okay, java is installed...
now, whats next?
Thanks for posting a new HJT log, it looks better but this item was scheduled for removal and is still there:
O2 - BHO: FrontierBA BHO - {A93A3CC1-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
http://www.castlecops.com/tk31167-fbabar_dll.html
CastleCops and myself consider this item questionable and optional. If you can not or do not wish to remove stuff according to my instructions, it is your computer but please make me aware so I will know it is not being missed...thanks.
Logfile of HijackThis v1.99.1 Scan saved at 7:30:55 AM, on 2/27/2007
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: FrontierBA BHO - {A93A3CC1-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
O3 - Toolbar: &Frontier Browser Assistant - {A93A3CC9-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
Close all programs but HJT and all browser windows, then click on "Fix Checked"
Besides that, this HJT log appears to be clean of malware, let me know how the computer is running.
Thanks
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
okay,
this time it seemed to get rid of them.
I wanted to ask you a question though. Spybot, last time i ran a scan, found that smitfraud-c.toolbar888 file that seemed never to go away. im running a scan right now to see if its still there.
Meanwhile, the menu that kept popping up about the internet being temporarily unavailable has stopped. it used to be that about every twenty seconds something kept trying to acces the internet and every time it tried (this is when i unplugged the cable in my modem) it kept asking me if i wanted to try again or work offline, and now its finally stopped.
Thanks much for that
also, should the popups for winantivirus stop now too (along with the other ads)?
(mind you, i JUST plugged my internet cable back in)
and for my last question; was the MSSMGR registry value taken care of during all of this? or will it pose future problems (i assume this a redundant question; please dont think i underestimate your ability. You're a god to me)
Oh, my spybot scan finished...
it still has that Smitfraud'-C.Toolbar888 and a Microsoft.WindowsSecurityCenter_disabled listing
heres the log:
--- Report generated: 2007-02-27 08:11 ---
Smitfraud-C.Toolbar888: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-02-23 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-02-21 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-02-21 Includes\DialerC.sbi (*)
2007-02-07 Includes\Hijackers.sbi (*)
2007-02-21 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-02-21 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-02-14 Includes\Malware.sbi (*)
2007-02-21 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-02-21 Includes\PUPSC.sbi (*)
2007-02-21 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-02-21 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-02-21 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-02-14 Includes\Trojans.sbi (*)
2007-02-21 Includes\TrojansC.sbi (*)
also i looked up the MSSMGR value using the regedit and the MSSMGR value is still there. I know its loosely associated with the smitfraud thing. I didnt delete or change anything in the registry.
other than my questions, things seem okay.
Is your version of Spybot up to date? I understand this was a false positive from a while back:I wanted to ask you a question though. Spybot, last time i ran a scan, found that smitfraud-c.toolbar888 file that seemed never to go away. im running a scan right now to see if its still there.
http://forums.spybot.info/showthread.php?t=8668
Smitfraud-C.Toolbar888
That should have cleaned up with the newest data base. I will also look at the rest of your questions, but I would prefer you post questions about Spybot here: http://forums.spybot.info/forumdisplay.php?f=4
Let's do a check with Smitfraudfix to make sure nothing is lingering. I will also post closing information for your benefit. Please review it and post in 24 to 48 hours, giving you time to make sure all issues are resolved, and let us know.
http://siri.geekstogo.com/SmitfraudFix.php <<< Download Smitfraudfix from here and follow ONLY these directions.
Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
Post that report when you have it.
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
sorry for the long reply. I was reading up on the false positive situation.
here is the rapport log:
SmitFraudFix v2.144
Scan done at 8:49:12.84, Tue 02/27/2007
Run from K:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
No problem and thanks. You can delete that tool, that log is clean
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
As the problem appears to be resolved this topic has been closed.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.
Thanks
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006