to delete it from their system immediately.

                        Quoted by "sUBs" the author of Combofix:
                        "I have just encountered a rootkit that will cause CF to recursively delete all files from SystemDrive.

                        Pulling the tool till further notice.

                        Please inform your users not to use CF. Who knows if that rootkit is in there.

                        Please spread the word. Also have users delete their copies of CF"

                        The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.