Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Installing Spybot ( other programs without internet access? )  (Read 38306 times)

0 Members and 2 Guests are viewing this topic.

Kryptonite

    Topic Starter


    Intermediate

  • It's not hard to tell where MY head is at
  • Thanked: 2
    Installing Spybot ( other programs without internet access? )
    « on: August 04, 2008, 07:34:26 AM »
    Background:
    I purchased a used HP  desktop from a family at a garage sale last week. If it matters it is an HP a1616n with a Pentium D 820, 1 gig of Ram and a 224 Gig HD running XP. Of course the people assured me that it ran perfectly well and "The only reason we're selling it is because my company bought me a new laptop" There's some interesting things that I found when I got it back home; it was very dirty ( dust blocking the fan holes etc ) so i spent a lot of time cleaning it before cranking it up.

    They have Trend Micro on it and a spyware program called "HEAT" which found 224 threats; but the trial version had expired and it wanted me to buy the program before removing the threats. Instead of doing that I thought to install spybot from a jump drive. But when i tried to install the program it wants access to the internet which is something i don't have in the moment.

    Is there another spyware program that i can load and run without having internet access?

    i also know that some of you recommend running hijack this which i did and here's the results.
    Any suggestions?

    Thanks
    Krypto

    hijackthis results:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 9:02:44 AM, on 8/4/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\VirusHeat 4.4\VirusHeat 4.4.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    J:\HiJackThis_v2.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: 824223 helper - {34CF6660-9BD3-431A-BA32-6B511D4126DA} - C:\WINDOWS\system32\824223\824223.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
    O4 - HKLM\..\Run: [kdikh.exe] C:\WINDOWS\system32\kdikh.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [VirusHeat 4.4] "C:\Program Files\VirusHeat 4.4\VirusHeat 4.4.exe" /h
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-21-2615943932-2791223441-3479229919-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Faith')
    O4 - HKUS\S-1-5-21-2615943932-2791223441-3479229919-1008\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Faith')
    O4 - HKUS\S-1-5-21-2615943932-2791223441-3479229919-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Faith')
    O4 - S-1-5-21-2615943932-2791223441-3479229919-1008 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Faith')
    O4 - S-1-5-21-2615943932-2791223441-3479229919-1008 User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Faith')
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183160767453
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O17 - HKLM\System\CCS\Services\Tcpip\..\{35E39329-7823-4A4C-B025-8EE21AE56824}: NameServer = 85.255.115.61,85.255.112.113
    O17 - HKLM\System\CCS\Services\Tcpip\..\{885F0345-AE0C-4623-9660-8D23ADBEE7CF}: NameServer = 85.255.115.61,85.255.112.113
    O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 85.255.115.61,85.255.112.113
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D74B1918-FB1E-4E3D-9D7E-91F8ADD8BF48}: NameServer = 85.255.115.61,85.255.112.113
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.113
    O17 - HKLM\System\CS1\Services\Tcpip\..\{35E39329-7823-4A4C-B025-8EE21AE56824}: NameServer = 85.255.115.61,85.255.112.113
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.113
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

    --
    End of file - 12961 bytes
    The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

    drmsucks



      Specialist

      Re: Installing Spybot ( other programs without internet access? )
      « Reply #1 on: August 04, 2008, 12:53:51 PM »
      Did you receive the Windows disk or HP Recovery disk with the computer?

      Is there a Recovery partition on the hard drive?

      I'm sure that a forum malware expert will opine on your HJT log, but, consider this: If you have either of the above, consider a recovery which will put the computer hard drive files back to the original, new condition. Do you really want to mess with the previous owner's problems? If you do a recovery, all you'll need to deal with regarding software is the 'crapware' that HP installed - easily gotten rid of.

      Best of luck.
      If you don't have time to do it right
                      ...when will you have time to do it over?

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: Installing Spybot ( other programs without internet access? )
      « Reply #2 on: August 04, 2008, 01:24:06 PM »
      Moved to the Computer viruses and spyware forum.

      VirusHeat is a rouge program. It has malware in it. http://www.bleepingcomputer.com/startups/VirusHeat_4.4-22857.html

      This PC is also severely infected with a variety of malware.

      When will you be able to have Internet access?

      Use a flash drive to transfer over these tools.

      SDFix

      DrWeb CureIt < Be sure to update this on a PC with Internet access before transferring it.

      Uninstall the version of HijackThis and install the new one.

      TrendMicro HijackThis.exe (HJT)

      I will need the logs.

      ----------


      When using this tool, you must use the Administrator's account or an account with Administrative rights

      • Double click SDFix.exe and it will extract the files to %systemdrive%
      • (this is the drive that contains the Windows Directory, typically C:\SDFix).
      • DO NOT use it just yet.
      Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

      Open the SDFix folder and double click RunThis.bat to start the script.
      • Type Y to begin the cleanup process.
      • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
      • Press any Key and it will restart the PC.
      • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
      • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
      • Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.
      .
      ----------

      Scan with DrWeb-CureIt as follows:
      • Double-click on drweb-cureit.exe and then click Start.
      • An Express Scan of your PC notice will appear.
      • Under Start the Express Scan Now Click OK to start.
        • This is a short scan that will scan the files currently running in memory.
        • If or when something is found, click the Yes button when it asks you if you want to cure it.
      • Once the short scan has finished, Click Options > Change settings
      • Choose the Scan tab and UNcheck Heuristic analysis and click OK
      • Back at the main window, select the Complete scan button.
      • Then click the Green Arrow Start Scanning button on the right and the scan will start.
        • Click Yes to all if it asks if you want to cure/move any file(s).
      • When the scan is done.
      • In the Dr.Web CureIt menu on top left, click File and choose Save report list.
      • Save the DrWeb.csv report to your Desktop.
      • Exit Dr.Web Cureit.
      • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
      [/COLOR]
      • After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
      • Copy and paste that log in the next reply
      .
      ----------

      Now run a new HijackThis scan and post the log.


      Kryptonite

        Topic Starter


        Intermediate

      • It's not hard to tell where MY head is at
      • Thanked: 2
        Re: Installing Spybot ( other programs without internet access? )
        « Reply #3 on: August 04, 2008, 02:25:18 PM »
        Did you receive the Windows disk or HP Recovery disk with the computer?

        Is there a Recovery partition on the hard drive?

        I'm sure that a forum malware expert will opine on your HJT log, but, consider this: If you have either of the above, consider a recovery which will put the computer hard drive files back to the original, new condition. Do you really want to mess with the previous owner's problems? If you do a recovery, all you'll need to deal with regarding software is the 'crapware' that HP installed - easily gotten rid of.

        Best of luck.

        I asked. No disks what so ever! If I can't clean this puppy up it may need to be put down!
        The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

        evilfantasy

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Calm like a bomb
        • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: Installing Spybot ( other programs without internet access? )
        « Reply #4 on: August 04, 2008, 02:27:47 PM »
        It can be cleaned. It will be a bit more involved for us without it having Internet access but it can be done.

        Kryptonite

          Topic Starter


          Intermediate

        • It's not hard to tell where MY head is at
        • Thanked: 2
          Re: Installing Spybot ( other programs without internet access? )
          « Reply #5 on: August 04, 2008, 02:32:59 PM »
          Moved to the Computer viruses and spyware forum.

          VirusHeat is a rouge program. It has malware in it. http://www.bleepingcomputer.com/startups/VirusHeat_4.4-22857.html

          This PC is also severely infected with a variety of malware.

          When will you be able to have Internet access?

          Use a flash drive to transfer over these tools.

          SDFix

          DrWeb CureIt < Be sure to update this on a PC with Internet access before transferring it.

          Uninstall the version of HijackThis and install the new one.

          TrendMicro HijackThis.exe (HJT)

          I will need the logs.

          ----------


          When using this tool, you must use the Administrator's account or an account with Administrative rights

          • Double click SDFix.exe and it will extract the files to %systemdrive%
          • (this is the drive that contains the Windows Directory, typically C:\SDFix).
          • DO NOT use it just yet.
          Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

          Open the SDFix folder and double click RunThis.bat to start the script.
          • Type Y to begin the cleanup process.
          • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
          • Press any Key and it will restart the PC.
          • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
          • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
          • Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.
          .
          ----------

          Scan with DrWeb-CureIt as follows:
          • Double-click on drweb-cureit.exe and then click Start.
          • An Express Scan of your PC notice will appear.
          • Under Start the Express Scan Now Click OK to start.
            • This is a short scan that will scan the files currently running in memory.
            • If or when something is found, click the Yes button when it asks you if you want to cure it.
          • Once the short scan has finished, Click Options > Change settings
          • Choose the Scan tab and UNcheck Heuristic analysis and click OK
          • Back at the main window, select the Complete scan button.
          • Then click the Green Arrow Start Scanning button on the right and the scan will start.
            • Click Yes to all if it asks if you want to cure/move any file(s).
          • When the scan is done.
          • In the Dr.Web CureIt menu on top left, click File and choose Save report list.
          • Save the DrWeb.csv report to your Desktop.
          • Exit Dr.Web Cureit.
          • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
          [/COLOR]
          • After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
          • Copy and paste that log in the next reply
          .
          ----------

          Now run a new HijackThis scan and post the log.



          Programs now on jump drive. How do I update that one program on my internet access computer...will it update right on the jumpdrive?

          Gotta make a quick run to the post office and will be back soon to attempt a miracle.

          Thanks!

          Krypto
          The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: Installing Spybot ( other programs without internet access? )
          « Reply #6 on: August 04, 2008, 02:34:48 PM »
          It will update on the drive as long as there is Internet access I'm pretty sure (never tried it like that). If not just download/update it on the Desktop then cut and paste it to the flash drive.

          Kryptonite

            Topic Starter


            Intermediate

          • It's not hard to tell where MY head is at
          • Thanked: 2
            Re: Installing Spybot ( other programs without internet access? )
            « Reply #7 on: August 04, 2008, 04:34:39 PM »
            Starting the process. Noticed that when i chose "safe mode" it asked if i want to boot in the "recovery mode" is there any reason to copy this drive to a DVD or other media?
            The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: Installing Spybot ( other programs without internet access? )
            « Reply #8 on: August 04, 2008, 04:39:35 PM »
            Do you mean the Recovery Console?

            If you copy the drive you will be copying infected files...

            Kryptonite

              Topic Starter


              Intermediate

            • It's not hard to tell where MY head is at
            • Thanked: 2
              Re: Installing Spybot ( other programs without internet access? )
              « Reply #9 on: August 04, 2008, 04:51:40 PM »
              It will update on the drive as long as there is Internet access I'm pretty sure (never tried it like that). If not just download/update it on the Desktop then cut and paste it to the flash drive.

              SDFix is presenting a lot of " An instable Virtual device driver failed dll choose close to terminate app
              Now i got a message that said this process may take up to 20 mins...

              There really is a lot of crap on this computer....wonder where Daddy was visiting...or was it mommy? ;D
              The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: Installing Spybot ( other programs without internet access? )
              « Reply #10 on: August 04, 2008, 05:02:34 PM »
              If SDFix gives too many problems skip it and run the Dr. Web instead then post a new HijackThis log.

              Kryptonite

                Topic Starter


                Intermediate

              • It's not hard to tell where MY head is at
              • Thanked: 2
                Re: Installing Spybot ( other programs without internet access? )
                « Reply #11 on: August 04, 2008, 05:03:24 PM »


                ----------


                When using this tool, you must use the Administrator's account or an account with Administrative rights

                • Double click SDFix.exe and it will extract the files to %systemdrive%
                • (this is the drive that contains the Windows Directory, typically C:\SDFix).
                • DO NOT use it just yet.
                Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

                Open the SDFix folder and double click RunThis.bat to start the script.
                • Type Y to begin the cleanup process.
                • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
                • Press any Key and it will restart the PC.
                • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
                • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
                • Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.
                .
                ----------

                Might have hit a glitch since the sdfix screen disappeared but i was not prompted to reboot. The screen is black with SafeMode in each corner and a MS XP code is across the top....not sure what to do now?
                The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                Re: Installing Spybot ( other programs without internet access? )
                « Reply #12 on: August 04, 2008, 05:07:08 PM »
                If it doesn't restart by itself then restart manually.

                Then look in C:\SDFix for the log if it does not pop up or save to the desktop on it's own.

                Kryptonite

                  Topic Starter


                  Intermediate

                • It's not hard to tell where MY head is at
                • Thanked: 2
                  Re: Installing Spybot ( other programs without internet access? )
                  « Reply #13 on: August 04, 2008, 06:51:42 PM »
                  If it doesn't restart by itself then restart manually.

                  Then look in C:\SDFix for the log if it does not pop up or save to the desktop on it's own.

                  Logfile of Trend Micro HijackThis v2.0.0 (BETA)
                  Scan saved at 7:40:00 PM, on 8/4/2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\wscntfy.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\ehome\ehtray.exe
                  C:\WINDOWS\eHome\ehmsas.exe
                  C:\WINDOWS\RTHDCPL.EXE
                  C:\WINDOWS\ARPWRMSG.EXE
                  C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
                  C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
                  C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
                  C:\Program Files\QuickTime\QTTask.exe
                  C:\Program Files\iTunes\iTunesHelper.exe
                  C:\Program Files\VirusHeat 4.4\VirusHeat 4.4.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
                  C:\HP\KBD\KBD.EXE
                  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                  c:\windows\system\hpsysdrv.exe
                  J:\HiJackThis_v2.exe

                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                  O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                  O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
                  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
                  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                  O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
                  O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
                  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                  O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
                  O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
                  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
                  O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
                  O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
                  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
                  O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"
                  O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
                  O4 - HKLM\..\Run: [kdikh.exe] C:\WINDOWS\system32\kdikh.exe
                  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                  O4 - HKLM\..\Run: [VirusHeat 4.4] "C:\Program Files\VirusHeat 4.4\VirusHeat 4.4.exe" /h
                  O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
                  O4 - HKLM\..\RunOnce: [SDFix] C:\SDFix\RunThis.bat /second
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                  O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
                  O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
                  O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
                  O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
                  O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
                  O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
                  O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
                  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
                  O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
                  O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                  O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
                  O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183160767453
                  O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
                  O17 - HKLM\System\CCS\Services\Tcpip\..\{35E39329-7823-4A4C-B025-8EE21AE56824}: NameServer = 85.255.115.61,85.255.112.113
                  O17 - HKLM\System\CCS\Services\Tcpip\..\{885F0345-AE0C-4623-9660-8D23ADBEE7CF}: NameServer = 85.255.115.61,85.255.112.113
                  O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 85.255.115.61,85.255.112.113
                  O17 - HKLM\System\CCS\Services\Tcpip\..\{D74B1918-FB1E-4E3D-9D7E-91F8ADD8BF48}: NameServer = 85.255.115.61,85.255.112.113
                  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.113
                  O17 - HKLM\System\CS1\Services\Tcpip\..\{35E39329-7823-4A4C-B025-8EE21AE56824}: NameServer = 85.255.115.61,85.255.112.113
                  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.113
                  O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
                  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
                  O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll
                  O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                  O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
                  O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
                  O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
                  O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

                  --
                  End of file - 10734 bytes
                  The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Calm like a bomb
                  • Thanked: 493
                  • Experience: Experienced
                  • OS: Windows 11
                  Re: Installing Spybot ( other programs without internet access? )
                  « Reply #14 on: August 04, 2008, 07:18:43 PM »
                  What about Dr. Web?

                  Why can't you go onto the Internet with the computer?

                  Kryptonite

                    Topic Starter


                    Intermediate

                  • It's not hard to tell where MY head is at
                  • Thanked: 2
                    Re: Installing Spybot ( other programs without internet access? )
                    « Reply #15 on: August 05, 2008, 06:06:42 AM »
                    Thanks for hanging in there with me; it's much appreciated!

                    Stayed up til 1:40 AM to allow Dr Web to finish a "complete scan".
                    The "quick scan" had FAR LESS issues than the complete one did; which took 4 and a half plus hours and had 40+ T_horse's and virus's; mostly TH's. i will post the report on it and anything else i noticed and wrote down or is recorded in a report.

                    So here's the thing about not getting on the internet in the moment. One of my neighbors has a wireless which my laptop finds and access's. They know and are okay with it since i've been their computer geek fixing little stuff that most people should know but don't. The HP desktop has a network card in it but does not have a wireless card.

