Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

Problem with sons computer -hijackthis log enclosed-

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Problem with sons computer -hijackthis log enclosed-

Old 03-25-06, 05:09 PM
  #1  
DVD Talk Hero
Thread Starter
 
Join Date: Dec 2000
Location: Home again, Big D
Posts: 29,215
Likes: 0
Received 2 Likes on 2 Posts
Problem with sons computer -hijackthis log enclosed-

I cannot seem to clean up my son's computer. I have done all the "normal" stuff and still getting slammed with popups, etc. Took me several hours this morning running in safe mode and using spybot & adaware, to just get where I can post without the computer freaking out! My initial scan was over 600 items!

Anyway, here is the hijackthis log, any help would be appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 4:04:03 PM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\onhbsqe.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\AOL\1136077003\ee\AOLSoftware.exe
C:\WINDOWS\system32\svhssaaa.exe
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\mousepad5.exe
C:\windows\rlvknlg.exe
C:\WINDOWS\system32\1D1C1F24232327.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\sys01310745731.exe
C:\WINDOWS\win3209131074573.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\onhbsqeA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\Program Files\Messenger\msmsgs.exe
c:\windows\system32\rmdsregp.exe
C:\WINDOWS\system32\srshost.exe
c:\program files\common files\aol\1136077003\ee\aim6.exe
C:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\lwinnsag.exe
C:\WINDOWS\ABox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUME~1\FREDDA~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Load Functions] c:\windows\system32\kikl\kolder.exe c:\windows\system32\kikl\dirote.exe
O4 - HKLM\..\Run: [LonPS2] c:\windows\system32\opzdf\repcale.exe c:\windows\system32\opzdf\palsp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136077003\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Microsoft Windows System] svhssaaa.exe
O4 - HKLM\..\Run: [cvIdPaC] C:\WINDOWS\mhmydquj.exe
O4 - HKLM\..\Run: [cv/)Nb9C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mhmydquj.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnserve.exe
O4 - HKLM\..\Run: [Microsoft Winsock] svchosts.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [InternetShield] C:\PROGRA~1\INTERN~3\InternetShield.exe -CheckStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\rlvknlg.exe -boot
O4 - HKLM\..\Run: [6766696E6D6D716B] 1D1C1F24232327.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [sys01310745731] C:\WINDOWS\sys01310745731.exe
O4 - HKLM\..\Run: [win3209131074573] C:\WINDOWS\win3209131074573.exe
O4 - HKLM\..\Run: [onhbsqeA] C:\WINDOWS\onhbsqeA.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [{00-0A-A0-0D-ZN}] c:\windows\system32\rmdsregp.exe CORN001
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\lwinnsag.exe CORN001
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\RunServices: [Load Functions] c:\windows\system32\kikl\kolder.exe c:\windows\system32\kikl\dirote.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] svhssaaa.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnserve.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000166.exe
O4 - HKCU\..\Run: [Load Functions] c:\windows\system32\kikl\kolder.exe c:\windows\system32\kikl\dirote.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [DHaxi.exe] C:\WINDOWS\system32\DHaxi.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunServices: [Load Functions] c:\windows\system32\kikl\kolder.exe c:\windows\system32\kikl\dirote.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\lwinnsag.exe
O4 - Global Startup: MA101 Configuration Utility .lnk = ?
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: IESideBar - {DFEFF09F-785E-4191-8E5D-A7650A1C4F9A} - shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: IESideBar - {DFEFF09F-785E-4191-8E5D-A7650A1C4F9A} - shdocvw.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137463935015
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} - http://plugin.secureservicepack.com/...ervicepack.cab
O20 - AppInit_DLLs: repairs303169563.dll,cmstart.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\lv4o09h3e.dll (file missing)
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\i2jq0c15ef.dll (file missing)
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\j2l40c3qef.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJlZCBEYWxsYWw\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\onhbsqe.exe
Old 03-25-06, 05:53 PM
  #2  
DVD Talk Legend
 
Join Date: Apr 2002
Posts: 20,726
Likes: 0
Received 0 Likes on 0 Posts
http://www.hijackthis.de/en

The results look pretty bad. It probably really would be just quicker to backup everything and format and re-install.
Old 03-26-06, 12:50 AM
  #3  
DVD Talk Hero
Thread Starter
 
Join Date: Dec 2000
Location: Home again, Big D
Posts: 29,215
Likes: 0
Received 2 Likes on 2 Posts
Originally Posted by Ranger
http://www.hijackthis.de/en

The results look pretty bad. It probably really would be just quicker to backup everything and format and re-install.
Really? Bummer. Lots to back up on his computer, but guess it wouldn't be that hard. I should have his XP disc laying around as the computer had ME on it and I upgraded to XP last year.

Thanks for the link, I might mess around a little more. I'm no geek, know just enough to be dangerous, but reformating/re-install makes me a nervous.
Old 03-26-06, 10:27 AM
  #4  
DVD Talk Hero
Thread Starter
 
Join Date: Dec 2000
Location: Home again, Big D
Posts: 29,215
Likes: 0
Received 2 Likes on 2 Posts
Well assuming I do the back up and re-install, is this a good deal?

http://www.circuitcity.com/ssm/Seaga...arriage=befree

I have not had time to put together a large "network" drive, so thought I pick up this for some temp storage. I don't need something even this big for backing up my son's computer as he only has like a 30 gig hd. But prices for HD are so cheap, thought this would be useful "just have around".

His back up would be mainly pictures/iTunes/word documents.
Old 03-27-06, 01:23 PM
  #5  
DVD Talk Limited Edition
 
Join Date: Feb 2002
Location: On the penis chair
Posts: 5,169
Likes: 0
Received 0 Likes on 0 Posts
That's a load of mess you got there.

I agree with Ranger, it would be easier to back up and reformat than trying to clean the thing one by one. Fixing things with Hijackthis can be a little risky especially when there's a lot of malware installed like this case.

But in case you want to mess around, try to get something called winsockfix (iirc) first in case the spyware messes around with Windows network system. After you have the program handy (this is just for in case), you can try to fix these:

C:\WINDOWS\onhbsqe.exe

C:\windows\mousepad5.exe
C:\windows\rlvknlg.exe
C:\WINDOWS\system32\1D1C1F24232327.exe

C:\WINDOWS\sys01310745731.exe
C:\WINDOWS\win3209131074573.exe

C:\WINDOWS\onhbsqeA.exe

C:\Program Files\EQAdvice\EQAdvice.exe

C:\WINDOWS\system32\srshost.exe

C:\WINDOWS\system32\lwinnsag.exe
C:\WINDOWS\ABox.exe



R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll

O4 - HKLM\..\Run: [Load Functions] c:\windows\system32\kikl\kolder.exe c:\windows\system32\kikl\dirote.exe
O4 - HKLM\..\Run: [LonPS2] c:\windows\system32\opzdf\repcale.exe c:\windows\system32\opzdf\palsp.exe

O4 - HKLM\..\Run: [Microsoft Windows System] svhssaaa.exe
O4 - HKLM\..\Run: [cvIdPaC] C:\WINDOWS\mhmydquj.exe
O4 - HKLM\..\Run: [cv/)Nb9C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mhmydquj.exe

O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\rlvknlg.exe -boot
O4 - HKLM\..\Run: [6766696E6D6D716B] 1D1C1F24232327.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [sys01310745731] C:\WINDOWS\sys01310745731.exe
O4 - HKLM\..\Run: [win3209131074573] C:\WINDOWS\win3209131074573.exe
O4 - HKLM\..\Run: [onhbsqeA] C:\WINDOWS\onhbsqeA.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [{00-0A-A0-0D-ZN}] c:\windows\system32\rmdsregp.exe CORN001
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\lwinnsag.exe CORN001
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\RunServices: [Load Functions] c:\windows\system32\kikl\kolder.exe c:\windows\system32\kikl\dirote.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] svhssaaa.exe

O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000166.exe
O4 - HKCU\..\Run: [Load Functions] c:\windows\system32\kikl\kolder.exe c:\windows\system32\kikl\dirote.exe

O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [DHaxi.exe] C:\WINDOWS\system32\DHaxi.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunServices: [Load Functions] c:\windows\system32\kikl\kolder.exe c:\windows\system32\kikl\dirote.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\lwinnsag.exe

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)

O9 - Extra button: IESideBar - {DFEFF09F-785E-4191-8E5D-A7650A1C4F9A} - shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: IESideBar - {DFEFF09F-785E-4191-8E5D-A7650A1C4F9A} - shdocvw.dll (file missing)

O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\lv4o09h3e.dll (file missing)
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\i2jq0c15ef.dll (file missing)
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\j2l40c3qef.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJlZCBEYWxsYWw\command.exe (file missing)

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\onhbsqe.exe



I hope I don't miss anything.
Old 03-27-06, 03:15 PM
  #6  
DVD Talk Legend
 
Join Date: Apr 2002
Posts: 20,726
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by Sdallnct
Well assuming I do the back up and re-install, is this a good deal?

http://www.circuitcity.com/ssm/Seaga...arriage=befree

I have not had time to put together a large "network" drive, so thought I pick up this for some temp storage. I don't need something even this big for backing up my son's computer as he only has like a 30 gig hd. But prices for HD are so cheap, thought this would be useful "just have around".

His back up would be mainly pictures/iTunes/word documents.
That is a good deal.

I think this is a good deal too. Plextor External USB/Firewire DVD burner for $50 after $90 in rebates. Add a 10 or 25 pack of blank DVDs and that should be plenty for back-ups.
http://www.tigerdirect.com/applicati...Mkt8KGx8pL9k8w
Old 03-27-06, 03:30 PM
  #7  
DVD Talk Hero
Thread Starter
 
Join Date: Dec 2000
Location: Home again, Big D
Posts: 29,215
Likes: 0
Received 2 Likes on 2 Posts
Originally Posted by Ranger
That is a good deal.

I think this is a good deal too. Plextor External USB/Firewire DVD burner for $50 after $90 in rebates. Add a 10 or 25 pack of blank DVDs and that should be plenty for back-ups.
http://www.tigerdirect.com/applicati...Mkt8KGx8pL9k8w
Interesting, had not thought of buring to DVD. He does have a CD writer in his computer. Oh and I have a dvd writer in our office computer, but would it be a good idea to show his C drive as "shared" and back up to DVD with the office computer?
Old 03-27-06, 03:32 PM
  #8  
DVD Talk Hero
Thread Starter
 
Join Date: Dec 2000
Location: Home again, Big D
Posts: 29,215
Likes: 0
Received 2 Likes on 2 Posts
Originally Posted by eedoon
That's a load of mess you got there.

I agree with Ranger, it would be easier to back up and reformat than trying to clean the thing one by one. Fixing things with Hijackthis can be a little risky especially when there's a lot of malware installed like this case.

But in case you want to mess around, try to get something called winsockfix (iirc) first in case the spyware messes around with Windows network system. After you have the program handy (this is just for in case), you can try to fix these:




I hope I don't miss anything.
Thanks and just to confirm by "fix" you mean delete with highjackthis? Actually I have been messing with it and seem to be making some progress. I guess I need to look for the program you recommend just in case I have an issue.
Old 03-27-06, 03:42 PM
  #9  
DVD Talk Hall of Fame
 
Lateralus's Avatar
 
Join Date: Jun 2001
Location: Valley of Megiddo
Posts: 9,569
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by eedoon
:

I hope I don't miss anything.
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: hp://click.getmirar.com (HKLM)
O15 - Trusted Zone: hp://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: hp://redirect.mirarsearch.com (HKLM)

It's pretty bad when they get themselves in to your trusted zone. I agree with the rest, reimage and install good antivirus, spybot, windows defender, and spyware blaster and get your sons computer out of his room and in to a public space.
Old 03-27-06, 03:45 PM
  #10  
DVD Talk Legend
 
Join Date: Apr 2002
Posts: 20,726
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by Sdallnct
Interesting, had not thought of buring to DVD. He does have a CD writer in his computer. Oh and I have a dvd writer in our office computer, but would it be a good idea to show his C drive as "shared" and back up to DVD with the office computer?
Probably not since I think the hijack log showed that there was a couple of worms.

Another note is that I think some people have had some problems with rebates from TigerDirect so YMMV. But I think a dvd burner would be a great tool for back-ups as in making multiple copies and storing them at remote locations (bank, relative's house, etc).
Old 03-27-06, 05:31 PM
  #11  
DVD Talk Hero
Thread Starter
 
Join Date: Dec 2000
Location: Home again, Big D
Posts: 29,215
Likes: 0
Received 2 Likes on 2 Posts
Originally Posted by Lateralus
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: hp://click.getmirar.com (HKLM)
O15 - Trusted Zone: hp://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: hp://redirect.mirarsearch.com (HKLM)

It's pretty bad when they get themselves in to your trusted zone. I agree with the rest, reimage and install good antivirus, spybot, windows defender, and spyware blaster and get your sons computer out of his room and in to a public space.
You know that's the thing. I'm not sure where he is picking up this crap. He is not a computer geek as he doesn't even know enough to clear history, etc. I can see where he has been and doesn't seem all that bad. I think he is getting a lot of it from music video web sites and stuff. My wife has also been downloading "free games" and I had to clean up my a laptop a little (not like this, microsoft spyware found it), and I think that is doing it. And I about killed my wife when she downloaded some weather thing on our office computer.

I don't think it is pron he is looking at. Again, I see his history and if that is all he wanted he can have my playboys!

OK so lets talk back up/reformat

I'm sure I still have around his XP disc and Office disc. Just about everything else he has is from the net (AIM, Yahoo IM, etc). I know how to back up all his papers (Word), slide shows (Powerpoint) and photos, but what about his music? I don't know much about iTunes. I see they have a section on purchased music, is that on his HD or iTunes serve? And I assume all the CD's he has loaded is on his HD? What else do I need to know...
Old 03-27-06, 06:09 PM
  #12  
DVD Talk Limited Edition
 
Chrisedge's Avatar
 
Join Date: Jun 1999
Location: Part of the Left-Wing Conspiracy
Posts: 6,921
Received 0 Likes on 0 Posts
update to the latest iTunes, copy entire My Documents\My Music\iTunes folder, deauthorize Computer in iTunes, then when new XP is loaded, reload same version of iTunes, recopy all iTunes folder back, and authorize.
Old 03-27-06, 06:50 PM
  #13  
DVD Talk Hero
Thread Starter
 
Join Date: Dec 2000
Location: Home again, Big D
Posts: 29,215
Likes: 0
Received 2 Likes on 2 Posts
Originally Posted by Lateralus
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: hp://click.getmirar.com (HKLM)
O15 - Trusted Zone: hp://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: hp://redirect.mirarsearch.com (HKLM)

It's pretty bad when they get themselves in to your trusted zone. I agree with the rest, reimage and install good antivirus, spybot, windows defender, and spyware blaster and get your sons computer out of his room and in to a public space.
When I ran highjackthis again, these were all gone. So one of my programs must have cleaned it up.

That surfsidekick and netmonitor is a BITCH, XP's spyware program keeps popping up saying these are trying to load, do I want to delete them. I say yes, but then I get the warning again after I reboot.
Old 03-27-06, 06:50 PM
  #14  
DVD Talk Hero
Thread Starter
 
Join Date: Dec 2000
Location: Home again, Big D
Posts: 29,215
Likes: 0
Received 2 Likes on 2 Posts
Originally Posted by Chrisedge
update to the latest iTunes, copy entire My Documents\My Music\iTunes folder, deauthorize Computer in iTunes, then when new XP is loaded, reload same version of iTunes, recopy all iTunes folder back, and authorize.
Thanks!
Old 04-03-06, 05:21 PM
  #15  
DVD Talk Hero
Thread Starter
 
Join Date: Dec 2000
Location: Home again, Big D
Posts: 29,215
Likes: 0
Received 2 Likes on 2 Posts
Just wanted to thank all for your help. I do plan on doing a full reinstall, but for now I got things pretty cleaned up. No more pop ups, no more warning, no more slow start ups. I don't think I got it totally cleaned up, but much, much better.

I like the idea of backing up on DVD and with the cost of these coming down, I think I'm just going to pick up a DVD writer and install on his computer. That way we can back up everything, then do a full reinstall.
Old 04-05-06, 02:04 PM
  #16  
Member
 
Join Date: Jan 2005
Location: Bay Area
Posts: 189
Likes: 0
Received 0 Likes on 0 Posts
Have you tried using ewido?
http://www.ewido.net/en/

It gets rid of some of the more peskier stuff a lot of spyware scanners can't seem to handle.

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.