sarahw

Hi, Can you please read the following tutorial on the sony rootkit. http://www.bleepingcomputer.com/forums/topic34904.html Try those instructions. If you have any problems, don't hesitate to ask me. Once you have followed these steps, post another Hijack This log.

Acrobat.com Acrobat.com Adobe AIR Adobe AIR Adobe Flash Player ActiveX Adobe Reader 9 Al Roker Vs. Star Jones Boxing by Outerinfo Apple Mobile Device Support Apple Software Update Bonjour FlashGet 1.9.6.1073 Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Hijackthis 1.99.1 HijackThis 2.0.2 Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) InCtrl5 iTunes Java 6 Update 7 Malwarebytes' Anti-Malware Matrix-ks Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs MWGuide

I havn't has the computer on so I havn't noticed any other problems

Hi, How is the computer running?

I cannot access Virustotal on this machine. But here are the results: I'm still waiting for the results on beep.sys The others didn't exist

ComboFix 08-09-27.06 - Family Computer 2008-10-05 15:03:31.11 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.734 [GMT -7:00] Running from: C:\Documents and Settings\Family Computer\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Family Computer\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\Family Computer\Desktop\New Folder\winstrse.exe C:\WINDOWS\Installer\{d2ad16e3-fa3a-4c0b-9b24-22018764cc8b}\zip.dll C:\WINDOWS\system32\papdfim.dll C:\

Malwarebytes' Anti-Malware 1.28 Database version: 1227 Windows 5.1.2600 Service Pack 2 2008-10-05 08:19:45 mbam-log-2008-10-05 (08-19-45).txt Scan type: Full Scan (C:\|) Objects scanned: 51230 Time elapsed: 12 minute(s), 39 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 395 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values In

I'm using 2.3.4 The changes in from .4 to .5 I think was security and the signatures in personal profiles. From .5 to .6 where just the reCaptcha. But with the large jump you did I'm sure everything got overwritten somewhere. I couldn't think of any reason why it wouldn't work with 2.3.5 and 2.3.6. Nobody else seems to have mentioned it yet. By the way, CommunitySEO has released a free mod that will not allow anyone to post a URL for the first X posts. The bot's php script will not be able to post it and the account will be deleted. Unformtunatly this will also apply to members. So can't real

Can you please post another Hijack This log.

Hi, What does it mean: WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!? Here are the Combofix and SAS logs in Safe Mode: ComboFix 08-09-28.03 - Administrator 2008-10-04 16:33:39.10 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.854 [GMT -7:00] Running from: C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\St

I use FURL that Phil modified for Lighttpd, Community SEO is what 247fixes uses, seems pretty good as far as options go, but it's another expense on top of servers and etc. Can'tremember if it worked on Lighttpd, I'm sure it does.

1. Updating Java and Clearing Cache Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel. It will say "Java Plug-in" under the icon. Please find the update button or tab in the Java Control Panel. Update your Java then reboot. If you are unable to update you can manually update by going here:http://www.java.com/en/download/manual.jsp [*]After the reboot, go back into the Control Panel and double-click the Java Icon. [*]Under Temporary Internet Files, click the Delete Files button. [*]There are three options in the window to clear the cache - Leave AL

Hi, The problem with the laptop is as you said. My Web Search is easily downloaded and fairly innocuous; mostly an annoyance doubleclick is advertising found on most sites like this one. (It’s the only way most sites can generate revenue) We can remove that now. 1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below: R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.doubleclick.net/clk;66028928;553...asp?mic=g213n70 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Fil

Hi, Welcome to the site I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I want you to show hidden files. There are instructions HERE to help you do this. You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time. Please dont use any of the tools without specific instructions. Some of them are dangerous (and

Hi, Welcome to the site I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I want you to show hidden files. There are instructions HERE to help you do this. You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time. Please dont use any of the tools without specific instructions. Some of them are dangerous (and

Hi, I feel that we are going in circles with the same stuff. Can't we actually fix it instead of running programs?

I'm not familiar with Firefox or its settings, but a reinstall is the quickest fix for any problems caused by Malware. Click HERE and run the F-Secure Online Scanner Note: This Scanner is for Internet Explorer Only! Follow the Instruction HERE for installation. Accept the License Agreement. Once the ActiveX installs,Click Full System Scan Once the download completes,the scan will begin automatically. The scan will take some time to finish,so please be patient. When the scan completes, click the Automatic cleaning (recommended) button. Click the Show Report button and Copy&Paste the entire

Hi, You will not loose personal Files when you do a System Restore. If you do, you;d be the first. BUT I'm not asking you to restore your computer to an earlier date.... Your System Restore cache is corrupted, so you will not be able to restore it! Malware Hides in there and when its removed it's no longer usable. You need to turn it off, then back on. This will delete old Restore Points, then create a new one. This new Restore Point will be clean of Malware if you have a techical problem in the future you can restore your system files to the current settings. Follow the last 3 instructions a

Its a bot spammer. They are on every IPB forum at the moment.

SDFix: Version 1.230 Run by Administrator on 2008-10-02 at 01:54 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Restoring Missing SharedAccess Service Rebooting Checking Files : Trojan Files Found: C:\A1.TMP - Deleted C:\A2.TMP - Deleted C:\A3.TMP - Deleted C:\A4.TMP - Deleted C:\AB.TMP - Deleted C:\AF.TMP - Deleted C:\Documents and Settings\All Users\Documents\Settings\partnership.dll - Deleted C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe - Deleted C:\Documents

1. Your System Restore Cache will now be corrupted! Turning off system Restore will delete all old restore points. Turning it back on will create a new fresh one that is safe to work from in the future. Right click My Computer and select Properties. Select the System Restore Tab. Place a tick next to Turn off System Restore Click Apply. Unselect Turn off System Restore. Click Apply. 2. Click Start, Programs, Accesories, System Tools, then open Disk Cleanup. Follow the prompts. 3. Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to i

Hi, Launch Malwarebytes' Anti-Malware. Click the Logs tab. Double-click log-mm.dd.yyyy [xxxxxx].txt. (the date of the scan) In your next reply post the Malwarebytes' Anti-Malware log.

I thought I recognised your name I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I want you to show hidden files. There are instructions HERE to help you do this. You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time. Please dont use any of the tools without specific instructions. Some of them are dan

I am still getting popups saying I am infected. I followed your instructions but couldn't run the scan in safe mode, I would click it and it did nothing. There is also some half naked woman dancing on the screen, I dont want this and cannot let the kids see it I dont remember installing it, how do I get rid of it? Here is the log from normal mode: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/01/2008 at 00:04 AM Application Version : 4.21.1004 Core Rules Database Version : 3582 Trace Rules Database Version: 1570 Scan type : Complete Scan Total Scan Time : 00:11: