Jump to content

Legacy

Members
  • Posts

    30
  • Joined

  • Last visited

Everything posted by Legacy

  1. Yes, right after I had to choose the language for it. Anyways, I guess you can close this because I restored to my last point (which was extremely fast, I thought it would take ages) and it worked. I'm running scans now, but thanks anyway. I'm going to create a new restore point today.
  2. Wait a minute. I can't rename it if it's not in my files right? Earlier in the thread rubber ducky told me to uninstall mbam and redownload ver. 1.18 and I did. When I tried downloading it again it had the error 5 message. So is it still possible that I can rename it?? I'm confused. Anyway, this is my family computer but only 3 people use this computer, me, my brother, and his girlfriend. I'm going to see if I can go to my last restore point.
  3. Yes, it happens when I try to install things. When you say operating system do you mean computer? This is a Windows XP Home ed., Ver. 2002, with service pack 3. How do I rename mbam-setup.exe?
  4. I would if I could Every time I try to download it, when it comes up with the message, all it allows is you to click OK. Nothing else. And the computer is running fine now, It was running slow yesterday probably because I had to many programs running.
  5. It says the same thing. Aah! What's going on? For some reason, now, the computer is running at 2 mph.. Edit: Ok, honestly I'm getting tired of this. I'm seriously running videos at dial-up speed now. Wtf. Should I just restore to my last restore point or whatever it's called?
  6. First it was the blue desktop and bugs screensaver, then a minor problem, now this. I tried running a scan with Mbam one day and when I updated it it came up with a message saying: Unable to create a temporary file. Setup aborted. Error 5: Access is denied. I am running administrator, so what's the problem?
  7. I don't think so because there's others in my house who use Myspace. The world may never know...
  8. Thanks guys. :] Your smartnessy helped me :-D
  9. When I try to save it it says: "Cannot create the C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS file. Make sure that the path and filename are correct."
  10. Yeah that's what I'm scared of. I'd be an idiot if I was already infected to so quickly, lol. I ran the things you wanted me to do and I don't know what you want me to do with them. But, when I opened %SYSTEMROOT%\SYSTEM32\DRIVERS\ETC\HOSTS I found myspace.com and www.myspace.com. I also found fake (innappropiate) ones like: Forums.myspace.com collect.myspace.com lads.myspace.com x.myspace.com
  11. Hey, I'm having a problem (again) but this is only minor. I'm not sure when it happened, but for some reason Myspace may be being blocked. I think it might be an Anti-virus, malware, etc. program I have downloaded on my computer. Here's the list: Malwarebytes anti-malware Hijack this! Ad-aware Spybot:Search and Destroy WinPatrol Avast! Antivirus Ad-Watch Combofix Spyware Blaster Online Armor I tried searching through these but I don't know how to manage sites I'm allowed to go to. I think it might be from Online Armor, but I'm not entirely sure.
  12. Well, I guess that's it? Man, thanks so much, I seriously don't know what to say. If I could, I would buy your Mbam full product, but unfortunately, I'm only 14 and I don't have a job, meaning, I don't always have a crapload of money on me Well, thanks man. If I seen you in real life, I'd totally make out with you.
  13. Malwarebytes' Anti-Malware 1.17 Database version: 856 11:31:12 PM 6/14/2008 mbam-log-6-14-2008 (23-31-12).txt Scan type: Quick Scan Objects scanned: 36880 Time elapsed: 6 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:33:54 PM, on 6/14/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\QuickTime\bak\qttask.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R3 - URLSearchHook: (no name) - {a5066406-348e-475e-9268-1d302b00c504} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {a5066406-348e-475e-9268-1d302b00c504} - (no file) O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0330Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0330Cvw.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OneNote Table Of Contents.onetoc2 O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 8858 bytes O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) || doesn't want to seem to leave||
  14. Ok, but it'll take time, I'm going off to my cousins house right now, I'll probably be back at 9:00 PM EST. While I'm gone, I'm going to let the computer update, ok?
  15. Sals realm toolbar is of course, a toolbar of one of my ex-favorite websites. I'll delete it, seeing as I don't use it anymore. Also, how do I update my windows system?
  16. Well, seems to me, after the Mbam scan, that I'm clean. Yesterday night, (well actually this morning, considering it was 2 AM.) I ran an Mbam scan and it said I was clean (at top) this morning I ran another and once again, said I was clean. But, I'm not entirely sure. I'm not an expert like you are
  17. 'ere ya go. Malwarebytes' Anti-Malware 1.17 Database version: 854 11:37:15 PM 6/13/2008 mbam-log-6-13-2008 (23-37-15).txt Scan type: Full Scan (A:\|C:\|D:\|E:\|) Objects scanned: 84039 Time elapsed: 28 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:50:23 PM, on 6/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\QuickTime\bak\qttask.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R3 - URLSearchHook: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0330Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0330Cvw.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [lphc5skj0ee89] C:\WINDOWS\system32\lphc5skj0ee89.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OneNote Table Of Contents.onetoc2 O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) -- End of file - 8932 bytes
  18. I understand. We're all human, but I admit, I was getting a little impatient. But you might be to, I haven't been the best patient myself. I'll do a full MBAM scan, my friend.
  19. Erm, bump? Am I allowed to do that? Anyways, to late I guess, eh? Got back from the shower and deleted 4 files from quick scan on adaware. Doing full scan and already found 9 files. Also, what exactly is a 'tracking cookie'? What can they do? Do I still have the key logger? Is my system good now?
  20. Malwarebytes' Anti-Malware 1.17 Database version: 854 5:40:10 PM 6/13/2008 mbam-log-6-13-2008 (17-40-10).txt Scan type: Quick Scan Objects scanned: 36833 Time elapsed: 5 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:43:17 PM, on 6/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\QuickTime\bak\qttask.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R3 - URLSearchHook: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0330Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0330Cvw.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [lphc5skj0ee89] C:\WINDOWS\system32\lphc5skj0ee89.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OneNote Table Of Contents.onetoc2 O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) -- End of file - 8944 bytes O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) This file doesn't seem to want to delete. Edit: I don't still have that keylogger, do I? Edit2: I went to go eat some food because I'm mighty hungry (I'm so full now ) and before I went off to the kitchen, I decided to run a full scan with Mbam. I found 9 infected files and had them deleted ;D. Edit3: Gonna go walking, need excercise. Edit4: Back. Edit5: Gonna go take a shower. BBS.
  21. Oh, my mistake Well, here ya go. It looks like the files weren't deleted but I swear I pressed the Fix checked button! What's happening? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:02:49 PM, on 6/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\QuickTime\bak\qttask.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R3 - URLSearchHook: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0330Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0330Cvw.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [lphc5skj0ee89] C:\WINDOWS\system32\lphc5skj0ee89.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OneNote Table Of Contents.onetoc2 O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) -- End of file - 8772 bytes Malwarebytes' Anti-Malware 1.17 Database version: 854 4:06:03 PM 6/13/2008 mbam-log-6-13-2008 (16-06-03).txt Scan type: Quick Scan Objects scanned: 36907 Time elapsed: 9 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 65 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\124.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\130.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\133.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\13C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\13F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\151.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\157.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\15A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\15D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\172.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\195.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1A0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1A3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1A6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1A7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1A9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1B0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1B3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1B6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1B9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1BC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1BF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1C2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1C5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1C8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1CB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1CE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1D1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1D4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\2F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\blphc5skj0ee89.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\100.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\103.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\104.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\106.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\107.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\109.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\11B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\11E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\121.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\123.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\126.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\127.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\12A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\12D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\136.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\139.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\142.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\145.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\148.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\14B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\14E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\154.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\160.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\163.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\166.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\169.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\16C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\16F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\EC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\EF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\F4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\F7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\FA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\FD.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. Also, do you know how to make Mozilla Firefox my default browser?
  22. I didn't delete them? I could've sworn I did. Morning thing, then, eh? Will do now. Well, all I can do now is say thank you! I really appreciate how you took your time to fix my computer, considering your in Montana and I'm in Florida and I don't even KNOW you! I hope my machine will be clean soon and I'll be scanning regularly. I'll fix those files and take action in my mbam scan (which I recommend for everyone to use.) Also, I just want to know, do I still have that keylogger?
  23. Malwarebytes' Anti-Malware 1.17 Database version: 853 2:32:00 PM 6/13/2008 mbam-log-6-13-2008 (14-31-56).txt Scan type: Quick Scan Objects scanned: 36870 Time elapsed: 7 minute(s), 39 second(s) Memory Processes Infected: 1 Memory Modules Infected: 5 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 13 Files Infected: 63 Memory Processes Infected: C:\Program Files\shc3skj0ee89\shc3skj0ee89.exe (Rogue.MalwareProtector2008) -> No action taken. Memory Modules Infected: C:\Program Files\shc3skj0ee89\MFC71.dll (Rogue.MalwareProtector2008) -> No action taken. C:\Program Files\shc3skj0ee89\MFC71ENU.DLL (Rogue.MalwareProtector2008) -> No action taken. C:\Program Files\shc3skj0ee89\msvcp71.dll (Rogue.MalwareProtector2008) -> No action taken. C:\Program Files\shc3skj0ee89\msvcr71.dll (Rogue.MalwareProtector2008) -> No action taken. C:\Program Files\shc3skj0ee89\shc3skj0ee89Skin.dll (Rogue.MalwareProtector2008) -> No action taken. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SMshc3skj0ee89 (Rogue.MalwareProtector2008) -> No action taken. Registry Data Items Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: C:\Program Files\shc3skj0ee89 (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008 (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89 (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Autorun (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\BrowserObjects (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Packages (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Autorun\HKCU (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Autorun\HKLM (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Autorun\StartMenuAllUsers (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Autorun\StartMenuCurrentUser (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Autorun\HKCU\RunOnce (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Autorun\HKLM\RunOnce (Rogue.MalwareProtector2008) -> No action taken. Files Infected: C:\WINDOWS\system32\10A.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\10C.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\10E.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\10F.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\111.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\112.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\114.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\115.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\117.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\118.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\11A.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\11F.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\1AA.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\1AD.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\1FD.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\201.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\270.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\68.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\6E.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\75.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\7A.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\7D.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\84.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\8B.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\A4.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\A9.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\B1.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\B5.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\BB.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\blphc5skj0ee89.scr (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\C2.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\C9.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\CD.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\D0.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\D3.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\D8.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\DE.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\E3.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\E6.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\E9.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\ED.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\F2.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\F9.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\FF.tmp (Trojan.FakeAlert) -> No action taken. C:\Program Files\shc3skj0ee89\database.dat (Rogue.MalwareProtector2008) -> No action taken. C:\Program Files\shc3skj0ee89\license.txt (Rogue.MalwareProtector2008) -> No action taken. C:\Program Files\shc3skj0ee89\MFC71.dll (Rogue.MalwareProtector2008) -> No action taken. C:\Program Files\shc3skj0ee89\MFC71ENU.DLL (Rogue.MalwareProtector2008) -> No action taken. C:\Program Files\shc3skj0ee89\msvcp71.dll (Rogue.MalwareProtector2008) -> No action taken. C:\Program Files\shc3skj0ee89\msvcr71.dll (Rogue.MalwareProtector2008) -> No action taken. C:\Program Files\shc3skj0ee89\shc3skj0ee89.exe (Rogue.MalwareProtector2008) -> No action taken. C:\Program Files\shc3skj0ee89\shc3skj0ee89.exe.local (Rogue.MalwareProtector2008) -> No action taken. C:\Program Files\shc3skj0ee89\shc3skj0ee89Skin.dll (Rogue.MalwareProtector2008) -> No action taken. C:\Program Files\shc3skj0ee89\Uninstall.exe (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\Carlos\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken. C:\Documents and Settings\Carlos\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Carlos\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:42:32 PM, on 6/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\QuickTime\bak\qttask.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R3 - URLSearchHook: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0330Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0330Cvw.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [lphc5skj0ee89] C:\WINDOWS\system32\lphc5skj0ee89.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OneNote Table Of Contents.onetoc2 O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) -- End of file - 9986 bytes There we go. Malware Protector 08 seems to have ran away . I can change my desktop and screen saver now but I'm reluctant because, on my backgroudn options the pch5skj0ee89 file is still present. But the thing is, with that file, I no longer have the Yellow and blue background saying I have spyware, it's just all blue. Also, do I delete the folders I uploaded to malware bytes.org? Edit:NVM.
  24. Ok, but I might have to upload 3 files, because the first folder you told me to ZIP is to large. Ok, I uploaded the files, attempting a reboot. Also, do you want me to delete the original folders and ZIP files now that I uploaded them? Also, do you want me to quickscan? Or full?
  25. Wow, that's lots of files. Also, it won't let me move the files in the Downloaded Program Files folder, they just stay there and don't move at all. Also, my brother said the CDs won't be able to fix, because we once had changed our motherboard. Also, after I uploaded the folders what do you want me to do with them? EDIT: I tried uploading the ZIP file twice but it keeps saying an error has occured. EDIT2: I see, the filesize is 3.34 MB. Do you want me to upload it into 2 seperate folders?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.