Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spybot is unable to fix 27 problems...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Spybot is unable to fix 27 problems...

Unread postby rbanything » July 3rd, 2006, 2:20 pm

I have read and followed the instructions that were posted and cleaned as much as I could. I ran spybot and I still have 27 problems that were detected that spybot could not fix. Most are coolwwwsearch. Here is my spybot scan results:

ABetterInternet 2 entries
CoolWWWSearch.BadZoneMap 10 entries
CoolWWWSearch.Leftovers 1 entries
CoolWWWSearch.Mupdate 1 entries
CoolWWWSearch.Toolband 1 entries
CoolWWWSearch.wWinRes 1 entries
NeedEdware 1 entries
Smithfraud-C 10 entries

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:55:03 PM, on 7/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8DD733A8-353A-4E93-AB85-93CA8DC96F6A} (ActivatorControl1 Class) - https://objects.aol.com/activator/en-us/Activator.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
rbanything
Regular Member
 
Posts: 20
Joined: July 3rd, 2006, 2:09 pm
Location: East Tennessee
Advertisement
Register to Remove

Unread postby Navigator » July 3rd, 2006, 9:05 pm

Hello rbanything...welcome to MRU!

Do you know what this is: lxcr_device? I cannot find out anything about that process C:\WINDOWS\system32\lxcrcoms.exe
and service entry O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
during searching...Is it some kind of Lexmark Device???

1. Your Java is out of date, and this has been known to be a security issue (old Java versions are vulnerable to malware exploits):

Go here and download and install JRE 5.0 Update 7. Click the link that says Download JRE 5.0 Update 7. You will then need to select Accept License Agreement and click the Continue button that is beside it. Then click the link that says Windows Offline Installation, Multi-language. Save it to your Desktop. Then go back to your Desktop and double click jre-1_5_0_07-windows-i586-p.exe to start the install.

Once you have it installed, click Start>>Run, type in appwiz.cpl and hit Enter. From the list, uninstall Java version j2re1.4.2_03.

First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run ewido and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  8. Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

I did what you said. Here is my EWIDO report.

Unread postby rbanything » July 3rd, 2006, 10:30 pm

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:20:15 PM 7/3/2006

+ Scan result:



C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Richard Crigger\Cookies\richard crigger@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\VANESSA\Cookies\vanessa@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Richard Crigger\Cookies\richard crigger@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Richard Crigger\Cookies\richard crigger@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\VANESSA\Cookies\vanessa@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end
rbanything
Regular Member
 
Posts: 20
Joined: July 3rd, 2006, 2:09 pm
Location: East Tennessee

I do have a LEXMARK printer/copier/scanner.

Unread postby rbanything » July 3rd, 2006, 10:37 pm

It looks like someone has used my usernames to create some sort of e-mail addresses.
rbanything
Regular Member
 
Posts: 20
Joined: July 3rd, 2006, 2:09 pm
Location: East Tennessee

Re: I do have a LEXMARK printer/copier/scanner.

Unread postby Navigator » July 3rd, 2006, 10:45 pm

rbanything wrote:It looks like someone has used my usernames to create some sort of e-mail addresses.


Those are just some tracking cookies...nothing to be alarmed about.

Since you cannot positively identify the process/service I asked about, let's check it out...please do this:

1. There is a file I'd like to get analyzed

C:\WINDOWS\system32\lxcrcoms.exe

Just to be safe, go to this site and have it scan it:
Jotti virus scan

Use the Browse button at Jotti, navigate to the file's location on your hard drive and submit it to them for analysis.

Let me know the results.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Here is what I found.

Unread postby rbanything » July 4th, 2006, 4:34 pm

The file was okay. Nothing found.

I'm or are you in on him and I on I have a lot of these types of files in my Windows C. drive:
$NtUninstallKB911562$

I have no idea what these files mean. Can you tell me what these files are?

In the By the way, I believe that I have left out some important information about what I have done to try to remove coolwwwsearch. Spybot never included any coolsearch files in its scan results, until I located some information through a search on Google for how to remove cool wwwsearch. I followed some of their suggestions. I trusted them, like a dummy. Looking back, I believe that I in fact downloaded more spy ware from coolsearch because after I tried to fix my problem spy bot now had 27 entries that it could not fix. Whereas before I saw coolsearch showing up at the bottom as the files were scanned by spy bot but the scann did not select them as entries.

I downloaded cwshredder. I cannot remember what web site I went to.
Anyway, I really appreciate you taking your time to help me with my problems.
I got this link from Dell Computer's online forum.
I am assuming that you guys are doing this for the satisfaction of fighting maliciousness Internet users.
My computer is not giving me any problems, really. The homepage has changed on its own before, but it does not do it all the time.
I just really want to be in control of whom is spying on me.
rbanything
Regular Member
 
Posts: 20
Joined: July 3rd, 2006, 2:09 pm
Location: East Tennessee

Re: Here is what I found.

Unread postby Navigator » July 5th, 2006, 5:57 pm

rbanything wrote:The file was okay. Nothing found.

I'm or are you in on him and I on I have a lot of these types of files in my Windows C. drive:
$NtUninstallKB911562$

I have no idea what these files mean. Can you tell me what these files are?


They are files associated with WindowsXP Security Updates/Hotfixes (the uninstaller) and you do not need to worry about them.

rbanything wrote:I am assuming that you guys are doing this for the satisfaction of fighting maliciousness Internet users.


Yup.

rbanything wrote:My computer is not giving me any problems, really.....I just really want to be in control of whom is spying on me.


I'm glad your computer isn't giving you any problems, and I hope I answered your questions!

Here is what I give to people as information after helping with a malware problem (not that you had a malware problem, but the information about security is applicable nonetheless):

Your HJT appears clean and I'm glad your system is running well with out problems!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy- Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner by Atribune. This program is for XP and Windows 2000 only. ATF is a new, freeware, temporary file cleaner for Windows, IE, Firefox and Opera with a simple, easy-to-use interface. The main screen allows the user to either clean all temporary files, or select files for cleaning. The program also knows if Firefox and or Opera is being used, and gives the option of cleaning the temporary files associated with those applications.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein. This an excellent read too: I'm not pulling your leg


Remember...be careful out there!
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

In a previous post you asked me the following questions

Unread postby rbanything » July 8th, 2006, 6:45 pm

Do you know what this is: lxcr_device? I cannot find out anything about that process C:\WINDOWS\system32\lxcrcoms.exe
and service entry O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
during searching...Is it some kind of Lexmark Device???

I deleted this entry. I was instructed to do this by someone in another forum. Now, my printer cannot communicate. I tried to install and uninstall. I rebooted, disconnected and reconnected all cables but it's still communicating. I tried all of the troubleshooting recommendations. My USB port is checked in printer properties. I believe that I have a device missing.

Is the USB port enabled on the computer?
To confirm that the USB port is enabled:

1 From the Windows Start menu, click Settings, and then click Control Panel.

2 Double-click the System icon, or click Performance and Maintenance, and then click the System icon.

3 Windows 2000 and Windows XP users only:

Click the Hardware tab.

Windows 98, Windows Me, Windows 2000, and Windows XP users:

Click Device Manager.

4 Click the plus sign (+) beside Universal Serial Bus Controller.

If you see USB Host Controller and USB Root Hub listed, the USB port is probably enabled.

I do not see USB host controller. I do see USB root hub listed.
rbanything
Regular Member
 
Posts: 20
Joined: July 3rd, 2006, 2:09 pm
Location: East Tennessee

Re: In a previous post you asked me the following questions

Unread postby Navigator » July 9th, 2006, 2:50 pm

rbanything wrote:I deleted this entry. I was instructed to do this by someone in another forum. Now, my printer cannot communicate. I tried to install and uninstall. I rebooted, disconnected and reconnected all cables but it's still communicating. I tried all of the troubleshooting recommendations. My USB port is checked in printer properties. I believe that I have a device missing.


I just saw searched and found your thread at Dell....ouch. I had you submit the file for analysis because I wasn't sure what it was as searching turned up nothing, and being that the analysis was fine...I left it alone. I just figured it was from a Lexmark device because the filename resembled that name.

You have done everything that I would have done (uninstall, reinstall the driver etc.)...and to be honest with you I'm not a hardware expert by any stretch of the imagination.

Here are some good forums where I also work cleaning malware that have good 'hardware' and systems forums which may be able to answer your question regarding your printer and USB port:

TechSupportGuy Hardware Forum

and

GeeksToGo Hardware Forum

Hope this helps....and I would go back to the Dell forums and let the helper know what is going on too so that they can avoid making this apparent mistake again.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

thanks...........

Unread postby rbanything » July 9th, 2006, 3:09 pm

I fixed my problem on my own. Thanks for your help.

I went to Lexmark help. I followed the link and downloaded a driver for my printer. I had the driver already installed on my computer, and it prompted me to update my software. I updated and now my printer is working again.
rbanything
Regular Member
 
Posts: 20
Joined: July 3rd, 2006, 2:09 pm
Location: East Tennessee

Re: thanks...........

Unread postby Navigator » July 9th, 2006, 3:52 pm

rbanything wrote:I fixed my problem on my own. Thanks for your help.

I went to Lexmark help. I followed the link and downloaded a driver for my printer. I had the driver already installed on my computer, and it prompted me to update my software. I updated and now my printer is working again.


Great news....Good Luck!
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

these are still showing up..will they harm my computer?

Unread postby rbanything » July 9th, 2006, 4:11 pm

I still have 27 problems that were detected that spybot could not fix.

ABetterInternet 2 entries
CoolWWWSearch.BadZoneMap 10 entries
CoolWWWSearch.Leftovers 1 entries
CoolWWWSearch.Mupdate 1 entries
CoolWWWSearch.Toolband 1 entries
CoolWWWSearch.wWinRes 1 entries
NeedEdware 1 entries
Smithfraud-C 10 entries
rbanything
Regular Member
 
Posts: 20
Joined: July 3rd, 2006, 2:09 pm
Location: East Tennessee

Re: these are still showing up..will they harm my computer?

Unread postby Navigator » July 9th, 2006, 4:32 pm

rbanything wrote:I still have 27 problems that were detected that spybot could not fix.

ABetterInternet 2 entries
CoolWWWSearch.BadZoneMap 10 entries
CoolWWWSearch.Leftovers 1 entries
CoolWWWSearch.Mupdate 1 entries
CoolWWWSearch.Toolband 1 entries
CoolWWWSearch.wWinRes 1 entries
NeedEdware 1 entries
Smithfraud-C 10 entries


Are they causing any problems? You have yet to tell me what problems you may be having with your computer!

The HJT log is clean, as was the Ewido log...they are probably stray entries after the infection was removed. We may or may not be able to locate and remove them, but I need more information than you've given me since the 'problems' are not apparent on any scans we've done so far.

If you want to try and see what we can do to remove these 'problems', I need the Spybot log:

1. Logs are produced during scans and fixes ("Check for problems" and "Fix selected problems").

By default there are two Checks.yymmdd-hhmm logs produced during a scan. The second Checks.yymmdd-hhmm has the details of what the scan found. A Fixes.yymmdd-hhmm log is produced if you fix or attempt to fix something.

There are two methods to view these reports:

  • Method 1:
    • Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Pervious reports. Look for the Checks.yymmdd-hhmm or Fixes.yymmdd-hhmm file that contains the desired information. Open it.
  • Method 2
    • The Checks.yymmdd-hhmm and Fixes.yymmdd-hhmm files are stored in the following folders:

      + Windows NT, 2000 or XP:
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
    • Using Windows Explorer, navigate to the correct Checks.yymmdd-hhmm or Fixes.yymmdd-hhmm file. Double click on it and it should open with Notepad.

2. Also, please do this online scan and see what it finds...it may identify some of the problems you are referencing:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

SPYBOT

Unread postby rbanything » July 9th, 2006, 5:53 pm

--- Report generated: 2006-07-09 13:24 ---

CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcounter.biz\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com\*!=W=4

CoolWWWSearch.Leftovers: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greatplugin.com\*!=W=4

CoolWWWSearch.Mupdate: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\masspass.com\*!=W=4

CoolWWWSearch.Toolband: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isprime.com\*!=W=4

CoolWWWSearch.WinRes: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\offshoreclicks.com\*!=W=4

ABetterInternet: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net\*!=W=4

ABetterInternet: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com\*!=W=4

NeedEdware: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\neededware.com\*!=W=4

Smitfraud-C.: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\asdbiz.biz\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fuck-fuck.org\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2995775916-592914421-636505945-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webpidor.biz\*!=W=4


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-06-15 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-07-07 Includes\Cookies.sbi (*)
2006-07-07 Includes\Dialer.sbi (*)
2006-07-07 Includes\Hijackers.sbi (*)
2006-07-07 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-07-07 Includes\Malware.sbi (*)
2006-07-07 Includes\PUPS.sbi (*)
2006-07-07 Includes\Revision.sbi (*)
2006-07-07 Includes\Security.sbi (*)
2006-07-07 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-07-07 Includes\Trojans.sbi (*)
rbanything
Regular Member
 
Posts: 20
Joined: July 3rd, 2006, 2:09 pm
Location: East Tennessee

PANDA results........

Unread postby rbanything » July 9th, 2006, 7:34 pm

Incident Status Location

Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard191.dat
Adware:adware/fchelp Not disinfected c:\program files\EQAdvice
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Richard Crigger\Cookies\richard crigger@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Richard Crigger\Cookies\richard crigger@ad.yieldmanager[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\VANESSA\Cookies\vanessa@atwola[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\VANESSA\Cookies\vanessa@searchportal.information[1].txt
rbanything
Regular Member
 
Posts: 20
Joined: July 3rd, 2006, 2:09 pm
Location: East Tennessee
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware