Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WINDOWS XP


  • This topic is locked This topic is locked
7 replies to this topic

#1 nonna

nonna

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:11:08 PM

Posted 22 May 2009 - 10:26 PM

Hello

Can someone please read this at tell me what I have to do to correct this.

I have got absolutely no idea where the Zango Toolbar is (I never download Toolbars), I have no idea where My Web Search/Fun Web Products is. The Casino one is showing Titan Poker. My husband plays poker and Titan Poker was a recommendation from sundavis as a trusted site. Bleepingcomputer.com comes up in the Tracking Cookies??????

What does it all mean, my head is spinning!!!

Cheers

Nonna


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/23/2009 at 11:38 AM

Application Version : 4.26.1002

Core Rules Database Version : 3906
Trace Rules Database Version: 1851

Scan type : Complete Scan
Total Scan Time : 01:45:00

Memory items scanned : 391
Memory threats detected : 0
Registry items scanned : 6376
Registry threats detected : 37
File items scanned : 43553
File threats detected : 31

Trojan.SafeSearch
HKLM\Software\Classes\CLSID\{00000000-0000-0000-0000-000000000001}
HKCR\CLSID\{00000000-0000-0000-0000-000000000001}
HKCR\CLSID\{00000000-0000-0000-0000-000000000001}\InprocServer32

Adware.Zearching Bar
HKLM\Software\Classes\CLSID\{5B2CCE61-46CE-11d8-8734-0050FCF57E49}
HKCR\CLSID\{5B2CCE61-46CE-11D8-8734-0050FCF57E49}
HKCR\CLSID\{5B2CCE61-46CE-11D8-8734-0050FCF57E49}
HKCR\CLSID\{5B2CCE61-46CE-11D8-8734-0050FCF57E49}\Implemented Categories
HKCR\CLSID\{5B2CCE61-46CE-11D8-8734-0050FCF57E49}\Implemented Categories\{00365530-0358-000A-BCFF-06004F363600}
HKCR\CLSID\{5B2CCE61-46CE-11D8-8734-0050FCF57E49}\InprocServer32
HKCR\CLSID\{5B2CCE61-46CE-11D8-8734-0050FCF57E49}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\ZEARCHING BAR\ZEARCHING.DLL

Adware.Tracking Cookie
C:\Documents and Settings\The Family\Cookies\the_family@apmebf[1].txt
C:\Documents and Settings\The Family\Cookies\the_family@richmedia.yahoo[1].txt
C:\Documents and Settings\The Family\Cookies\the_family@doubleclick[1].txt
C:\Documents and Settings\The Family\Cookies\the_family@www.jackpotmadness[1].txt
C:\Documents and Settings\The Family\Cookies\the_family@ads.bleepingcomputer[1].txt
C:\Documents and Settings\The Family\Cookies\the_family@casalemedia[2].txt
C:\Documents and Settings\The Family\Cookies\the_family@ad.yieldmanager[2].txt
C:\Documents and Settings\The Family\Cookies\the_family@mediaplex[1].txt
C:\Documents and Settings\The Family\Cookies\the_family@imrworldwide[2].txt
C:\Documents and Settings\The Family\Cookies\the_family@atdmt[1].txt
C:\Documents and Settings\The Family\Cookies\the_family@serving-sys[1].txt
C:\Documents and Settings\The Family\Cookies\the_family@overture[1].txt
C:\Documents and Settings\The Family\Cookies\the_family@optimize.indieclick[2].txt
C:\Documents and Settings\The Family\Cookies\the_family@revsci[2].txt
C:\Documents and Settings\The Family\Cookies\the_family@bs.serving-sys[1].txt
C:\Documents and Settings\The Family\Cookies\the_family@zedo[2].txt
C:\Documents and Settings\The Family\Cookies\the_family@c7.zedo[2].txt
C:\Documents and Settings\The Family\Cookies\the_family@bluestreak[1].txt
C:\Documents and Settings\The Family\Cookies\the_family@chitika[1].txt
C:\Documents and Settings\The Family\Cookies\the_family@tribalfusion[2].txt

Adware.MyWebSearch/FunWebProducts
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs

Adware.Zango Toolbar/Hb
HKCR\Wallpaper.WallpaperManager
HKCR\Wallpaper.WallpaperManager\CLSID
HKCR\Wallpaper.WallpaperManager\CurVer
HKCR\Wallpaper.WallpaperManager.1
HKCR\Wallpaper.WallpaperManager.1\CLSID
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\InprocServer32
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\InprocServer32#ThreadingModel
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\ProgID
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\Programmable
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\TypeLib
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\VersionIndependentProgID
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\0
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\0\win32
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\FLAGS
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\HELPDIR
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid32
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\TypeLib
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\TypeLib#Version

Adware.Casino Games (Golden Palace Casino)
C:\POKER\TITAN POKER\CASINO.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\TITAN POKER.LNK
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\TITAN POKER\TITAN POKER.LNK
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\TITAN POKER.LNK
C:\DOCUMENTS AND SETTINGS\THE FAMILY\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\TITAN POKER.LNK
C:\RECYCLER\S-1-5-21-1814616581-2676444888-2827595370-1015\DC33.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{042D39A8-240C-47BE-B9D3-CDCA648F89F5}\RP1474\A0777603.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{042D39A8-240C-47BE-B9D3-CDCA648F89F5}\RP1474\A0777604.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{042D39A8-240C-47BE-B9D3-CDCA648F89F5}\RP1474\A0777649.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{042D39A8-240C-47BE-B9D3-CDCA648F89F5}\RP1475\A0777741.LNK

BC AdBot (Login to Remove)

 


#2 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 23 May 2009 - 08:40 AM

Tracking cookies are harmless. Almost all sites use them.

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.

  • Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

    Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

    If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..
  • Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.

~ Courtesy of boopme

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here or here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Please include the following in your reply:
MBAM log

#3 nonna

nonna
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:11:08 PM

Posted 24 May 2009 - 04:40 AM

Hello xblindx,

Thanks for responding.

Actually I had no problem downloading and installing from your link (maybe that's a good sign that you will be able to help me).

I say that because there were a couple of problems that followed.

I ran the scan - no problems.

I went to remove and after the removal the following message:

C:\DocumentsandSettings\TheFamily\ApplicationData\Malwarebytes\Malwarebytes'Anti-Malware\Logs\Mbam-log-2009-05-24 (18-34-06).txt

This action is only valid for products that are currently installed.

OK

I then went into the logs tab clicked on the log and got the following message:

Certain items could not be removed! The first few are listed below. All items that could not be
removed have been added to the delete on reboot list. Please restart your computer now.
A logfile was saved to the Log folder.

HKEY_CLASSES_ROOT\CLSID\-(8109fd3d-d891-4f80-8339-50a4913ace6f)
HKEY_CLASSES_ROOT\CLSID\-(147a976f-eee1-4377-8ea7-4716e4cdd239)
HKEY_CLASSES_ROOT\CLSID\-(a4730ebe-43a6-443e-9776-36915d323ad3)
HKEY_CLASSES_ROOT\CLSID\-(00000000-0000-0000-0000-000000000001)
HKEY_CLASSES_ROOT\Typelib\-(5937cd7f-1c06-41e1-9075-60ebdf3c7d34)

Your computer needs to be restarted to complete removal process. Would you like to continue?

YES NO


One thing I did notice was that there were 7 threats and they were the same threats that were in the SuperAntiSpyware report above. I supposedly removed them with that software yesterday with no error messages but here they are again in this report.

Thanks for taking the time xblindx to help me I really do appreciate it.


Cheers

Nonna

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 AM

Posted 24 May 2009 - 09:31 PM

Do to the nature of your infection., And I dont want to watch you waste time.

We need to run HJT/DDS.
Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis.
Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant
Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 nonna

nonna
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:11:08 PM

Posted 25 May 2009 - 01:53 AM

thanks boopme

you have given me a lot to do, this could take me a while.

many thanks, i will let you know how i go.

Cheers

nonna

#6 nonna

nonna
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:11:08 PM

Posted 25 May 2009 - 02:31 AM

Hi Boopme

Ok, I know I need help but I honestly can't buy all these cleaners and repairers.

There advertised as free scans, given that's what they do and then you have to pay to fix the problems.

Can you please just let me know what I need to clean and fix this computer and if I have to purchase them can you let me know what I need to purchase. I am getting advice for different names but they seem to do the same thing.

I hope I am making sense to you because I am not a real computer orientated person and I seem to be doing a lot but getting no-where. I am scanning and removing and I scan again with different software and the problems are still there. I feel like I am going around and around in circles and causing more and more problems.

Now I can't even do a system restore and I've lost my help and support, it's lost the helpctr.exe. I have error messages popping up all the time.

I just want to start all over again.

Please help me.

Cheers

Nonna

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 AM

Posted 25 May 2009 - 03:42 PM

Everything we want you to do is free, Please do steps 6 and 7,thank you.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,946 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:38 AM

Posted 26 May 2009 - 01:17 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/229406/windows-xp-hjtdds-logs/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users