                    But here's another reason for buying a used computer in the first place: my "home phone" is provided by a new device that just came to market in March of this year, it's called MagicJack. It, like Skype and a few other VOIP's need or at least work best with a high speed connection. ( i need to do a site search here on CH to see if it has been a topic of discussion.

                    They theory behind the product is an excellent one and if it worked, ( the hardware which i suspect is the cause )  better than the one i have works, it would be a truly GREAT invention/product and could very well lead to changes in the billing structure of most communication GIANTS: ie ATT, Verizon, Sprint, etc etc.

                    My product ( MagicJack ) doesn't work well and the company does not have ( and isn't this the irony of ironies ) a phone number of any kind: no tech, no Cus Service, nothing....they sell phone service and don't have a phone. If you need help you need to "chat" with someone who is clearly not an American; the kind that understand the nuances of communication. These idiots suggested that i try it on another computer. No one wants to allow a strange piece of equipment which downloads information in order to work to be stuck into their computer so i bought this one mostly as a computer that i can leave on 24/7 so i could have phone service all day instead of just when the laptop is on.

                    i know, a long answer to a short question. Any short answer would lead to more questions so i hope that i covered the why it's not on the internet and why i bought it in the first place. This computer is also loaded with Office and several music, movie, and photo editors. With luck it will be working well and clean by Friday. That gives me some time to think about my own internet service. Any suggestions?
                    The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                    Kryptonite

                      Topic Starter


                      Intermediate

                    • It's not hard to tell where MY head is at
                    • Thanked: 2
                      Re: Installing Spybot ( other programs without internet access? )
                      « Reply #16 on: August 05, 2008, 08:44:21 AM »
                      It looks like Dr Web saved the file as an excel document. Never used excel so when i tried to do a select all to copy and past in a word, or notepad document it wouldn't allow me to do so. Any suggestions?
                      The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                      evilfantasy

                      • Malware Removal Specialist
                      • Moderator


                      • Genius
                      • Calm like a bomb
                      • Thanked: 493
                      • Experience: Experienced
                      • OS: Windows 11
                      Re: Installing Spybot ( other programs without internet access? )
                      « Reply #17 on: August 05, 2008, 09:20:25 AM »
                      Not sure on the Internet.

                      Right click the Dr Web log excel file and choose Open with > Notepad.

                      Then you can post the log.

                      I will need a fresh HijackThis log also.


                      Kryptonite

                        Topic Starter


                        Intermediate

                      • It's not hard to tell where MY head is at
                      • Thanked: 2
                        Re: Installing Spybot ( other programs without internet access? )
                        « Reply #18 on: August 05, 2008, 12:08:18 PM »
                        DrWeb:

                        rtmipr.dll;c:\windows\system32;Trojan.Fakealert.578;Deleted.;         
                        824223.dll;C:\Documents and Settings\Faith\DoctorWeb\Quarantine;Trojan.Click.origin;Incurable.Moved.;         
                        zfe1.exe;C:\Documents and Settings\HP_Administrator\Local Settings\Temp;Trojan.Fakealert.578;Deleted.;         
                        SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Smokey\Desktop\New Stuff\SDFix.exe;Tool.Prockill;;         
                        SDFix.exe;C:\Documents and Settings\Smokey\Desktop\New Stuff;Archive contains infected objects;Moved.;         
                        KillWind.exe;C:\hp\bin;Tool.ProcessKill;Moved.;         
                        data016\data001;C:\hp\bin\wbug\HPPavillion_Spring06.exe\data016;Adware.Msearch;;         
                        data016\data005;C:\hp\bin\wbug\HPPavillion_Spring06.exe\data016;Adware.Msearch;;         
                        data016;C:\hp\bin\wbug\HPPavillion_Spring06.exe;Archive contains infected objects;;         
                        HPPavillion_Spring06.exe;C:\hp\bin\wbug;Archive contains infected objects;Moved.;         
                        inetchk.exe;C:\Program Files\music_now;Trojan.Click.2093;Deleted.;         
                        AOLCINST.EXE\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH\AOLCINST.EXE;Adware.Gdown;;         
                        AOLCINST.EXE;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH;Archive contains infected objects;Moved.;         
                        PPCInstall.dll;C:\Program Files\Online Services\PeoplePC;Probably STPAGE.Trojan;Moved.;         
                        Process.exe;C:\SDFix\apps;Tool.Prockill;Moved.;         
                        A0153073.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Virtumod.based.22;Deleted.;         
                        A0153086.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Click.origin;Incurable.Moved.;         
                        A0153209.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.6263;Deleted.;         
                        A0153210.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153211.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153212.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153213.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153214.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153215.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153217.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153218.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153240.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.6263;Deleted.;         
                        A0153241.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153242.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153243.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153244.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153245.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153246.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153251.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153252.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Popuper.7004;Deleted.;         
                        A0153292.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Fakealert.578;Deleted.;         
                        A0153293.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Click.origin;Incurable.Moved.;         
                        data016\data001;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153294.exe\data016;Adware.Msearch;;         
                        data016\data005;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153294.exe\data016;Adware.Msearch;;         
                        data016;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153294.exe;Archive contains infected objects;;         
                        A0153294.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Archive contains infected objects;Moved.;         
                        A0153295.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Trojan.Click.2093;Deleted.;         
                        A0153296.EXE\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153296.EXE;Adware.Gdown;;         
                        A0153296.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Archive contains infected objects;Moved.;         
                        sb6adts.htc\Script.0;C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard   L=Cupertino   S=Ca   C=US\Scripts\sb6adts.htc;Probably SCRIPT.Virus;;
                        sb6adts.htc;C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard   L=Cupertino   S=Ca   C=US\Scripts;Archive contains infected objects;Moved.;
                        firstopt.js;D:\I386\APPS\APP17062;Probably SCRIPT.Virus;Moved.;         
                        data016\data001;D:\I386\APPS\APP27648\src\CompaqPresario_Spring06.exe\data016;Adware.Msearch;;         
                        data016\data005;D:\I386\APPS\APP27648\src\CompaqPresario_Spring06.exe\data016;Adware.Msearch;;         
                        data016;D:\I386\APPS\APP27648\src\CompaqPresario_Spring06.exe;Archive contains infected objects;;         
                        CompaqPresario_Spring06.exe;D:\I386\APPS\APP27648\src;Archive contains infected objects;Moved.;         
                        data016\data001;D:\I386\APPS\APP27648\src\HPPavillion_Spring06.exe\data016;Adware.Msearch;;         
                        data016\data005;D:\I386\APPS\APP27648\src\HPPavillion_Spring06.exe\data016;Adware.Msearch;;         
                        data016;D:\I386\APPS\APP27648\src\HPPavillion_Spring06.exe;Archive contains infected objects;;         
                        HPPavillion_Spring06.exe;D:\I386\APPS\APP27648\src;Archive contains infected objects;Moved.;         
                        data030\data002;D:\I386\APPS\APP27745\src\install\Worldwide-MediaCenter\games\cakemania-setup.exe\data030;Adware.SpywareStorm;;         
                        data030;D:\I386\APPS\APP27745\src\install\Worldwide-MediaCenter\games\cakemania-setup.exe;Archive contains infected objects;;         
                        cakemania-setup.exe;D:\I386\APPS\APP27745\src\install\Worldwide-MediaCenter\games;Archive contains infected objects;Moved.;         
                        data016\data001;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153298.exe\data016;Adware.Msearch;;         
                        data016\data005;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153298.exe\data016;Adware.Msearch;;         
                        data016;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153298.exe;Archive contains infected objects;;         
                        A0153298.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Archive contains infected objects;Moved.;         
                        data016\data001;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153299.exe\data016;Adware.Msearch;;         
                        data016\data005;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153299.exe\data016;Adware.Msearch;;         
                        data016;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153299.exe;Archive contains infected objects;;         
                        A0153299.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Archive contains infected objects;Moved.;         
                        data030\data002;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153301.exe\data030;Adware.SpywareStorm;;         
                        data030;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0153301.exe;Archive contains infected objects;;         
                        A0153301.exe;D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477;Archive contains infected objects;Moved.;         
                        SDFix.exe\SDFix\apps\Process.exe;J:\SDFix.exe;Tool.Prockill;;         
                        SDFix.exe;J:\;Archive contains infected objects;Moved.;         
                        The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                        Kryptonite

                          Topic Starter


                          Intermediate

                        • It's not hard to tell where MY head is at
                        • Thanked: 2
                          Re: Installing Spybot ( other programs without internet access? )
                          « Reply #19 on: August 05, 2008, 12:11:46 PM »
                          Malwarebytes' Anti-Malware 1.24
                          Database version: 1012
                          Windows 5.1.2600 Service Pack 2

                          11:48:34 AM 8/5/2008
                          mbam-log-8-5-2008 (11-48-34).txt

                          Scan type: Quick Scan
                          Objects scanned: 82158
                          Time elapsed: 10 minute(s), 42 second(s)

                          Memory Processes Infected: 0
                          Memory Modules Infected: 0
                          Registry Keys Infected: 28
                          Registry Values Infected: 1
                          Registry Data Items Infected: 28
                          Folders Infected: 5
                          Files Infected: 19

                          Memory Processes Infected:
                          (No malicious items detected)

                          Memory Modules Infected:
                          (No malicious items detected)

                          Registry Keys Infected:
                          HKEY_CLASSES_ROOT\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1} (Trojan.Zlob) -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{0dfba66b-db48-4292-831a-e7186d8a61ae} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{46f309ae-9d11-4c10-9d20-2c084b1c8bce} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{4cb95561-af37-4bbd-823c-1e355a744a43} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{76157861-4996-4711-90e4-6d868b877b24} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{81da01db-8100-4865-b9b0-a83f54378435} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{910ef37b-a486-41fc-8a1b-28c5581ab3ac} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{a6b2bc38-7f2a-4202-9b43-a28615727fee} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{b11da4c8-52dc-44a2-b21b-02bf7a93eb5b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{b5adbfca-c6de-4e5a-a2da-70aa2933b696} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{b5ae5932-f1b3-45e4-842a-59eea65b13a8} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{ba18ba7b-9567-4408-9b87-3d3990c3969e} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{d56509ab-9821-4db0-bf2f-115159804140} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{dff203ea-222c-44fa-8b78-ed88b4587aa2} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{eb22b708-e0d3-4fce-800b-6dd0c5b30d42} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{f1ea02f8-e536-4828-bfb7-3de7fa4d4b09} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Interface\{f6e18622-dfa8-4dba-b05e-d3d147e16d44} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_CLASSES_ROOT\Typelib\{23624bd0-2a69-4f91-be6a-9f1f22b72c13} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SOFTWARE\ParisHilton (Adware.NaviPromo) -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusheat 4.4.exe 4.4 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusheat 4.4 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SOFTWARE\virusheat 4.4 (Rogue.VirusHeat) -> Quarantined and deleted successfully.

                          Registry Values Infected:
                          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.

                          Registry Data Items Infected:
                          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61 85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35e39329-7823-4a4c-b025-8ee21ae56824}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35e39329-7823-4a4c-b025-8ee21ae56824}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4d589907-2d53-4dba-8511-d302d05be3eb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{885f0345-ae0c-4623-9660-8d23adbee7cf}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{885f0345-ae0c-4623-9660-8d23adbee7cf}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{892900fc-9814-4488-99c0-81491c1ee93d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{892900fc-9814-4488-99c0-81491c1ee93d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d74b1918-fb1e-4e3d-9d7e-91f8add8bf48}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61 85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{35e39329-7823-4a4c-b025-8ee21ae56824}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{35e39329-7823-4a4c-b025-8ee21ae56824}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4d589907-2d53-4dba-8511-d302d05be3eb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{885f0345-ae0c-4623-9660-8d23adbee7cf}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{885f0345-ae0c-4623-9660-8d23adbee7cf}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{892900fc-9814-4488-99c0-81491c1ee93d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{892900fc-9814-4488-99c0-81491c1ee93d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d74b1918-fb1e-4e3d-9d7e-91f8add8bf48}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61 85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{35e39329-7823-4a4c-b025-8ee21ae56824}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{35e39329-7823-4a4c-b025-8ee21ae56824}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{4d589907-2d53-4dba-8511-d302d05be3eb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{885f0345-ae0c-4623-9660-8d23adbee7cf}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{885f0345-ae0c-4623-9660-8d23adbee7cf}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{892900fc-9814-4488-99c0-81491c1ee93d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{892900fc-9814-4488-99c0-81491c1ee93d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d74b1918-fb1e-4e3d-9d7e-91f8add8bf48}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.61,85.255.112.113 -> Quarantined and deleted successfully.
                          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

                          Folders Infected:
                          C:\Documents and Settings\HP_Administrator\Start Menu\Programs\VirusHeat 4.4 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\HP_Administrator\Application Data\Seekmo (Adware.Agent) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\All Users\Application Data\SeekmoSA (Adware.Seekmo) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

                          Files Infected:
                          C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ylwian_navps.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ylwian_nav.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ylwian.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ylwian.exe (Adware.Navipromo) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\HP_Administrator\Start Menu\Programs\VirusHeat 4.4\Uninstall VirusHeat 4.4.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\HP_Administrator\Start Menu\Programs\VirusHeat 4.4\VirusHeat 4.4 Website.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\HP_Administrator\Start Menu\Programs\VirusHeat 4.4\VirusHeat 4.4.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht (Adware.Seekmo) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht (Adware.Seekmo) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo\Reset Cursor.lnk (Adware.Seekmo) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk (Adware.Seekmo) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo\Seekmo Uninstall Instructions.lnk (Adware.Seekmo) -> Quarantined and deleted successfully.
                          C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\HP_Administrator\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\HP_Administrator\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\HP_Administrator\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\HP_Administrator\Start Menu\VirusHeat 4.4.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
                          C:\Documents and Settings\HP_Administrator\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
                          The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                          Kryptonite

                            Topic Starter


                            Intermediate

                          • It's not hard to tell where MY head is at
                          • Thanked: 2
                            Re: Installing Spybot ( other programs without internet access? )
                            « Reply #20 on: August 05, 2008, 12:12:59 PM »
                            Logfile of Trend Micro HijackThis v2.0.0 (BETA)
                            Scan saved at 2:00:52 PM, on 8/5/2008
                            Platform: Windows XP SP2 (WinNT 5.01.2600)
                            Boot mode: Normal

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\Ati2evxx.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                            C:\WINDOWS\arservice.exe
                            C:\Program Files\Bonjour\mDNSResponder.exe
                            C:\WINDOWS\eHome\ehRecvr.exe
                            C:\WINDOWS\eHome\ehSched.exe
                            C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                            C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\Program Files\Trend Micro\BM\TMBMSRV.exe
                            C:\WINDOWS\system32\dllhost.exe
                            C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
                            C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
                            C:\WINDOWS\system32\Ati2evxx.exe
                            C:\WINDOWS\Explorer.EXE
                            C:\WINDOWS\ehome\ehtray.exe
                            C:\WINDOWS\eHome\ehmsas.exe
                            C:\WINDOWS\RTHDCPL.EXE
                            C:\WINDOWS\ARPWRMSG.EXE
                            C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
                            C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
                            C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
                            C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                            C:\HP\KBD\KBD.EXE
                            C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                            c:\windows\system\hpsysdrv.exe
                            C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
                            C:\Program Files\iTunes\iTunesHelper.exe
                            C:\Program Files\iPod\bin\iPodService.exe
                            J:\HiJackThis_v2.exe

                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                            R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                            O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                            O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                            O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
                            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
                            O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                            O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
                            O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
                            O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                            O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
                            O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
                            O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
                            O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
                            O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
                            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
                            O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"
                            O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
                            O4 - HKLM\..\Run: [kdikh.exe] C:\WINDOWS\system32\kdikh.exe
                            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
                            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                            O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
                            O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
                            O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
                            O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
                            O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
                            O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
                            O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
                            O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
                            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
                            O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
                            O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
                            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                            O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
                            O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
                            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183160767453
                            O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
                            O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
                            O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
                            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                            O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                            O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                            O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
                            O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
                            O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
                            O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

                            --
                            End of file - 9926 bytes
                            The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                            evilfantasy

                            • Malware Removal Specialist
                            • Moderator


                            • Genius
                            • Calm like a bomb
                            • Thanked: 493
                            • Experience: Experienced
                            • OS: Windows 11
                            Re: Installing Spybot ( other programs without internet access? )
                            « Reply #21 on: August 05, 2008, 12:18:33 PM »
                            Are you online with the PC now? How did you get MBAM to run?

                            Kryptonite

                              Topic Starter


                              Intermediate

                            • It's not hard to tell where MY head is at
                            • Thanked: 2
                              Re: Installing Spybot ( other programs without internet access? )
                              « Reply #22 on: August 05, 2008, 05:19:33 PM »
                              Are you online with the PC now? How did you get MBAM to run?

                              On hold with Time Warner now. Downloaded the program to the jump drive and it looks like it cleaned things up nicely from what I can see.

                              Got a way to connect now but the computer won't connect. What a waste of time waiting for these people to have time to help you. Been on hold now for 17 minutes listening to bad music.

                              The modem and cable seem to work on my laptop but not on the desktop.
                              The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                              evilfantasy

                              • Malware Removal Specialist
                              • Moderator


                              • Genius
                              • Calm like a bomb
                              • Thanked: 493
                              • Experience: Experienced
                              • OS: Windows 11
                              Re: Installing Spybot ( other programs without internet access? )
                              « Reply #23 on: August 05, 2008, 10:14:05 PM »
                              Let me know what you find out about the Internet connection so I will know which way to go next.


                              Kryptonite

                                Topic Starter


                                Intermediate

                              • It's not hard to tell where MY head is at
                              • Thanked: 2
                                Re: Installing Spybot ( other programs without internet access? )
                                « Reply #24 on: August 06, 2008, 08:21:42 AM »
                                Yes I managed to get connected.

                                Obviously everything that was scheduled to update either tried to do so or Trend Micro was asking me if i wanted to allow the connection; which i denied.
                                i wanted to load spybot and firefox before i did anything else...( i was concerned about signing onto to Computerhope or any other sight that required signing-in and also wondered if a Trojan Horse or any other adware, virus, might search for the new information that i needed to just get by the password protect sign-in screen which i wasn't on and "guest" wasn't an option.

                                So here's where i'm at: back on my laptop mainly because there is an obvious problem detecting and removing one of those "bad things" that doesn't want to be removed.

                                All of those programs that you advised me to use worked well enough for me to rid the computer of what seemed like ALL of the "bad things". But spybot found quite a few other problems. And for the first time since i started using spybot, it informed me that one problem needed to be removed after a restart. After restart spybot displayed a screen that is new to me; it ran in it's own window over a desktop with no icons. It took over 20 minutes to run and when it was done the rest of the desktop appeared. i installed firefox, upgraded it, then loaded Zone Alarm. Now there are warnings about "an application" that is trying to access the internet which i keep denying.
                                Since i didn't want to sign into Computerhope on that computer and could only access the net with one computer or the other ( at least for now ) Since it was around 1:30 AM when spybot stopped running for the second time and it seemed to find that same problem which they claim couldn't be removed until restart; i turned everything off and went to sleep.
                                This morning i unplugged the network cable from the desktop, plugged it into the laptop, turned on the modem, and signed on here while the desktop is still running...whatever this "bad thing" is i need it gone!
                                Until the program stops running i can't get the latest version of hijack this.

                                BTW Where and when in this whole process should i go to MS update sight and get service pack 3 and any other update that might be needed?
                                The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                Kryptonite

                                  Topic Starter


                                  Intermediate

                                • It's not hard to tell where MY head is at
                                • Thanked: 2
                                  Re: Installing Spybot ( other programs without internet access? )
                                  « Reply #25 on: August 06, 2008, 08:41:58 AM »
                                  That "Application" that is trying to access the internet is: ( SpFnUp )
                                  The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                  evilfantasy

                                  • Malware Removal Specialist
                                  • Moderator


                                  • Genius
                                  • Calm like a bomb
                                  • Thanked: 493
                                  • Experience: Experienced
                                  • OS: Windows 11
                                  Re: Installing Spybot ( other programs without internet access? )
                                  « Reply #26 on: August 06, 2008, 03:27:58 PM »
                                  Download Combofix by sUBs from one of the below links. Be sure top save it to the Desktop.
                                  Link #1
                                  Link #2

                                  Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.

                                  Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
                                   
                                  Double click combofix.exe & follow the prompts.
                                   
                                  When finished ComboFix will produce a log for you.Post that log in your next reply.

                                  Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

                                  Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

                                  Kryptonite

                                    Topic Starter


                                    Intermediate

                                  • It's not hard to tell where MY head is at
                                  • Thanked: 2
                                    Re: Installing Spybot ( other programs without internet access? )
                                    « Reply #27 on: August 07, 2008, 06:32:28 AM »
                                    Sorry that this is taking so long.

                                    As soon as i finish doing my bill pay stuff on this laptop i'll turn off the modem and plug it into the desktop to download those Link #1
                                    Link #2
                                    then post the results.

                                    But i would like to tell you another thing i found out about this last "bad thing" that i found out from other sources. The last "bad thing" is what spybot calls " 3 PUPS " from "WildTangent. Still a little confused about this. It seems that WildTangent is a game company. Yes there are a few games on this computer that didn't come with the Windows OS. Gaming is not my thing so i could easily do away with the games. However one site instructs us to uninstall WildTangent from add/remove in the control panel. i don't see it there.
                                    Another site says that WildTangent can come with a movie program of which there are more than one. The one that i've heard some bad things about is called "Muvee". i don't need a movie editor or a program other than Media Center by MS.
                                    Is there a way of identifying which "games" and movie programs that are related to WildTangent and uninstalling them?
                                    Can i delete a folder from my root directory using windows explorer? If not the folder AND it's contents maybe just the contents since i found the folder related to the warning?

                                    Will get back to you soon with the results of your last instructions.
                                    The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                    Kryptonite

                                      Topic Starter


                                      Intermediate

                                    • It's not hard to tell where MY head is at
                                    • Thanked: 2
                                      Re: Installing Spybot ( other programs without internet access? )
                                      « Reply #28 on: August 07, 2008, 06:51:58 AM »
                                      From: http://www.tempusfugit.ca/hp_dv6408ca.html

                                      Widtangent spyware - do a search for this!
                                      what they say on their support page: WildTangent is not spyware. Some of our games do collect anonymous usage information.
                                      Very interesting that the think that thy have to say this!!!!!!

                                      So maybe this came with HP since it is a media model?
                                      The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                      Kryptonite

                                        Topic Starter


                                        Intermediate

                                      • It's not hard to tell where MY head is at
                                      • Thanked: 2
                                        Re: Installing Spybot ( other programs without internet access? )
                                        « Reply #29 on: August 07, 2008, 08:21:59 AM »
                                        Went to download the links you posted and got a warning from Trend Micro. So i did a search and found this:
                                        It has recently been discovered, that there is a rootkit in the wild that can cause Combofix to start wiping files from hard drives. Therefore, Combofix has been withdrawn and is not safe to use, until further notice.

                                        I urge anyone who has a copy of Combofix to delete it from their system immediately.

                                        Quoted by "sUBs" the author of Combofix:
                                        "I have just encountered a rootkit that will cause CF to recursively delete all files from SystemDrive.

                                        Pulling the tool till further notice.

                                        Please inform your users not to use CF. Who knows if that rootkit is in there.

                                        Please spread the word. Also have users delete their copies of CF"

                                        The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                        evilfantasy

                                        • Malware Removal Specialist
                                        • Moderator


                                        • Genius
                                        • Calm like a bomb
                                        • Thanked: 493
                                        • Experience: Experienced
                                        • OS: Windows 11
                                        Re: Installing Spybot ( other programs without internet access? )
                                        « Reply #30 on: August 07, 2008, 09:35:14 AM »
                                        Yes Widtangent could have come on the PC as a factory third party install, it's nothing to worry about at this point.

                                        Did you see the part that said:

                                        "Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them."

                                        And the quote from sUBs

                                        "Pulling the tool till further notice."

                                        If the tool were pulled you wouldn't be able to download it.

                                        Please follow the directions and post the ComboFix log.

                                        Kryptonite

                                          Topic Starter


                                          Intermediate

                                        • It's not hard to tell where MY head is at
                                        • Thanked: 2
                                          Re: Installing Spybot ( other programs without internet access? )
                                          « Reply #31 on: August 07, 2008, 07:00:25 PM »
                                          ComboFix 08-08-07.05 - Smokey 2008-08-07 20:24:11.1 - NTFSx86
                                          Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.550 [GMT -4:00]
                                          Running from: C:\Documents and Settings\Smokey\Desktop\ComboFix.exe
                                           * Created a new restore point
                                          .

                                          (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                                          .

                                          C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
                                          C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
                                          C:\Documents and Settings\Faith\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
                                          C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
                                          C:\Documents and Settings\Smokey\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
                                          C:\WINDOWS\system32\_000006_.tmp.dll
                                          C:\WINDOWS\system32\_000007_.tmp.dll
                                          C:\WINDOWS\system32\_000010_.tmp.dll
                                          C:\WINDOWS\system32\_000011_.tmp.dll
                                          C:\WINDOWS\system32\_000012_.tmp.dll
                                          D:\Autorun.inf

                                          .
                                          (((((((((((((((((((((((((   Files Created from 2008-07-08 to 2008-08-08  )))))))))))))))))))))))))))))))
                                          .

                                          2008-08-07 19:33 . 2008-08-07 19:33   <DIR>   d--------   C:\Deckard
                                          2008-08-07 10:31 . 2008-08-07 10:31   1,160   --a------   C:\WINDOWS\mozver.dat
                                          2008-08-07 10:30 . 2008-08-07 11:50   <DIR>   d--------   C:\Documents and Settings\Smokey\.housecall6.6
                                          2008-08-06 01:05 . 2008-08-06 01:29   <DIR>   d--------   C:\WINDOWS\system32\CatRoot_bak
                                          2008-08-06 00:29 . 2008-06-13 09:10   272,128   ---------   C:\WINDOWS\system32\drivers\bthport.sys
                                          2008-08-06 00:29 . 2008-06-13 09:10   272,128   ---------   C:\WINDOWS\system32\dllcache\bthport.sys
                                          2008-08-05 23:09 . 2008-08-07 20:26   1,048,608   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
                                          2008-08-05 23:09 . 2008-08-07 20:16   13,052   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
                                          2008-08-05 23:06 . 2008-08-05 23:06   <DIR>   d--------   C:\Program Files\ZoneAlarmSB
                                          2008-08-05 23:05 . 2008-08-05 23:05   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\MailFrontier
                                          2008-08-05 23:05 . 2008-07-09 09:05   75,248   --a------   C:\WINDOWS\zllsputility.exe
                                          2008-08-05 23:05 . 2004-04-27 04:40   11,264   --a------   C:\WINDOWS\system32\SpOrder.dll
                                          2008-08-05 23:05 . 2008-08-05 23:07   4,212   ---h-----   C:\WINDOWS\system32\zllictbl.dat
                                          2008-08-05 23:04 . 2008-08-05 23:05   <DIR>   d--------   C:\WINDOWS\system32\ZoneLabs
                                          2008-08-05 23:04 . 2008-08-05 23:04   <DIR>   d--------   C:\Program Files\Zone Labs
                                          2008-08-05 23:04 . 2008-07-09 09:05   1,086,952   --a------   C:\WINDOWS\system32\zpeng24.dll
                                          2008-08-05 23:04 . 2008-08-07 20:18   352,918   --a------   C:\WINDOWS\system32\vsconfig.xml
                                          2008-08-05 23:00 . 2008-08-07 20:21   <DIR>   d--------   C:\WINDOWS\Internet Logs
                                          2008-08-05 22:59 . 2008-08-05 22:59   <DIR>   d--------   C:\Documents and Settings\Smokey\Application Data\Apple Computer
                                          2008-08-05 22:12 . 2008-08-05 22:12   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
                                          2008-08-05 22:11 . 2008-08-05 22:11   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
                                          2008-08-05 22:11 . 2008-08-05 22:11   <DIR>   d--------   C:\Documents and Settings\Smokey\Application Data\SUPERAntiSpyware.com
                                          2008-08-05 22:09 . 2008-08-05 22:09   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
                                          2008-08-05 20:38 . 2008-08-05 20:38   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
                                          2008-08-05 20:38 . 2008-08-05 21:02   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                                          2008-08-05 18:03 . 2008-08-05 18:03   <DIR>   d--------   C:\Documents and Settings\Smokey\Application Data\Talkback
                                          2008-08-05 11:31 . 2008-08-05 11:31   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
                                          2008-08-05 11:31 . 2008-08-05 11:31   <DIR>   d--------   C:\Documents and Settings\Smokey\Application Data\Malwarebytes
                                          2008-08-05 11:31 . 2008-08-05 11:31   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
                                          2008-08-05 11:31 . 2008-07-30 20:14   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
                                          2008-08-05 11:31 . 2008-07-30 20:14   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
                                          2008-08-05 09:49 . 2008-08-05 09:49   <DIR>   d--------   C:\Program Files\XoftSpySE
                                          2008-08-05 00:06 . 2008-08-05 00:06   <DIR>   d--------   C:\Documents and Settings\Smokey\Application Data\HPQ
                                          2008-08-04 21:26 . 2008-08-04 21:49   <DIR>   d--------   C:\Documents and Settings\Smokey\DoctorWeb
                                          2008-08-04 20:11 . 2006-10-09 15:50   <DIR>   d--------   C:\Documents and Settings\Smokey\WINDOWS
                                          2008-08-04 20:11 . 2006-10-09 15:52   <DIR>   d--------   C:\Documents and Settings\Smokey\Application Data\Intuit
                                          2008-08-04 20:11 . 2008-08-07 10:30   <DIR>   d--------   C:\Documents and Settings\Smokey
                                          2008-08-04 19:13 . 2008-08-04 19:24   <DIR>   d--------   C:\Documents and Settings\Faith\DoctorWeb
                                          2008-08-04 18:40 . 2008-08-04 18:40   <DIR>   d--------   C:\WINDOWS\ERUNT
                                          2008-08-04 18:37 . 2008-08-04 21:22   <DIR>   d--------   C:\SDFix
                                          2008-08-04 08:52 . 2008-08-04 08:52   <DIR>   d--------   C:\Documents and Settings\Faith\Application Data\CyberLink
                                          2008-08-04 08:44 . 2008-08-05 11:20   <DIR>   d--------   C:\Program Files\EndItAll

                                          .
                                          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                                          .
                                          2008-08-06 04:34   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
                                          2008-08-06 02:40   ---------   d-----w   C:\Program Files\DivX
                                          2008-08-05 04:39   ---------   d-----w   C:\Program Files\music_now
                                          2008-08-05 04:39   ---------   d-----w   C:\Program Files\MSN Encarta Standard
                                          2008-08-05 04:39   ---------   d-----w   C:\Program Files\Microsoft Works
                                          2008-08-05 00:12   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
                                          2008-06-20 17:41   245,248   ----a-w   C:\WINDOWS\system32\mswsock.dll
                                          2008-06-20 17:41   245,248   ----a-w   C:\WINDOWS\system32\dllcache\mswsock.dll
                                          2008-06-20 17:41   148,992   ----a-w   C:\WINDOWS\system32\dllcache\dnsapi.dll
                                          2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
                                          2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\dllcache\tcpip.sys
                                          2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
                                          2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\dllcache\afd.sys
                                          2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
                                          2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\dllcache\tcpip6.sys
                                          2008-05-08 12:28   202,752   ----a-w   C:\WINDOWS\system32\dllcache\rmcast.sys
                                          .

                                          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                                          .
                                          .
                                          *Note* empty entries & legit default entries are not shown
                                          REGEDIT4

                                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                                          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-11 02:25 68856]
                                          "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

                                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                                          "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 17:01 67584]
                                          "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 05:05 90112]
                                          "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 18:14 237568]
                                          "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 18:34 249856]
                                          "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 22:23 663552]
                                          "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 00:56 1398024]
                                          "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
                                          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-28 09:45 185896]
                                          "ftutil2"="ftutil2.dll" [2004-06-07 10:05 106496 C:\WINDOWS\system32\ftutil2.dll]
                                          "RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
                                          "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 19:19 77312 C:\WINDOWS\arpwrmsg.exe]

                                          C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
                                          Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-10-09 15:00:04 27136]
                                          PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-10-09 15:00:04 27136]

                                          C:\Documents and Settings\Faith\Start Menu\Programs\Startup\
                                          PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-10-09 15:00:04 27136]

                                          C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
                                          PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-10-09 15:00:04 27136]

                                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                                          "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
                                          "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

                                          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                                          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

                                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                                          2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

                                          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
                                          path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
                                          backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

                                          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
                                          path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
                                          backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

                                          [HKLM\~\startupfolder\C:^Documents and Settings^Smokey^Start Menu^Programs^Startup^PinMcLnk.lnk]
                                          path=C:\Documents and Settings\Smokey\Start Menu\Programs\Startup\PinMcLnk.lnk
                                          backup=C:\WINDOWS\pss\PinMcLnk.lnkStartup

                                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
                                          --a------ 2007-05-08 16:24 54840 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

                                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
                                          --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

                                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
                                          --a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

                                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                                          --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

                                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix]
                                          --a------ 2008-08-03 04:05 711592 C:\SDFix\RunThis.bat

                                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
                                          --a------ 2008-04-28 09:45 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

                                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                                          "iPod Service"=3 (0x3)
                                          "CLTNetCnService"=2 (0x2)
                                          "Bonjour Service"=2 (0x2)
                                          "Apple Mobile Device"=2 (0x2)

                                          [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                                          "AntiVirusDisableNotify"=dword:00000001
                                          "UpdatesDisableNotify"=dword:00000001

                                          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
                                          "DisableMonitoring"=dword:00000001

                                          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
                                          "DisableMonitoring"=dword:00000001

                                          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
                                          "DisableMonitoring"=dword:00000001

                                          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
                                          "DisableMonitoring"=dword:00000001

                                          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
                                          "DisableMonitoring"=dword:00000001

                                          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
                                          "DisableMonitoring"=dword:00000001

                                          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                                          "EnableFirewall"= 0 (0x0)

                                          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                                          "%windir%\\system32\\sessmgr.exe"=
                                          "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
                                          "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
                                          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                                          "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                                          "C:\\Program Files\\iTunes\\iTunes.exe"=


                                          *Newly Created Service* - PROCEXP90
                                          .
                                          Contents of the 'Scheduled Tasks' folder

                                          2008-08-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
                                          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

                                          2008-08-08 C:\WINDOWS\Tasks\XoftSpySE 2.job
                                          - C:\Program Files\XoftSpySE\XoftSpy.exe [2008-07-31 15:05]

                                          2008-08-05 C:\WINDOWS\Tasks\XoftSpySE.job
                                          - C:\Program Files\XoftSpySE\XoftSpy.exe [2008-07-31 15:05]
                                          .
                                          - - - - ORPHANS REMOVED - - - -

                                          HKLM-Run-kdikh.exe - C:\WINDOWS\system32\kdikh.exe
                                          HKLM-Run-PCDrProfiler - (no file)
                                          MSConfigStartUp-VirusHeat 4 - C:\Program Files\VirusHeat 4.4\VirusHeat 4.4.exe


                                          .
                                          ------- Supplementary Scan -------
                                          .
                                          FireFox -: Profile - C:\Documents and Settings\Smokey\Application Data\Mozilla\Firefox\Profiles\3uy39rbu.default\


                                          **************************************************************************

                                          catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                                          Rootkit scan 2008-08-07 20:32:13
                                          Windows 5.1.2600 Service Pack 2 NTFS

                                          scanning hidden processes ...

                                          scanning hidden autostart entries ...

                                          scanning hidden files ...

                                          scan completed successfully
                                          hidden files: 0

                                          **************************************************************************
                                          .
                                          Completion time: 2008-08-07 20:33:31
                                          ComboFix-quarantined-files.txt  2008-08-08 00:33:28

                                          Pre-Run: 220,107,415,552 bytes free
                                          Post-Run: 221,556,416,512 bytes free

                                          200   --- E O F ---   2008-03-21 01:00:38
                                          The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                          evilfantasy

                                          • Malware Removal Specialist
                                          • Moderator


                                          • Genius
                                          • Calm like a bomb
                                          • Thanked: 493
                                          • Experience: Experienced
                                          • OS: Windows 11
                                          Re: Installing Spybot ( other programs without internet access? )
                                          « Reply #32 on: August 07, 2008, 07:09:23 PM »
                                            I would suggest uninstalling XoftSpySE. It is not a trusted program and is known to report false positives in order to get users to buy the full version.

                                            ----------

                                            Download
                                          OTMoveIt2 by OldTimer
                                          • Save it to your desktop.
                                          Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

                                          • Double-click OTMoveIt2.exe to run it.
                                          • Copy the lines in the codebox below.
                                          [/list]
                                          Code: [Select]
                                          [kill explorer]
                                          C:\SDFix
                                          HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix
                                          EmptyTemp
                                          [start explorer]
                                            • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste
                                            • Click the red Moveit! button.
                                            • Copy everything in the Results window (under the green bar) and paste it in your next reply.
                                            • Close OTMoveIt2
                                            .
                                            ----------

                                            • Click START then RUN
                                            • Now type Combofix /u in the runbox
                                            • Make sure there's a space between Combofix and /u
                                            • Then hit Enter.

                                          • The above procedure will:
                                          • Delete the following:
                                          • ComboFix and its associated files and folders.
                                          • Reset the clock settings.
                                          • Hide file extensions, if required.
                                          • Hide System/Hidden files, if required.
                                          • Set a new, clean Restore Point.
                                          .
                                          ----------

                                          Run CCleaner.

                                          Run the Kaspersky Online Scanner

                                          In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon and choose Run as Administrator.

                                          • Click on SCAN NOW
                                          • Click Accept.
                                          • The program will then begin downloading the latest definition files.
                                          • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
                                          • The scan will take a while, so be patient and let it finish.
                                          When the scan is done, in the Scan is complete window, any infection is displayed.
                                          There is no option to clean/disinfect, however, we need to analyze the information on the report.

                                          To obtain the report:
                                          Click on: Save Report As
                                          • Next, in the Save as prompt, Save in area, select: Desktop.
                                          • In the File name area use KScan, or something similar.
                                          • In Save as type: click the drop arrow and select: Text file [*.txt]
                                          • Then, click: Save


                                          Copy and paste the Kaspersky Online Scanner Report in your next reply.

                                          Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

                                          -----------

                                          Next post add
                                          Kaspersky log


                                          Also let me know how things are now.[/list]

                                          Kryptonite

                                            Topic Starter


                                            Intermediate

                                          • It's not hard to tell where MY head is at
                                          • Thanked: 2
                                            Re: Installing Spybot ( other programs without internet access? )
                                            « Reply #33 on: August 07, 2008, 07:19:17 PM »
                                            All in all the computer is running noticably better. However there's a couple of quirks that i think i should mention: the screne goes black for a few seconds then comes back, the pointer snaps back to the lower right corner from time to time, today Firefox just closed on me in the middle of typing a note to Trendmicro, and while typing another on site note to Walmart the cursor jumped back after typing "s" and "w" making the note unreadable. Besides that everything is just peachy.
                                            Do i update with service pack 3? Any other updates that i should know about?
                                            The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                            evilfantasy

                                            • Malware Removal Specialist
                                            • Moderator


                                            • Genius
                                            • Calm like a bomb
                                            • Thanked: 493
                                            • Experience: Experienced
                                            • OS: Windows 11
                                            Re: Installing Spybot ( other programs without internet access? )
                                            « Reply #34 on: August 07, 2008, 07:27:14 PM »
                                            Lets get the Kaspersky results just to be sure there is no more malware left. You don't want to update to SP3 if malware is present.

                                            The mouse sounds like a hardware problem but I'm not sure. You can adjust the settings. Or make sure the surface you are using is completely free of all foreign objects including dust. Then again I've had a few mice do that. Turns out they were either too old, or a cheap off brand and buying a new $20 Microsoft mouse from Wal Mart was the only thing that cleared it up.

                                            How to Adjust Mouse Settings - http://www.ehow.com/how_2186329_adjust-mouse-settings.html

                                            Kryptonite

                                              Topic Starter


                                              Intermediate

                                            • It's not hard to tell where MY head is at
                                            • Thanked: 2
                                              Re: Installing Spybot ( other programs without internet access? )
                                              « Reply #35 on: August 07, 2008, 11:02:27 PM »
                                              --------------------------------------------------------------------------------
                                              KASPERSKY ONLINE SCANNER 7 REPORT
                                               Friday, August 8, 2008
                                               Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
                                               Kaspersky Online Scanner 7 version: 7.0.25.0
                                               Program database last update: Friday, August 08, 2008 02:22:23
                                               Records in database: 1068436
                                              --------------------------------------------------------------------------------

                                              Scan settings:
                                                 Scan using the following database: extended
                                                 Scan archives: yes
                                                 Scan mail databases: yes

                                              Scan area - My Computer:
                                                 C:\
                                                 D:\
                                                 E:\
                                                 F:\
                                                 G:\
                                                 H:\
                                                 I:\

                                              Scan statistics:
                                                 Files scanned: 77360
                                                 Threat name: 6
                                                 Infected objects: 26
                                                 Suspicious objects: 0
                                                 Duration of the scan: 01:46:55


                                              File name / Threat name / Threats count
                                              C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34B61436.htm   Infected: Exploit.HTML.Mht   1
                                              C:\Documents and Settings\Smokey\DoctorWeb\Quarantine\A0153294.exe   Infected: not-a-virus:AdWare.Win32.WeatherBug.a   2
                                              C:\Documents and Settings\Smokey\DoctorWeb\Quarantine\A0153298.exe   Infected: not-a-virus:AdWare.Win32.WeatherBug.a   2
                                              C:\Documents and Settings\Smokey\DoctorWeb\Quarantine\A0153299.exe   Infected: not-a-virus:AdWare.Win32.WeatherBug.a   2
                                              C:\Documents and Settings\Smokey\DoctorWeb\Quarantine\CompaqPresario_Spring06.exe   Infected: not-a-virus:AdWare.Win32.WeatherBug.a   2
                                              C:\Documents and Settings\Smokey\DoctorWeb\Quarantine\HPPavillion_Spring00.exe   Infected: not-a-virus:AdWare.Win32.WeatherBug.a   2
                                              C:\Documents and Settings\Smokey\DoctorWeb\Quarantine\HPPavillion_Spring06.exe   Infected: not-a-virus:AdWare.Win32.WeatherBug.a   2
                                              C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe   Infected: not-a-virus:Downloader.Win32.ImLoader.k   1
                                              C:\Program Files\Trend Micro\Internet Security\Quarantine\1B08.tmp   Infected: Trojan-Downloader.Win32.Zlob.knf   1
                                              C:\Program Files\Trend Micro\Internet Security\Quarantine\1B09.tmp   Infected: Trojan-Downloader.Win32.Zlob.knf   1
                                              C:\Program Files\Trend Micro\Internet Security\Quarantine\1B0C.tmp   Infected: Trojan-Downloader.Win32.Zlob.knf   1
                                              C:\Program Files\Trend Micro\Internet Security\Quarantine\1B0D.tmp   Infected: Trojan-Downloader.Win32.Zlob.knf   1
                                              C:\Program Files\Trend Micro\Internet Security\Quarantine\1B0E.tmp   Infected: Trojan-Downloader.Win32.Zlob.knf   1
                                              C:\Program Files\Trend Micro\Internet Security\Quarantine\1B0F.tmp   Infected: Trojan-Downloader.Win32.Zlob.knf   1
                                              C:\Program Files\Trend Micro\Internet Security\Quarantine\1B10.tmp   Infected: Trojan-Downloader.Win32.Zlob.knf   1
                                              C:\Program Files\Trend Micro\Internet Security\Quarantine\1B11.tmp   Infected: Trojan-Downloader.Win32.Zlob.knf   1
                                              C:\Program Files\Trend Micro\Internet Security\Quarantine\1B12.tmp   Infected: Trojan-Downloader.Win32.Zlob.knf   1
                                              C:\Program Files\Trend Micro\Internet Security\Quarantine\1D.tmp   Infected: Trojan-Downloader.Win32.Delf.igd   1
                                              C:\Program Files\Trend Micro\Internet Security\Quarantine\1E.tmp   Infected: Trojan-Downloader.Win32.Delf.igd   1
                                              C:\Program Files\Trend Micro\Internet Security\Quarantine\WinSpyKillerSetup[1].exe   Infected: Trojan-Downloader.Win32.FraudLoad.atp   1

                                              The selected area was scanned.
                                              The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                              Kryptonite

                                                Topic Starter


                                                Intermediate

                                              • It's not hard to tell where MY head is at
                                              • Thanked: 2
                                                Re: Installing Spybot ( other programs without internet access? )
                                                « Reply #36 on: August 07, 2008, 11:08:00 PM »
                                                CLEANING COMPLETE - (8.654 secs)
                                                ------------------------------------------------------------------------------------------
                                                30.2MB removed.
                                                ------------------------------------------------------------------------------------------

                                                Details of files deleted
                                                ------------------------------------------------------------------------------------------
                                                IE Temporary Internet Files (265 files) 2.48MB
                                                C:\Documents and Settings\Smokey\Cookies\smokey@google[2].txt 322 bytes
                                                C:\Documents and Settings\Smokey\Cookies\smokey@google[1].txt 133 bytes
                                                C:\Documents and Settings\Smokey\Cookies\smokey@tribalfusion[1].txt 187 bytes
                                                C:\Documents and Settings\Smokey\Cookies\smokey@microsoft[2].txt 234 bytes
                                                C:\Documents and Settings\Smokey\Cookies\smokey@ccleaner[2].txt 356 bytes
                                                C:\Documents and Settings\Smokey\Cookies\[email protected][2].txt 186 bytes
                                                C:\Documents and Settings\Smokey\Cookies\[email protected][2].txt 145 bytes
                                                C:\Documents and Settings\Smokey\Cookies\smokey@atdmt[2].txt 102 bytes
                                                C:\Documents and Settings\Smokey\Cookies\smokey@att[1].txt 84 bytes
                                                C:\Documents and Settings\Smokey\Local Settings\History\History.IE5\MSHist012008080420080805\index.dat 32.00KB
                                                C:\Documents and Settings\Smokey\Local Settings\History\History.IE5\MSHist012008080520080806\index.dat 48.00KB
                                                C:\Documents and Settings\Smokey\Local Settings\History\History.IE5\MSHist012008080620080807\index.dat 32.00KB
                                                C:\Documents and Settings\Smokey\Local Settings\History\History.IE5\MSHist012008080720080808\index.dat 48.00KB
                                                Marked for deletion: C:\Documents and Settings\Smokey\Local Settings\Temporary Internet Files\Content.IE5\index.dat
                                                Marked for deletion: C:\Documents and Settings\Smokey\Cookies\index.dat
                                                Marked for deletion: C:\Documents and Settings\Smokey\Local Settings\History\History.IE5\desktop.ini
                                                Marked for deletion: C:\Documents and Settings\Smokey\Local Settings\History\History.IE5\index.dat
                                                C:\Documents and Settings\Smokey\Recent\2adcf8cef56bd93eadd84f.lnk 464 bytes
                                                C:\Documents and Settings\Smokey\Recent\DrWeb.lnk 796 bytes
                                                C:\Documents and Settings\Smokey\Recent\DrWeb2.lnk 278 bytes
                                                C:\Documents and Settings\Smokey\Recent\DrWeb2a.lnk 281 bytes
                                                C:\Documents and Settings\Smokey\Recent\focus.lnk 788 bytes
                                                C:\Documents and Settings\Smokey\Recent\hijackthis2.lnk 295 bytes
                                                C:\Documents and Settings\Smokey\Recent\hijackthis3 after.lnk 321 bytes
                                                C:\Documents and Settings\Smokey\Recent\logCFix7Aug08.lnk 1.00KB
                                                C:\Documents and Settings\Smokey\Recent\Logs.lnk 1,021 bytes
                                                C:\Documents and Settings\Smokey\Recent\LOGz.lnk 538 bytes
                                                C:\Documents and Settings\Smokey\Recent\mbam-log-8-5-2008 (11-47-22).lnk 366 bytes
                                                C:\Documents and Settings\Smokey\Recent\mbam-log-8-5-2008 (11-48-34)after.lnk 385 bytes
                                                C:\Documents and Settings\Smokey\Recent\mbam-log-8-5-2008 (13-11-38).lnk 366 bytes
                                                C:\Documents and Settings\Smokey\Recent\mbam-log-8-5-2008 (13-11-56)2.lnk 1.32KB
                                                C:\Documents and Settings\Smokey\Recent\mbam-log-8-6-2008 (08-14-02)b.lnk 1.32KB
                                                C:\Documents and Settings\Smokey\Recent\msxml4-KB927978-enu.lnk 686 bytes
                                                C:\Documents and Settings\Smokey\Recent\Norton Internet Security_2006_Key.lnk 930 bytes
                                                C:\Documents and Settings\Smokey\Recent\OldTimer log.lnk 743 bytes
                                                C:\Documents and Settings\Smokey\Recent\Scan reports.lnk 562 bytes
                                                C:\Documents and Settings\Smokey\Recent\SDFix log.lnk 289 bytes
                                                C:\Documents and Settings\Smokey\Recent\Sounds.lnk 620 bytes
                                                C:\Documents and Settings\Smokey\Recent\Symantec.lnk 560 bytes
                                                C:\Documents and Settings\Smokey\Recent\TRAVELDRIVE (J).lnk 190 bytes
                                                Emptied Recycle Bin (2 files) 962 bytes
                                                C:\WINDOWS\MiniDump\Mini010108-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini010308-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini010508-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini010608-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini010708-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini010808-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini011208-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini011308-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini011308-02.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini011508-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini012208-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini020308-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini020308-02.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini020408-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini020607-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini020908-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini040207-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini040407-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini040407-02.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini041907-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini051207-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini052307-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini061807-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini070507-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini080508-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini082107-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini082307-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini082407-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini082507-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini082607-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini090707-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini092307-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini092507-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini092907-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini092907-02.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini100107-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini100707-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini100807-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini100907-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini101007-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini101107-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini102407-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini111407-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini111507-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini111807-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini111807-02.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini112007-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini120407-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini120507-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini120507-02.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini120607-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini120707-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini120707-02.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini120807-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini120907-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini121107-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini121207-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini121407-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini121607-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini122007-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini122107-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini122307-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini122407-01.dmp 92.00KB
                                                C:\WINDOWS\MiniDump\Mini122507-01.dmp 92.00KB
                                                C:\WINDOWS\system32\wbem\Logs\FrameWork.log 47.69KB
                                                C:\WINDOWS\system32\wbem\Logs\mofcomp.log 11.60KB
                                                C:\WINDOWS\system32\wbem\Logs\replog.log 400 bytes
                                                C:\WINDOWS\system32\wbem\Logs\setup.log 4.84KB
                                                C:\WINDOWS\system32\wbem\Logs\wbemcore.log 142 bytes
                                                C:\WINDOWS\system32\wbem\Logs\wbemess.log 27.13KB
                                                C:\WINDOWS\system32\wbem\Logs\wbemprox.log 18.64KB
                                                C:\WINDOWS\system32\wbem\Logs\wmiadap.log 3.79KB
                                                C:\WINDOWS\system32\wbem\Logs\wmiprov.log 55.73KB
                                                C:\WINDOWS\system32\wbem\Logs\FrameWork.lo_ 64.08KB
                                                C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ 64.13KB
                                                C:\WINDOWS\system32\wbem\Logs\wbemprox.lo_ 64.07KB
                                                The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                Kryptonite

                                                  Topic Starter


                                                  Intermediate

                                                • It's not hard to tell where MY head is at
                                                • Thanked: 2
                                                  Re: Installing Spybot ( other programs without internet access? )
                                                  « Reply #37 on: August 07, 2008, 11:08:18 PM »
                                                  C:\WINDOWS\0.log 0 bytes
                                                  C:\WINDOWS\AwayMode160.log 5.28KB
                                                  C:\WINDOWS\cmsetacl.log 200 bytes
                                                  C:\WINDOWS\COM+.log 2.83KB
                                                  C:\WINDOWS\comsetup.log 0.28MB
                                                  C:\WINDOWS\DHCPUPG.LOG 178 bytes
                                                  C:\WINDOWS\DPINST.LOG 20.86KB
                                                  C:\WINDOWS\DtcInstall.log 1.57KB
                                                  C:\WINDOWS\ehOCGen.log 47.31KB
                                                  C:\WINDOWS\EventSystem.log 13.63KB
                                                  C:\WINDOWS\FaxSetup.log 0.82MB
                                                  C:\WINDOWS\GEARInstall.log 121 bytes
                                                  C:\WINDOWS\IDNMitigationAPIs.log 6.89KB
                                                  C:\WINDOWS\ie7.log 58.47KB
                                                  C:\WINDOWS\ie7_main.log 22.86KB
                                                  C:\WINDOWS\iis6.log 0.91MB
                                                  C:\WINDOWS\imsins.log 1.32KB
                                                  C:\WINDOWS\KB873339.log 6.40KB
                                                  C:\WINDOWS\KB883667.log 5.00KB
                                                  C:\WINDOWS\KB885250.log 6.60KB
                                                  C:\WINDOWS\KB885835.log 7.18KB
                                                  C:\WINDOWS\KB885836.log 6.88KB
                                                  C:\WINDOWS\KB886185.log 10.35KB
                                                  C:\WINDOWS\KB887472.log 6.32KB
                                                  C:\WINDOWS\KB887742.log 6.48KB
                                                  C:\WINDOWS\KB887998.log 7.33KB
                                                  C:\WINDOWS\KB888111.log 6.61KB
                                                  C:\WINDOWS\KB888113.log 6.40KB
                                                  C:\WINDOWS\KB888302.log 15.13KB
                                                  C:\WINDOWS\KB888795.log 9.10KB
                                                  C:\WINDOWS\KB890175.log 6.80KB
                                                  C:\WINDOWS\KB890859.log 30.23KB
                                                  C:\WINDOWS\KB890859Uninst.log 2.24KB
                                                  C:\WINDOWS\KB891593.log 5.56KB
                                                  C:\WINDOWS\KB891781.log 5.13KB
                                                  C:\WINDOWS\KB892050.log 5.88KB
                                                  C:\WINDOWS\KB892130.log 12.48KB
                                                  C:\WINDOWS\KB893066.log 6.06KB
                                                  C:\WINDOWS\KB893357.log 5.38KB
                                                  C:\WINDOWS\KB893756.log 16.00KB
                                                  C:\WINDOWS\KB893803v2.log 6.08KB
                                                  C:\WINDOWS\KB895961.log 5.47KB
                                                  C:\WINDOWS\KB896358.log 8.00KB
                                                  C:\WINDOWS\KB896422.log 7.65KB
                                                  C:\WINDOWS\KB896423.log 37.67KB
                                                  C:\WINDOWS\KB896423Uninst.log 1.62KB
                                                  C:\WINDOWS\KB896424.log 7.16KB
                                                  C:\WINDOWS\KB896428.log 15.37KB
                                                  C:\WINDOWS\KB898458.log 5.99KB
                                                  C:\WINDOWS\KB898461.log 6.84KB
                                                  C:\WINDOWS\KB899337.log 8.87KB
                                                  C:\WINDOWS\KB899510.log 8.30KB
                                                  C:\WINDOWS\KB899587.log 45.83KB
                                                  C:\WINDOWS\KB899587Uninst.log 1.62KB
                                                  C:\WINDOWS\KB899591.log 16.14KB
                                                  C:\WINDOWS\KB900325.log 24.31KB
                                                  C:\WINDOWS\KB900485.log 16.72KB
                                                  C:\WINDOWS\KB900725.log 32.31KB
                                                  C:\WINDOWS\KB900725Uninst.log 1.75KB
                                                  C:\WINDOWS\KB901017.log 15.82KB
                                                  C:\WINDOWS\KB901214.log 7.45KB
                                                  C:\WINDOWS\KB902400.log 20.40KB
                                                  C:\WINDOWS\KB902841.log 9.27KB
                                                  C:\WINDOWS\KB903157.log 4.57KB
                                                  C:\WINDOWS\KB904706.log 17.02KB
                                                  C:\WINDOWS\KB904942.log 15.71KB
                                                  C:\WINDOWS\KB905414.log 34.94KB
                                                  C:\WINDOWS\KB905414Uninst.log 1.62KB
                                                  C:\WINDOWS\KB905749.log 29.09KB
                                                  C:\WINDOWS\KB905749Uninst.log 1.62KB
                                                  C:\WINDOWS\KB906569.log 4.82KB
                                                  C:\WINDOWS\KB908246.log 5.44KB
                                                  C:\WINDOWS\KB908519.log 19.04KB
                                                  C:\WINDOWS\KB908531.log 18.72KB
                                                  C:\WINDOWS\KB910393.log 5.09KB
                                                  C:\WINDOWS\KB910437.log 26.04KB
                                                  C:\WINDOWS\KB910437Uninst.log 1.74KB
                                                  C:\WINDOWS\KB911280.log 15.51KB
                                                  C:\WINDOWS\KB911562.log 18.94KB
                                                  C:\WINDOWS\KB911565.log 6.52KB
                                                  C:\WINDOWS\KB911927.log 40.14KB
                                                  C:\WINDOWS\KB911927Uninst.log 1.75KB
                                                  C:\WINDOWS\KB912024.log 19.85KB
                                                  C:\WINDOWS\KB912067.log 19.74KB
                                                  C:\WINDOWS\KB912812.log 30.59KB
                                                  C:\WINDOWS\KB912919.log 18.52KB
                                                  C:\WINDOWS\KB912945.log 11.83KB
                                                  C:\WINDOWS\KB913580.log 30.00KB
                                                  C:\WINDOWS\KB913580Uninst.log 2.65KB
                                                  C:\WINDOWS\KB913800.log 31.24KB
                                                  C:\WINDOWS\KB913800Uninst.log 5.93KB
                                                  C:\WINDOWS\KB914388.log 36.15KB
                                                  C:\WINDOWS\KB914388Uninst.log 2.14KB
                                                  C:\WINDOWS\KB914389.log 16.65KB
                                                  C:\WINDOWS\KB914440.log 7.46KB
                                                  C:\WINDOWS\KB915865.log 8.95KB
                                                  C:\WINDOWS\KB916595.log 15.71KB
                                                  C:\WINDOWS\KB917344.log 35.17KB
                                                  C:\WINDOWS\KB917344Uninst.log 1.75KB
                                                  C:\WINDOWS\KB917422.log 15.83KB
                                                  C:\WINDOWS\KB917734.log 30.83KB
                                                  C:\WINDOWS\KB917734Uninst.log 2.24KB
                                                  C:\WINDOWS\KB917953.log 15.83KB
                                                  C:\WINDOWS\KB918118.log 16.03KB
                                                  C:\WINDOWS\KB918439.log 15.69KB
                                                  C:\WINDOWS\KB919007.log 15.83KB
                                                  C:\WINDOWS\KB920213.log 36.91KB
                                                  C:\WINDOWS\KB920213Uninst.log 2.00KB
                                                  C:\WINDOWS\KB920670.log 15.50KB
                                                  C:\WINDOWS\KB920683.log 27.90KB
                                                  C:\WINDOWS\KB920683Uninst.log 1.95KB
                                                  C:\WINDOWS\KB920685.log 15.69KB
                                                  C:\WINDOWS\KB920872.log 17.40KB
                                                  C:\WINDOWS\KB921398.log 37.06KB
                                                  C:\WINDOWS\KB921398Uninst.log 1.82KB
                                                  C:\WINDOWS\KB921503.log 19.38KB
                                                  C:\WINDOWS\KB922582.log 23.84KB
                                                  C:\WINDOWS\KB922582Uninst.log 2.19KB
                                                  C:\WINDOWS\KB922616.log 39.64KB
                                                  C:\WINDOWS\KB922616Uninst.log 1.75KB
                                                  C:\WINDOWS\KB922819.log 42.23KB
                                                  C:\WINDOWS\KB922819Uninst.log 1.98KB
                                                  C:\WINDOWS\KB923191.log 13.59KB
                                                  C:\WINDOWS\KB923414.log 15.83KB
                                                  C:\WINDOWS\KB923689.log 9.04KB
                                                  C:\WINDOWS\KB923694.log 16.23KB
                                                  C:\WINDOWS\KB923723.log 9.04KB
                                                  C:\WINDOWS\KB923980.log 16.38KB
                                                  C:\WINDOWS\KB924191.log 42.31KB
                                                  C:\WINDOWS\KB924191Uninst.log 1.75KB
                                                  C:\WINDOWS\KB924270.log 39.31KB
                                                  C:\WINDOWS\KB924270Uninst.log 2.11KB
                                                  C:\WINDOWS\KB924496.log 44.34KB
                                                  C:\WINDOWS\KB924496Uninst.log 1.68KB
                                                  C:\WINDOWS\KB924667.log 14.40KB
                                                  C:\WINDOWS\KB925398.log 7.65KB
                                                  C:\WINDOWS\KB925454.log 80.87KB
                                                  C:\WINDOWS\KB925454Uninst.log 3.89KB
                                                  C:\WINDOWS\KB925486.log 16.09KB
                                                  C:\WINDOWS\KB925902.log 13.14KB
                                                  C:\WINDOWS\KB926251.log 4.80KB
                                                  C:\WINDOWS\KB926255.log 31.30KB
                                                  C:\WINDOWS\KB926255Uninst.log 1.74KB
                                                  C:\WINDOWS\KB926436.log 16.63KB
                                                  C:\WINDOWS\KB927779.log 20.99KB
                                                  C:\WINDOWS\KB927802.log 18.15KB
                                                  C:\WINDOWS\KB927891.log 8.12KB
                                                  C:\WINDOWS\KB928090.log 33.53KB
                                                  C:\WINDOWS\KB928255.log 17.81KB
                                                  C:\WINDOWS\KB928843.log 12.28KB
                                                  C:\WINDOWS\KB929123.log 12.82KB
                                                  C:\WINDOWS\KB929338.log 12.89KB
                                                  C:\WINDOWS\KB929969.log 21.47KB
                                                  C:\WINDOWS\KB930178.log 13.45KB
                                                  C:\WINDOWS\KB930494.log 6.28KB
                                                  C:\WINDOWS\KB930916.log 12.92KB
                                                  C:\WINDOWS\KB931261.log 13.15KB
                                                  C:\WINDOWS\KB931768.log 17.81KB
                                                  C:\WINDOWS\KB931784.log 15.06KB
                                                  C:\WINDOWS\KB931836.log 26.60KB
                                                  C:\WINDOWS\KB932168.log 16.00KB
                                                  C:\WINDOWS\KB932823-v3.log 14.98KB
                                                  C:\WINDOWS\KB933360.log 22.50KB
                                                  C:\WINDOWS\KB933566-IE7.log 24.95KB
                                                  C:\WINDOWS\KB933566.log 33.62KB
                                                  C:\WINDOWS\KB933729.log 13.88KB
                                                  C:\WINDOWS\KB935448.log 8.68KB
                                                  C:\WINDOWS\KB935839.log 12.14KB
                                                  C:\WINDOWS\KB935840.log 12.17KB
                                                  C:\WINDOWS\KB936021.log 20.48KB
                                                  C:\WINDOWS\KB936357.log 12.28KB
                                                  C:\WINDOWS\KB936782.log 5.82KB
                                                  C:\WINDOWS\KB937143-IE7.log 23.55KB
                                                  C:\WINDOWS\KB937894.log 20.02KB
                                                  C:\WINDOWS\KB938127-IE7.log 13.07KB
                                                  C:\WINDOWS\KB938828.log 20.00KB
                                                  C:\WINDOWS\KB938829.log 19.18KB
                                                  C:\WINDOWS\KB939653-IE7.log 23.29KB
                                                  C:\WINDOWS\KB941202.log 11.33KB
                                                  C:\WINDOWS\KB941568.log 16.08KB
                                                  C:\WINDOWS\KB941569.log 13.21KB
                                                  C:\WINDOWS\KB941644.log 12.50KB
                                                  C:\WINDOWS\KB941693.log 12.99KB
                                                  C:\WINDOWS\KB942615-IE7.log 24.18KB
                                                  C:\WINDOWS\KB942763.log 30.61KB
                                                  C:\WINDOWS\KB943055.log 12.73KB
                                                  C:\WINDOWS\KB943460.log 8.22KB
                                                  C:\WINDOWS\KB943485.log 12.58KB
                                                  C:\WINDOWS\KB944533-IE7.log 24.86KB
                                                  C:\WINDOWS\KB944653.log 12.41KB
                                                  C:\WINDOWS\KB945553.log 13.95KB
                                                  C:\WINDOWS\KB946026.log 19.31KB
                                                  C:\WINDOWS\KB948590.log 14.33KB
                                                  C:\WINDOWS\KB950749.log 17.16KB
                                                  C:\WINDOWS\KB950759-IE7.log 24.93KB
                                                  C:\WINDOWS\KB950760.log 9.45KB
                                                  C:\WINDOWS\KB950762.log 11.01KB
                                                  C:\WINDOWS\KB951376-v2.log 22.03KB
                                                  C:\WINDOWS\KB951698.log 33.90KB
                                                  C:\WINDOWS\KB951748.log 33.09KB
                                                  C:\WINDOWS\MCSetup.log 2.38KB
                                                  C:\WINDOWS\MCSetup_UI.log 1.51KB
                                                  C:\WINDOWS\medblker.Log 1.62KB
                                                  C:\WINDOWS\MedCtrOC.log 0.10MB
                                                  C:\WINDOWS\msgsocm.log 41.57KB
                                                  C:\WINDOWS\msmqinst.log 0.25MB
                                                  C:\WINDOWS\msxml4-KB936181-enu.LOG 0.28MB
                                                  C:\WINDOWS\netfxocm.log 0.15MB
                                                  C:\WINDOWS\NLSDownlevelMapping.log 6.55KB
                                                  C:\WINDOWS\ntdtcsetup.log 0.17MB
                                                  C:\WINDOWS\ocgen.log 0.40MB
                                                  C:\WINDOWS\ocmsn.log 45.73KB
                                                  C:\WINDOWS\plusoc.log 97.78KB
                                                  C:\WINDOWS\regopt.log 3.29KB
                                                  C:\WINDOWS\sessmgr.setup.log 2.67KB
                                                  C:\WINDOWS\setupact.log 0.34MB
                                                  C:\WINDOWS\setupapi.log 37.05KB
                                                  C:\WINDOWS\setuperr.log 399 bytes
                                                  C:\WINDOWS\spupdsvc.log 42.14KB
                                                  C:\WINDOWS\SpywareDoctor5Uninstall.log 998 bytes
                                                  C:\WINDOWS\svcpack.log 51.73KB
                                                  C:\WINDOWS\tabletoc.log 41.35KB
                                                  C:\WINDOWS\TmComm.log 0.48MB
                                                  C:\WINDOWS\tmevtmgr.log 13.01KB
                                                  C:\WINDOWS\TMFilter.log 2.87KB
                                                  C:\WINDOWS\tsoc.log 0.38MB
                                                  C:\WINDOWS\updspapi.log 0.13MB
                                                  C:\WINDOWS\WgaNotify.log 6.02KB
                                                  C:\WINDOWS\WINNT32.LOG 15.94KB
                                                  C:\WINDOWS\wmsetup.log 39.07KB
                                                  C:\WINDOWS\wmsetup10.log 236 bytes
                                                  C:\WINDOWS\wsdu.log 35.33KB
                                                  C:\WINDOWS\xpsp1hfm.log 1.05KB
                                                  C:\WINDOWS\imsins.BAK 1.32KB
                                                  C:\WINDOWS\ntbtlog.txt 0.25MB
                                                  C:\WINDOWS\OEWABLog.txt 2.50KB
                                                  C:\WINDOWS\setuplog.txt 0.99MB
                                                  C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 5.82MB
                                                  C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 64.56KB
                                                  C:\WINDOWS\Debug\blastcln.log 286 bytes
                                                  C:\WINDOWS\Debug\mrt.log 9.97KB
                                                  C:\WINDOWS\Debug\mrteng.log 6.80KB
                                                  C:\WINDOWS\Debug\NetSetup.LOG 4.27KB
                                                  C:\WINDOWS\Debug\UserMode\userenv.log 0.13MB
                                                  C:\WINDOWS\Debug\UserMode\userenv.bak 0.34MB
                                                  C:\WINDOWS\security\logs\backup.log 2.72KB
                                                  C:\WINDOWS\security\logs\ProfSec.log 7.81KB
                                                  C:\WINDOWS\security\logs\SceRoot.log 588 bytes
                                                  C:\WINDOWS\security\logs\scesetup.log 0.39MB
                                                  C:\WINDOWS\security\logs\scecomp.old 228 bytes
                                                  Removed Cookie: geekstogo.com
                                                  Removed Cookie: computerhope.com
                                                  Removed Cookie: intellitxt.com
                                                  Removed Cookie: www.bleepingcomputer.com
                                                  Removed Cookie: bleepingcomputer.com
                                                  Removed Cookie: quantserve.com
                                                  Removed Cookie: google.com
                                                  Removed Cookie: housecall65.trendmicro.com
                                                  Removed Cookie: us.trendmicro.com
                                                  Removed Cookie: ask.com
                                                  Removed Cookie: mozilla.com
                                                  Removed Cookie: directory-assistance.net
                                                  Removed Cookie: thelist.com
                                                  Removed Cookie: 2o7.net
                                                  Removed Cookie: ad.yieldmanager.com
                                                  Removed Cookie: walmart.com
                                                  Removed Cookie: yahoo.com
                                                  Removed Cookie: atdmt.com
                                                  Removed Cookie: doubleclick.net
                                                  Removed Cookie: walmartwom.com
                                                  Removed Cookie: housecall.trendmicro.com
                                                  Removed Cookie: trialpay.com
                                                  Removed Cookie: did-it.com
                                                  Removed Cookie: server.iad.liveperson.net
                                                  Removed Cookie: statse.webtrendslive.com
                                                  Removed Cookie: mediaplex.com
                                                  Removed Cookie: askredir.com
                                                  Removed Cookie: snapfiles.com
                                                  Removed Cookie: techspot.com
                                                  Removed Cookie: www.techspot.com
                                                  Removed Cookie: com.com
                                                  Removed Cookie: tribalfusion.com
                                                  Removed Cookie: xiti.com
                                                  Removed Cookie: computing.net
                                                  Removed Cookie: apmebf.com
                                                  Removed Cookie: techsupportforum.com
                                                  Removed Cookie: www.techsupportforum.com
                                                  Removed Cookie: www.perfectuninstaller.com
                                                  Removed Cookie: clickbank.net
                                                  Removed Cookie: pcauthorities.com
                                                  Removed Cookie: www.googleadservices.com
                                                  Removed Cookie: aus2.mozilla.org
                                                  Removed Cookie: att.com
                                                  Removed Cookie: cnet.com
                                                  Removed Cookie: download.com
                                                  Removed Cookie: experts-exchange.com
                                                  Removed Cookie: pcmag.com
                                                  Removed Cookie: pctools.com
                                                  Removed Cookie: download.mozilla.org
                                                  Removed Cookie: www.pcmag.com
                                                  C:\Documents and Settings\Smokey\Application Data\Mozilla\Firefox\Profiles\3uy39rbu.default\downloads.rdf 8.93KB
                                                  Firefox/Mozilla Temporary Internet Cache (22 files) 4.11MB
                                                  C:\Documents and Settings\Smokey\Application Data\Mozilla\Firefox\Profiles\3uy39rbu.default\history.dat 0.12MB
                                                  C:\Documents and Settings\Smokey\Application Data\Microsoft\Office\Recent\Desktop.ini 95 bytes
                                                  C:\Documents and Settings\Smokey\Application Data\Microsoft\Office\Recent\DrWeb.LNK 265 bytes
                                                  C:\Documents and Settings\Smokey\Application Data\Microsoft\Office\Recent\DrWeb2.LNK 270 bytes
                                                  C:\Documents and Settings\Smokey\Application Data\Microsoft\Office\Recent\DrWeb2a.LNK 273 bytes
                                                  C:\Documents and Settings\Smokey\Application Data\Microsoft\Office\Recent\index.dat 91 bytes
                                                  C:\Documents and Settings\Smokey\Application Data\Microsoft\Office\Recent\TRAVELDRIVE (J).LNK 190 bytes
                                                  C:\Documents and Settings\Smokey\Application Data\Google\Local Search History\google%2Eweb.w 90 bytes
                                                  C:\Documents and Settings\Smokey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\vmchecker.class-7ac16f10-16036e53.class 5.30KB
                                                  C:\Documents and Settings\Smokey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\vmchecker.class-7ac16f10-16036e53.idx 295 bytes
                                                  C:\Documents and Settings\Smokey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\hcImpl.jar-50174dc1-77f1a6d4.idx 41.44KB
                                                  C:\Documents and Settings\Smokey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\hcImpl.jar-50174dc1-77f1a6d4.zip 0.88MB
                                                  C:\WINDOWS\Internet Logs\ZALog2008.08.05.txt 17.81KB
                                                  C:\Documents and Settings\Smokey\Application Data\Macromedia\Flash Player\#SharedObjects\FQH3Z3PC\twitter.com\flash\twitter_badge.swf\OdeoPodcastPlayerColors.sol 65 bytes
                                                  C:\Documents and Settings\Smokey\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#twitter.com\settings.sol 81 bytes
                                                  C:\Documents and Settings\Smokey\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 434 bytes
                                                  C:\Program Files\Common Files\Real\Update_OB\RealPlayer-log.txt 76.15KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080805-2045.log 965 bytes
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080805-2100.txt 3.37KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080805-2106.log 426 bytes
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080805-2141.log 193 bytes
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080805-2141.txt 2.07KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080805-2142.txt 1.77KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080806-0131.log 503 bytes
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080806-0155.txt 2.14KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080806-0306.log 426 bytes
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080806-0345.txt 2.07KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080806-1228.log 516 bytes
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080806-1259.txt 2.16KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080806-1408.log 426 bytes
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080806-1433.txt 2.07KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080806-1442.log 426 bytes
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080806-1520.txt 2.07KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080807-0954.log 193 bytes
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080807-1000.txt 1.77KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.080805-2102.txt 3.31KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.080805-2103.txt 3.31KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.080806-0302.txt 2.14KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.080806-0303.txt 2.14KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.080806-1301.txt 2.15KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.080806-1437.txt 2.07KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.080806-1534.txt 2.07KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Resident.log 8.21KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Update downloads.log 1.17KB
                                                  C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini 692 bytes
                                                  ------------------------------------------------------------------------------------------
                                                  The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                  evilfantasy

                                                  • Malware Removal Specialist
                                                  • Moderator


                                                  • Genius
                                                  • Calm like a bomb
                                                  • Thanked: 493
                                                  • Experience: Experienced
                                                  • OS: Windows 11
                                                  Re: Installing Spybot ( other programs without internet access? )
                                                  « Reply #38 on: August 07, 2008, 11:14:33 PM »

                                                  Is that a CCleaner log ???

                                                  You can empty the Trend Micro quarantined files.

                                                  Go to C:\Documents and Settings\Smokey\DoctorWeb\Quarantine and delete the contents of what is in there.

                                                  Delete this entire Symantec folder. C:\Documents and Settings\All Users\Application Data\Symantec

                                                  Do you use IncrediMail?

                                                  If not then delete the installer folder. C:\Program Files\IncrediMail

                                                  Empty the recycle bin.

                                                  Delete temporary files

                                                  Go to:
                                                  • Start
                                                  • Run
                                                  • type: CLEANMGR.EXE
                                                  • Press Enter.
                                                  When prompted select the C: drive and click OK.
                                                  Check the boxes for:
                                                  • Temporary Internet Files
                                                  • Downloaded Program Files
                                                  • Recycle Bin
                                                  • Temporary Files
                                                  .
                                                  Click OK or Enter

                                                  ----------

                                                  Now you are clear of malware. Everything still running OK?

                                                  Kryptonite

                                                    Topic Starter


                                                    Intermediate

                                                  • It's not hard to tell where MY head is at
                                                  • Thanked: 2
                                                    Re: Installing Spybot ( other programs without internet access? )
                                                    « Reply #39 on: August 08, 2008, 10:12:48 AM »
                                                    Hopefully this is winding down.

                                                    In the list of things that could be cleaned up
                                                     Dowloaded Programs has zero KB
                                                    Temp INt has 2631KB
                                                    Recycle bin has 71,746 kb
                                                    Temp has Zero
                                                    but one you didn't mention "Office steup files" has 196,114 KB
                                                    Will wait to hear what your advice is about the Office folder

                                                    Don't want that mail program that you mentioned, it's not in the add remove folder. There's quite a few things on here that i do not want including some empty folders in the root directory.

                                                    What's the story on deleting directly from the root directory? Does that confus the registry? How do i get those programs out?

                                                    The only thing left that spybot finds is that wildtangent " 3 PUPS " thing and it must be associated with other things cause it don't want to go away. One of the programs that i downloaded but did not use is something called Perfect uninstaller. Suppose to uninstall anything and everything you want off of your computer and make sure that it doesn't cause problems once it's gone.
                                                    Some of thse programs are like a bullet lodged in a part of your body that would cause more damage getting it out than living with it....at least that's how it seems from past experiences taking a clean up too far.
                                                    The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                    evilfantasy

                                                    • Malware Removal Specialist
                                                    • Moderator


                                                    • Genius
                                                    • Calm like a bomb
                                                    • Thanked: 493
                                                    • Experience: Experienced
                                                    • OS: Windows 11
                                                    Re: Installing Spybot ( other programs without internet access? )
                                                    « Reply #40 on: August 08, 2008, 01:45:36 PM »
                                                    This will let me see what all needs to be done to get rid of all the trash.

                                                    Download to your desktop ISeeYouXP.exe by ShadowPuterDude
                                                    Next double-click on ISeeYouXP.exe, this should be on your desktop.
                                                     
                                                    ISeeYouXP.exe will self-extract ISeeYouXP to C:\ISeeYouXP.
                                                     
                                                    Open My Computer on the Desktop and navigate to C:\ISeeYouXP and locate:
                                                    ISeeYouXP.bat
                                                               
                                                    Double-click ISeeYouXP.bat to run the script.
                                                     
                                                    Post the following logs
                                                    ISeeYouXP

                                                    Kryptonite

                                                      Topic Starter


                                                      Intermediate

                                                    • It's not hard to tell where MY head is at
                                                    • Thanked: 2
                                                      Re: Installing Spybot ( other programs without internet access? )
                                                      « Reply #41 on: August 09, 2008, 03:34:09 AM »
                                                      EF,

                                                      When i click on the link you've provided the download screen comes up but there is no "save" feature. In fact the only option is "cancel"

                                                      i copied and pasted the link exactly as you have it into a search and very little came up and nothing with those words. i tried changing it to: I seeYOURXP.exe and also found nothing. Maybe i should try a search for PeterDude but might guess to come up with a *censored* site ( not personal Peter. HA! )

                                                      Been holding back on updates as you suggested however i'm wondering if a driver update on my video card might not make a difference in this monitor black out that happens every once and a while. It does seem as if it happens around the time that i get a Trend Micro warning from spybot. Before all of this clean up took place i would hear a clicking sound ( if i knew my window sounds by name i could tell you which one it is but i don't remember them )

                                                      Tempted to try that update but will wait until i hear back from you.

                                                      It might be of interest to note that this desktop now boots in less than a minute while my laptop takes several minutes to boot. Once this one become my official everyday home computer i'll begin reading the cures for a slow computer here.

                                                      The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                      evilfantasy

                                                      • Malware Removal Specialist
                                                      • Moderator


                                                      • Genius
                                                      • Calm like a bomb
                                                      • Thanked: 493
                                                      • Experience: Experienced
                                                      • OS: Windows 11
                                                      Re: Installing Spybot ( other programs without internet access? )
                                                      « Reply #42 on: August 09, 2008, 03:28:54 PM »
                                                      What happens if you right click the link and then choose Save or Save as?

                                                      Kryptonite

                                                        Topic Starter


                                                        Intermediate

                                                      • It's not hard to tell where MY head is at
                                                      • Thanked: 2
                                                        Re: Installing Spybot ( other programs without internet access? )
                                                        « Reply #43 on: August 10, 2008, 06:14:57 AM »
                                                        Tried your suggestion on my laptop which runs Avira as my antivirus program....got three warnings from Avira:
                                                        WORM/KillProc.C worm.       Avira recommended "DENY" which i did.

                                                        Avira has given a few false-positives in the past, so i don't know what's what?

                                                        There was another situation with the HP that is very curious; don't think it's a virus issue, however it just might be.
                                                        Put it in "hibernate" when i left the house around 6am ( first time for "hibernate" on the HP ) and also left it connected to the live modem.
                                                        Around 6:30 PM i went into the room to switch the modem over to the laptop so i could use that MagicJack program to make phone calls. The HP was on at the sign on screen.
                                                        Is there an On Alarm somewhere in the control panel or another place that i don't know about? Can a hibernating computer be awakened remotely?
                                                        Something turned it on...could a power dip or momentary pause trigger it to come back on?
                                                        Could it be a "bad thing" still embedded somewhere in a remote file?

                                                        Maybe i should have purchased a new cheapo computer with little more than an OS and plenty or RAM. Thoughts on using one of them ( a new cheapo PC ) simply for phone use?

                                                        Is this "SeeyouXP" the only program of it's kind to do what you are looking to see? If it is i'm sure we could find another site to download it.


                                                        The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                        evilfantasy

                                                        • Malware Removal Specialist
                                                        • Moderator


                                                        • Genius
                                                        • Calm like a bomb
                                                        • Thanked: 493
                                                        • Experience: Experienced
                                                        • OS: Windows 11
                                                        Re: Installing Spybot ( other programs without internet access? )
                                                        « Reply #44 on: August 10, 2008, 10:26:40 AM »
                                                        KillProc is part of ISeeYouXP so it's OK to allow it.

                                                        Something turned it on yes, not sure what. It's a common thing with some PC's. You just have to turn things off and on one at a time to find out which one is causing it.

                                                        Kryptonite

                                                          Topic Starter


                                                          Intermediate

                                                        • It's not hard to tell where MY head is at
                                                        • Thanked: 2
                                                          Re: Installing Spybot ( other programs without internet access? )
                                                          « Reply #45 on: August 11, 2008, 03:26:10 AM »
                                                          Gotta switch back to the HP to do the download again on that PC.

                                                          Avira has been very active lately on my laptop giving me warnings about some of the programs that you had me download to desk top. If you recall I had no internet access so i was downloading to the laptop.

                                                          i've been telling Avira to "deny" access to those programs but yesterday i Virus or unwanted program 'DR/Hupigon.dckd.1 [dropper]'
                                                          detected in file 'C:\System Volume Information\_restore{xxxxxxxxxxxxxxxxxx}\RP346\A0070770.exe.
                                                          Action performed: Move file to quarantine
                                                          and Virus or unwanted program 'DR/Hupigon.dckd.1 [dropper]'
                                                          detected in file 'C:\Documents and Settings\Owner\Desktop\SDFix.exe.
                                                          Action performed: Move file to quarantine

                                                          Yes, this laptop was running slow before all of this stuff with the HP but since downloading all of those programs to this computer ( not running them ) the *censored* thing is so slow that i just walk away from it while it is booting.

                                                          Can i follow the same procedures with this PC as i did with the other in the order that you laid it out and get the same or similar results?
                                                          If i do, i suspect that i'd have to post all of the results again which is asking a lot of you to more or less start this lengthy process all over again. But this laptop is now ridiculously slow to do just about anything.
                                                          The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                          Kryptonite

                                                            Topic Starter


                                                            Intermediate

                                                          • It's not hard to tell where MY head is at
                                                          • Thanked: 2
                                                            Re: Installing Spybot ( other programs without internet access? )
                                                            « Reply #46 on: August 11, 2008, 05:05:24 AM »
                                                            Got the print out for ISEEYOUXP...will post that here in a minute. Not sure if this will show up on that print out but this has happened with a number of the programs that you've suggested that i run and i keep forgetting to write it down and tell you about it. i think i know why this is happening but will leave it up to you to tell me. When i launch these programs, this time with ISEEYOUXP, i get this warning message that says:

                                                            C:prog...~1\symantec\s32evnt1.dll an installable virtual device failed dll intiactivate ( not sure of the last word since i can't understand my own shorthand....you probably know the warning none-the-less )
                                                            There isn't any symantec programs on this computer but i suspect that at one time there was but it wasn't un-installed completely and or properly. This once again leads to that question about deleting folders directly from the root directory. Is there a general rule about doing that? Thought my analogy about leaving a bullet in a persons body since the damage done to remove it would be far greater than the damage done leaving it in wherever it is lodged.

                                                            When i tried posting the report i got a warning that "The message exceeds the maximum allowed length
                                                            ( 20000 characters )
                                                             Will split it up. Is there a way to zip it or condense it for posting here in/on CH?
                                                            The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                            Kryptonite

                                                              Topic Starter


                                                              Intermediate

                                                            • It's not hard to tell where MY head is at
                                                            • Thanked: 2
                                                              Re: Installing Spybot ( other programs without internet access? )
                                                              « Reply #47 on: August 11, 2008, 05:12:41 AM »
                                                              ISEEYOUXP                                           


                                                              http://www.savefile.com/files/1723363
                                                              « Last Edit: August 11, 2008, 05:07:45 PM by evilfantasy »
                                                              The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                              Kryptonite

                                                                Topic Starter


                                                                Intermediate

                                                              • It's not hard to tell where MY head is at
                                                              • Thanked: 2
                                                                « Last Edit: August 11, 2008, 05:08:20 PM by evilfantasy »
                                                                The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                Kryptonite

                                                                  Topic Starter


                                                                  Intermediate

                                                                • It's not hard to tell where MY head is at
                                                                • Thanked: 2
                                                                  « Last Edit: August 11, 2008, 05:10:53 PM by evilfantasy »
                                                                  The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                  Kryptonite

                                                                    Topic Starter


                                                                    Intermediate

                                                                  • It's not hard to tell where MY head is at
                                                                  • Thanked: 2
                                                                    « Last Edit: August 11, 2008, 05:13:25 PM by evilfantasy »
                                                                    The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                    Kryptonite

                                                                      Topic Starter


                                                                      Intermediate

                                                                    • It's not hard to tell where MY head is at
                                                                    • Thanked: 2
                                                                      « Last Edit: August 11, 2008, 05:13:40 PM by evilfantasy »
                                                                      The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                      Kryptonite

                                                                        Topic Starter


                                                                        Intermediate

                                                                      • It's not hard to tell where MY head is at
                                                                      • Thanked: 2
                                                                        « Last Edit: August 11, 2008, 05:13:51 PM by evilfantasy »
                                                                        The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                        Kryptonite

                                                                          Topic Starter


                                                                          Intermediate

                                                                        • It's not hard to tell where MY head is at
                                                                        • Thanked: 2
                                                                          « Last Edit: August 11, 2008, 05:14:02 PM by evilfantasy »
                                                                          The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                          Kryptonite

                                                                            Topic Starter


                                                                            Intermediate

                                                                          • It's not hard to tell where MY head is at
                                                                          • Thanked: 2
                                                                            « Last Edit: August 11, 2008, 05:14:14 PM by evilfantasy »
                                                                            The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                            Kryptonite

                                                                              Topic Starter


                                                                              Intermediate

                                                                            • It's not hard to tell where MY head is at
                                                                            • Thanked: 2
                                                                              « Last Edit: August 11, 2008, 05:14:26 PM by evilfantasy »
                                                                              The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                              Kryptonite

                                                                                Topic Starter


                                                                                Intermediate

                                                                              • It's not hard to tell where MY head is at
                                                                              • Thanked: 2
                                                                                « Last Edit: August 11, 2008, 05:14:36 PM by evilfantasy »
                                                                                The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                                Kryptonite

                                                                                  Topic Starter


                                                                                  Intermediate

                                                                                • It's not hard to tell where MY head is at
                                                                                • Thanked: 2
                                                                                  Re: Installing Spybot ( other programs without internet access? )
                                                                                  « Reply #57 on: August 11, 2008, 06:04:38 AM »
                                                                                  That was CRAZY! It took 10 posts to post one report ???

                                                                                  If i posted this question then sorry for asking again but isn't there a way to zip this information? There has to be a way that is better than guessing where to break up a report so the post is with-in the 20K limit.

                                                                                  There is one place that i found that seems not to be complete compared to the report itself. Is the missing information important? Does it appear to be missing because there are similar lines in different parts of the report and guessing where to break it up caused me to lose my place?

                                                                                  Not knowing what all of that information means makes helping someone like you who is helping me difficult because besides the reports there are things that happen or that i am seeing that i do not think is cover in the report(s). Like the computer turning on by itself.

                                                                                  There is also a question about versions of programs and running duplicates. For instance there seems to be two versions of Office ( 2003 and 2007 ) on this computer. The 03 version seems to be a suite whereas 07 seems to be only Word.

                                                                                  There is also a question about the actual OS. i see in the report that it says XP Professional but on the start-up screen ( momentary DOS like screen ) it says Windows Media.
                                                                                  Is it possible that these things cause conflicts of one kind or another?
                                                                                  The screen still goes black for 10 seconds or so from time to time...it use to happen more often before your treatment program and back then it was often proceeded by a clicking sound from the speakers. The clicking is gone and the frequency for blanking out has been reduced but it still happens from time to time. Could a video card driver update fix this problem?
                                                                                  The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                                  evilfantasy

                                                                                  • Malware Removal Specialist
                                                                                  • Moderator


                                                                                  • Genius
                                                                                  • Calm like a bomb
                                                                                  • Thanked: 493
                                                                                  • Experience: Experienced
                                                                                  • OS: Windows 11
                                                                                  Re: Installing Spybot ( other programs without internet access? )
                                                                                  « Reply #58 on: August 11, 2008, 11:52:53 AM »
                                                                                  We will clean up everything when we are done. Hopefully that will stop Avira from alerting you. Some of the tools we are using will cause antivirus to alert you.

                                                                                  Disable Spybot's TeaTimer so it doesn't block the fixes

                                                                                  1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D Resident
                                                                                  2. Run Spybot S&D
                                                                                  3. Go to the Mode menu, and make sure Advanced Mode is selected.
                                                                                  4. On the left hand side, choose Tools > Resident
                                                                                  uncheck Resident TeaTimer and OK any prompt and Restart your computer.

                                                                                  Note:
                                                                                  If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

                                                                                  Go to Start > Run, and copy/paste the following into the Open box:

                                                                                  sc stop Symantec Lic NetConnect service

                                                                                  Now click OK

                                                                                  Now enter this line

                                                                                  sc delete Symantec Lic NetConnect service

                                                                                  Click OK


                                                                                  Download the Norton Removal Tool (SymNRT) to your Desktop.

                                                                                  Once downloaded please close ALL open browsers, also save any work because this may require a restart.

                                                                                  • Go to your desktop and double click on the removal tool and then click Setup.
                                                                                  • Once open Click Next
                                                                                  • Accept the license agreement and click Next
                                                                                  • Type in the letters/numbers that you see into the text box then click Next.
                                                                                  • Then click Next and the tool will start running.
                                                                                  • Once finished restart the PC and run the tool again to ensure everything has been removed.
                                                                                  ----------

                                                                                  Your Java is out of date.

                                                                                  Older versions have vulnerabilities that malicious sites can use to infect your system.

                                                                                  First install the new Sun Java Runtime Environment

                                                                                  Be sure to close all browser windows before beginning the install.

                                                                                  Remove the old version(s)

                                                                                  • Go to add/remove programs and uninstall all old versions.
                                                                                  • Be sure not to remove the new version that was just installed.
                                                                                  • Download JavaRa.zip and unzip the file to your Desktop.
                                                                                  • Open JavaRA.exe and choose Remove Older Versions
                                                                                  • Once complete exit JavaRA and delete the program.
                                                                                  • Run CCleaner.
                                                                                  ----------

                                                                                  1. Double click OTMoveIt2.exe to launch it.
                                                                                  If using Vista Right-Click OTMoveIt and choose Run As Administrator
                                                                                  2. Click on the CleanUp! button.
                                                                                  3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
                                                                                  4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
                                                                                  • When finished exit out of OTMoveIt2
                                                                                  .
                                                                                  ----------

                                                                                  Delete the ISeeYouXP files from the Desktop and also go to C:\ > ISeeYouXP and delete the ISeeYouXP folder.

                                                                                  ----------

                                                                                  Download ATF Cleaner by Atribune to your Desktop.

                                                                                  Alternate download link

                                                                                  Note: Vista users must use Run As Administrator
                                                                                  • Under Main: Select Files to Delete choose: Select All.
                                                                                  • Click the Empty Selected button.
                                                                                  • If you use Firefox browser click Firefox at the top and choose: Select All
                                                                                  • Click the Empty Selected button.
                                                                                    If you would like to keep your saved passwords click No at the prompt.
                                                                                  • If you use Opera browser click Opera at the top and choose: Select All
                                                                                  • Click the Empty Selected button.
                                                                                    If you would like to keep your saved passwords click No at the prompt.
                                                                                  • Click Exit on the Main menu to close the program.
                                                                                  Note that your system will run slower for a reboot or two after having used this tool so don't panic. Right click and delete ATF-Cleaner.

                                                                                  ----------

                                                                                  Clear your System Restore of infected Restore points.

                                                                                  Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are infected, but that's good news)

                                                                                  Turn OFF System Restore

                                                                                  • On the Desktop, right-click My Computer
                                                                                  • Click Properties
                                                                                  • Click the System Restore tab.
                                                                                  • Check Turn off System Restore
                                                                                  • Click Apply, and then click OK
                                                                                  .
                                                                                  Restart your computer

                                                                                  Turn ON System Restore
                                                                                  • On the Desktop, right-click My Computer
                                                                                  • Click Properties
                                                                                  • Click the System Restore tab.
                                                                                  • UN-Check Turn off System Restore
                                                                                  • Click Apply, and then click OK
                                                                                  .
                                                                                  System Restore will now be active again

                                                                                  ----------

                                                                                  Use the Secunia Software Inspector to check for out of date software.
                                                                                  • Click Start Now
                                                                                  • Check the box next to Enable thorough system inspection.
                                                                                  • Click Start
                                                                                  • Allow the scan to finish and scroll down to see if any updates are needed.
                                                                                  • Update anything listed.
                                                                                  .
                                                                                  ----------

                                                                                  Defragment your hard drive

                                                                                  Boot into Safe Mode by restarting your computer - keep tapping F8 until the menu appears.
                                                                                  Use your up and down arrow keys to select Safe Mode
                                                                                  Then click Start > Run > type dfrg.msc
                                                                                  In the top of the window click on the C: drive
                                                                                  Click the Defragment button
                                                                                  This can take some time so please be patient.
                                                                                  Close Disk Defragmenter when finished
                                                                                  Restart into Normal Mode.

                                                                                  A tutorial for disc defragmentation is available at BleepingComputer.com

                                                                                  -----

                                                                                  How is everything now?


                                                                                  Quote
                                                                                  There is also a question about versions of programs and running duplicates. For instance there seems to be two versions of Office ( 2003 and 2007 ) on this computer. The 03 version seems to be a suite whereas 07 seems to be only Word.

                                                                                  I would think that uninstalling 2003 would be what to do bit I'm not sure. I use www.openoffice.org

                                                                                  Quote
                                                                                  There is also a question about the actual OS. i see in the report that it says XP Professional but on the start-up screen ( momentary DOS like screen ) it says Windows Media.

                                                                                  Only Windows Professional can support Media Center. It means you have a TV card and can watch TV from the PC with the right connections between the PC and TV.

                                                                                  Quote
                                                                                  The clicking is gone and the frequency for blanking out has been reduced but it still happens from time to time. Could a video card driver update fix this problem?

                                                                                  Possibly. Might need a new card.

                                                                                  Quote
                                                                                  Can i follow the same procedures with this PC as i did with the other in the order that you laid it out and get the same or similar results?

                                                                                  Yes but start a new thread and post the MBAM and HJT logs.

                                                                                  Quote
                                                                                  When i tried posting the report i got a warning that "The message exceeds the maximum allowed length
                                                                                  ( 20000 characters )
                                                                                   Will split it up. Is there a way to zip it or condense it for posting here in/on CH?

                                                                                  Did I forget to add the instructions to upload it at www.savefile.com ?



                                                                                  « Last Edit: August 11, 2008, 05:12:48 PM by evilfantasy »

                                                                                  Kryptonite

                                                                                    Topic Starter


                                                                                    Intermediate

                                                                                  • It's not hard to tell where MY head is at
                                                                                  • Thanked: 2
                                                                                    Re: Installing Spybot ( other programs without internet access? )
                                                                                    « Reply #59 on: August 12, 2008, 03:33:16 AM »

                                                                                    "Did I forget to add the instructions to upload it at www.savefile.com ?"

                                                                                    Checking back to the post it seems that you may have forgotten the " www.savefile.com"

                                                                                    If it's what i think it is i'll probably need to set up an identity. Will do that today.

                                                                                    EF, that you may have forgotten to mention that is no biggy. That you take the time to help those of us on here that need help is admirable!!! It makes me want to give back to those who may need my help here or anywhere for that matter.

                                                                                    If the world took a lesson out of this example of how to help others we wouldn't be in such a screwed up place politically...

                                                                                    Maybe it will catch on and more people will start giving of them self where and when they can leading to the type of "change" that we all need to make the world a better place to live.

                                                                                    How long have you been with CH?
                                                                                    Are you one of the originals?
                                                                                    Who started this site? Was it Matt from CA?
                                                                                    The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                                    Kryptonite

                                                                                      Topic Starter


                                                                                      Intermediate

                                                                                    • It's not hard to tell where MY head is at
                                                                                    • Thanked: 2
                                                                                      Re: Installing Spybot ( other programs without internet access? )
                                                                                      « Reply #60 on: August 12, 2008, 06:17:35 AM »
                                                                                      i'm up to this point:

                                                                                      Clear your System Restore of infected Restore points.

                                                                                      Before i do this i want to know if this will in anyway effect my bypassing the previous owners passwords and set myself as the administrator?

                                                                                      Then there is the matter of all the game programs that they have on here that i do not want. Should i delete them before i defrag? And you did not mention scan disk and disk clean. Are they worth doing?
                                                                                      The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                                      evilfantasy

                                                                                      • Malware Removal Specialist
                                                                                      • Moderator


                                                                                      • Genius
                                                                                      • Calm like a bomb
                                                                                      • Thanked: 493
                                                                                      • Experience: Experienced
                                                                                      • OS: Windows 11
                                                                                      Re: Installing Spybot ( other programs without internet access? )
                                                                                      « Reply #61 on: August 12, 2008, 02:25:34 PM »
                                                                                      Thanks for the kind words, it makes it all worth while!

                                                                                      I have only been a member here for a short amount of time and I think Matt from CA, has been around for quite a while. The owner is Nathan (screen name Computer Hope Admin ) http://www.computerhope.com/navhelp.htm#1


                                                                                      Kryptonite

                                                                                        Topic Starter


                                                                                        Intermediate

                                                                                      • It's not hard to tell where MY head is at
                                                                                      • Thanked: 2
                                                                                        Re: Installing Spybot ( other programs without internet access? )
                                                                                        « Reply #62 on: August 13, 2008, 04:45:39 AM »
                                                                                        It is all worth it; i speak from any and all of those times that i can help others whether it's with computer stuff
                                                                                        ( yes, there are many things that even i know that others do not, so i do what i can ) or other things from car stuff to art stuff, to building stuff. Money is GREAT but there are things in life that are difficult to put a price on.

                                                                                        Anyway, you might have missed my question since i didn't put it in quotes.

                                                                                        IN your last post instructing me what to do i got to this point:

                                                                                        "Clear your System Restore of infected Restore points."

                                                                                        At that point i stopped because i wondered if those restore points might somehow be related to the original owners of the HP and if there was a chance that i would somehow lose my administrative set point?

                                                                                        Then i asked you about removing the games that these people have on it. i looked for an "uninstall" on some of the games and there is not.

                                                                                        Then there is that question about deleting folders from the root directory when using windows explorer. Somewhere in my memory that goes back to windows 3.1 and Win 95 ( i still have one of my first computers running windows 95 that has never crashed since my Dad gave it to me.

                                                                                        Can those games be deleted directly from that root directory?
                                                                                        The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                                        evilfantasy

                                                                                        • Malware Removal Specialist
                                                                                        • Moderator


                                                                                        • Genius
                                                                                        • Calm like a bomb
                                                                                        • Thanked: 493
                                                                                        • Experience: Experienced
                                                                                        • OS: Windows 11
                                                                                        Re: Installing Spybot ( other programs without internet access? )
                                                                                        « Reply #63 on: August 13, 2008, 11:12:05 AM »
                                                                                        Clearing the Restore Points will be fine. The oldest ones eventually are deleted when newer ones are created.

                                                                                        If a game has no uninstaller to be found then deleting the program folder will work. Then run CCleaners Registry cleaner to get rid of what Registry keys are left over.

                                                                                        Kryptonite

                                                                                          Topic Starter


                                                                                          Intermediate

                                                                                        • It's not hard to tell where MY head is at
                                                                                        • Thanked: 2
                                                                                          Re: Installing Spybot ( other programs without internet access? )
                                                                                          « Reply #64 on: August 14, 2008, 04:14:48 AM »
                                                                                          Thanks. Will complete the rest of the process you laid out a couple of days ago and see how things are then.

                                                                                          In the meantime this laptop has become so slow that i literally put it on and go into the kitchen to make a cup of coffee and wash a few dishes only to find that Zone Alarm is still loading.

                                                                                          Since i do not think that this computer has a virus where should i post the results of a hyjack this? Is that the first report you want me to post?
                                                                                          The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                                          evilfantasy

                                                                                          • Malware Removal Specialist
                                                                                          • Moderator


                                                                                          • Genius
                                                                                          • Calm like a bomb
                                                                                          • Thanked: 493
                                                                                          • Experience: Experienced
                                                                                          • OS: Windows 11
                                                                                          Re: Installing Spybot ( other programs without internet access? )
                                                                                          « Reply #65 on: August 14, 2008, 10:15:08 AM »
                                                                                          Uninstall Zone Alarm and see if it speeds up.

                                                                                          Kryptonite

                                                                                            Topic Starter


                                                                                            Intermediate

                                                                                          • It's not hard to tell where MY head is at
                                                                                          • Thanked: 2
                                                                                            Re: Installing Spybot ( other programs without internet access? )
                                                                                            « Reply #66 on: August 16, 2008, 04:46:40 AM »


                                                                                            ----------

                                                                                            Use the Secunia Software Inspector to check for out of date software.
                                                                                            • Click Start Now
                                                                                            • Check the box next to Enable thorough system inspection.
                                                                                            • Click Start
                                                                                            • Allow the scan to finish and scroll down to see if any updates are needed.
                                                                                            • Update anything listed.
                                                                                            .
                                                                                            ----------


                                                                                            Secunia reports 4 of the same updates for macromedia flash player vs: 6.0.80.0

                                                                                            The only thing different about all of these notifications is the folder where the program resides. The there is a single version for vs: 7.0.19.0 that also resides in one of the same folders that calls for a 6 update.
                                                                                            In the main list of programs that Secunia recommends 3  installations of vs 9 in:
                                                                                            Installed on Your System in:
                                                                                            C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash9c.ocx
                                                                                            and
                                                                                            Installed on Your System in:
                                                                                            C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
                                                                                            and
                                                                                            Installed on Your System in:
                                                                                            C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll

                                                                                            Is this one place where duplication is not needed and in fact presents a conflict of sorts that may manifest in the screen blinking?

                                                                                            So far i am not updating anything until i hear back from you...haven't installed any of the MS updates that they claim to be a security fix. Thought i would wait until there is nothing left to do except update.

                                                                                            BTW one of the folders that i want to delete is one the previous owners had for "Canada" dealings....don't want nor need anything in that(those) folders.
                                                                                            The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                                            evilfantasy

                                                                                            • Malware Removal Specialist
                                                                                            • Moderator


                                                                                            • Genius
                                                                                            • Calm like a bomb
                                                                                            • Thanked: 493
                                                                                            • Experience: Experienced
                                                                                            • OS: Windows 11
                                                                                            Re: Installing Spybot ( other programs without internet access? )
                                                                                            « Reply #67 on: August 16, 2008, 10:53:33 AM »
                                                                                            The MS updates are important and should be done ASAP.

                                                                                            Do this to remove all unstable older versions of Flash.

                                                                                            Download the Flash Player Uninstaller and save it to your desktop.

                                                                                            Run the uninstaller program and then reboot your computer to complete the uninstall.

                                                                                            Download and install the latest version of Flash Player

                                                                                            Kryptonite

                                                                                              Topic Starter


                                                                                              Intermediate

                                                                                            • It's not hard to tell where MY head is at
                                                                                            • Thanked: 2
                                                                                              Re: Installing Spybot ( other programs without internet access? )
                                                                                              « Reply #68 on: August 16, 2008, 07:28:58 PM »
                                                                                              i'm on the laptop now and about ready to post in a new thread the hijack this there...guess it should be here in the malware thread.

                                                                                              Will uninstall the flash in the AM

                                                                                              On that HP that we've been working on i looked for driver updates for the ATI Radeon xpress 200 series on the ATI page and can't seem to find one. However if i do a google search there seems to be any number of pages with programs that will analyze what drivers i need. Is this another ploy to use a program that i really don't want on my now clean computer?

                                                                                              And then there is this ditty that i just found out: the computer was so dusty and dirty that i took it apart to clean it including taking out the fans ( 3 ) and cleaning them with caned air mostly and a fine sable hair brush. One of the fans came off of the processor. It wasn't difficult but i noticed this grey stuff on the fan and on the processor. Been told that i should use a heat conductor to help carry the heat away from the processor. The room is cool and the computer hasn't been on that long at a time. What should i use to bind the fan to the processor and where do i find it?

                                                                                              The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                                              stevejohnson1958

                                                                                              • Guest
                                                                                              Re: Installing Spybot ( other programs without internet access? )
                                                                                              « Reply #69 on: August 16, 2008, 07:47:57 PM »
                                                                                              Far be it from me to throw a wrench into the works here guys...

                                                                                              But can someone please explain to me why the manufacturer wasn't contacted in a situation...such as this...in order to obtain recovery software...(at a reasonable price I might add)...and then use the recovery software to recover this PC?

                                                                                              While the work performed by EF and Kryptonite is noteworthy...one has to realize that enough may be enough...and instead of trying to clean this PC up...one would be better off with a clean install.

                                                                                              Granted...I admire EF's "sticktoitiveness"...however, look at the time spent...and then look at the cost of recovery software and a clean install...

                                                                                              Is it just me...or could this have been racked up as an instance of "buyer beware"?

                                                                                              Not that I'm a party pooper here, but if you got this used...your best bet would have been a clean install...with less to do...than trying to remove all the malware.

                                                                                              Then again...maybe it's just me...

                                                                                              EF...you have the patience of a saint!  Kryptonite...and so do you.

                                                                                              All my best and I hope you get this thing working the way you want it...


                                                                                              Kryptonite

                                                                                                Topic Starter


                                                                                                Intermediate

                                                                                              • It's not hard to tell where MY head is at
                                                                                              • Thanked: 2
                                                                                                Re: Installing Spybot ( other programs without internet access? )
                                                                                                « Reply #70 on: August 17, 2008, 04:35:57 AM »
                                                                                                Hey Savior,

                                                                                                To be honest with you i didn't think that i could get ANYTHING from HP after the warranty expired and now that it is in a second owners hands.

                                                                                                Perhaps it is patience that EF and i are exercising doing this long process of "recovery" and in another post way back in the thread somewhere i mentioned to him that his willingness to stick this out with me rubs off in making me want to help others wherever i can. If i have anything worthwhile to say to someone in need here i would jump in in a heartbeat. That said, most of the real serious computer people on this board are so much more advanced than i am that i hesitate each time i think i may know the answer to someones problem. But may i add that with this thread and with many of the ones that i read here i know that i'm learning things i didn't know before or in some cases forgot.
                                                                                                One more thing about contacting HP; talk about patience!!! i'd rather live with many of the things that go wrong with an HP/Compaq computer than to call them and have to put up with all the crap that comes from outsourcing tech support. In the last several years the only other company that i've dealt with is Dell. That experience was a pleasant surprise with an Indian man calling me back every so often giving me enough time to perform whatever task or operation he told me to do. When he was done i asked to speak with his supervisor and gave the man kudos for a job well done. How rare is that??
                                                                                                But here on computerhope we have EF who i see helps many people and always takes the time to explain every move. That's a quality we all can use more of and practice a little more as well.

                                                                                                Thanks for the thought and comments. Maybe now that this beast is working well i could write to HP and ask for the recovery CD or DVD.
                                                                                                Isn't my "D" drive in essence a recovery ( ? not sure what to call it; a disc? ) And if it is, couldn't i make a copy of it to CD or DVD just incase the hard drive dies? Is making an image of it ie Ghost or Acronus also called " a copy ".
                                                                                                The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                                                stevejohnson1958

                                                                                                • Guest
                                                                                                Re: Installing Spybot ( other programs without internet access? )
                                                                                                « Reply #71 on: August 17, 2008, 05:23:25 AM »
                                                                                                Kryptonite...

                                                                                                I applaud anyone's efforts to help a fellow computer user in need.  I just would've went about it in a different way.  However...now that the computer is running the way it should...there's no need.

                                                                                                Making a ghost image of the drive is your best bet...however, you may also want to look into the cost of the recovery software...just in case there's something askew on the drive or within the recovery partition.

                                                                                                BTW...jump in whenever you want to add your 2 cents worth...I do. ;D

                                                                                                Carbon Dudeoxide

                                                                                                • Global Moderator

                                                                                                • Mastermind
                                                                                                • Thanked: 169
                                                                                                  • Yes
                                                                                                  • Yes
                                                                                                  • Yes
                                                                                                • Certifications: List
                                                                                                • Experience: Guru
                                                                                                • OS: Mac OS
                                                                                                Re: Installing Spybot ( other programs without internet access? )
                                                                                                « Reply #72 on: August 17, 2008, 05:49:42 AM »
                                                                                                Quote
                                                                                                BTW...jump in whenever you want to add your 2 cents worth...I do.
                                                                                                And you do it well, my friend.  ;)

                                                                                                evilfantasy

                                                                                                • Malware Removal Specialist
                                                                                                • Moderator


                                                                                                • Genius
                                                                                                • Calm like a bomb
                                                                                                • Thanked: 493
                                                                                                • Experience: Experienced
                                                                                                • OS: Windows 11
                                                                                                Re: Installing Spybot ( other programs without internet access? )
                                                                                                « Reply #73 on: August 17, 2008, 10:11:06 AM »
                                                                                                Quote
                                                                                                On that HP that we've been working on i looked for driver updates for the ATI Radeon xpress 200 series on the ATI page and can't seem to find one.

                                                                                                If you can't find it from the manufacturers page then it probably isn't needed.

                                                                                                Quote
                                                                                                Been told that i should use a heat conductor to help carry the heat away from the processor. The room is cool and the computer hasn't been on that long at a time. What should i use to bind the fan to the processor and where do i find it?

                                                                                                Ask this in the Hardware forum. I'm not the one :-\


                                                                                                Kryptonite

                                                                                                  Topic Starter


                                                                                                  Intermediate

                                                                                                • It's not hard to tell where MY head is at
                                                                                                • Thanked: 2
                                                                                                  Re: Installing Spybot ( other programs without internet access? )
                                                                                                  « Reply #74 on: August 18, 2008, 01:10:42 PM »
                                                                                                  Posted about the video card over in hardware and CD suggested that i wait until we were done with the maleware stuff. i told him i thought that we were done and that i've been downloading the MS updates...haven't done SP3 yet however.
                                                                                                  The best sayings that sum me up in a nut shell depends on the obvious which more often than not is obscured by the talk of the day which sounds a lot like  gnat-thing.

                                                                                                  evilfantasy

                                                                                                  • Malware Removal Specialist
                                                                                                  • Moderator


                                                                                                  • Genius
                                                                                                  • Calm like a bomb
                                                                                                  • Thanked: 493
                                                                                                  • Experience: Experienced
                                                                                                  • OS: Windows 11
                                                                                                  Re: Installing Spybot ( other programs without internet access? )
                                                                                                  « Reply #75 on: August 18, 2008, 01:13:51 PM »
                                                                                                  Yep, were done here.