Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91844 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Trojans, AdWare, Worm, IE went crazy...HELP


  • This topic is locked This topic is locked
54 replies to this topic

#31 IAmSusie3

IAmSusie3

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 02 June 2008 - 08:07 AM

IM DOING IT RIGHT NOW....I PROMISE!!!

    Advertisements

Register to Remove


#32 IAmSusie3

IAmSusie3

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 02 June 2008 - 08:12 AM

NO....DO NOT USE AOL I WENT TO USER ACCOUNTS LIKE YOU SAID AND IT ONLY HAS ADMINISTRATOR AND GUEST. BUT THAT WAS NOT HOW I FOUND THAT OTHER STUFF....I DONT REMEMBER WHAT I WENT THRU TO FIND WHAT I FOUND, BUT I KNOW GOING THRU START, CONTROL PANEL, USER ACCOUNTS WASN'T IT. I'LL WORK ON IT LATER TO SEE IF I CAN FIGURE OUT WHAT I DID. NOW I'M ON THE NEXT THING...BE RIGHT BACK....

#33 IAmSusie3

IAmSusie3

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 02 June 2008 - 09:45 AM

OK....HERE'S THE MBAM-LOG Malwarebytes' Anti-Malware 1.14 Database version: 814 10:40:45 AM 6/2/2008 mbam-log-6-2-2008 (10-40-45).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 150687 Time elapsed: 1 hour(s), 18 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) NEXT IS THE KASPERSKY LOG...COMING UP...

#34 IAmSusie3

IAmSusie3

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 02 June 2008 - 04:45 PM

OK...HERE'S THE KASPERSKY LOG....IT TOOK FOREVER... ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, June 02, 2008 5:43:54 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 2/06/2008 Kaspersky Anti-Virus database records: 821972 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 109928 Number of viruses found: 13 Number of infected objects: 22 Number of suspicious objects: 0 Duration of the scan process: 05:03:58 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-4-30-2008( 17-38-23 ).LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masdata.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masevents.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9\profile.ini Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Application Data\Eyeblaster\GC\1001_1001_1001_1193\main.log Object is locked skipped C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.15545 Infected: Trojan-Downloader.Win32.Homles.bj skipped C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.24795 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.41851 Infected: Trojan-Downloader.Win32.Homles.bj skipped C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.90204 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped C:\Documents and Settings\Owner\Application Data\Shutterfly\Studio\app_log--06-02-08--12-36-28.log Object is locked skipped C:\Documents and Settings\Owner\Application Data\Shutterfly\Studio\mm_0_1.tdb Object is locked skipped C:\Documents and Settings\Owner\Application Data\Shutterfly\Studio\mm_1_1.odb Object is locked skipped C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-6-2-2008( 7-36-3 ).LOG Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Incomplete\Preview-T-2559308-Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped C:\Documents and Settings\Owner\Incomplete\Preview-T-3545425-leona lewis.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped C:\Documents and Settings\Owner\Incomplete\T-3545425-leona lewis.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\2e9ffd2.be13aa05.ini.inuse Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\436a57b2.be13aa05.ini.inuse Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\MostFun.exe.be13aa05.ini.inuse Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\MostFun\RuntimeState\{2d9c6400-153d-4fdf-9aaa-933577e0433a}\Logs\edb.log Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\MostFun\RuntimeState\{2d9c6400-153d-4fdf-9aaa-933577e0433a}\Logs\tmp.edb Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008060220080603\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DFDD5F.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\PhishingFilter\45E13EC5-3DB7-4B3D-9F80-073A58AB5E82.dat Object is locked skipped C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Shared\Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped C:\QooBox\Quarantine\C\Documents and Settings\Owner\Incomplete\Preview-T-3545425-bratz movie.mpg.vir Infected: Trojan-Downloader.WMA.Wimad.n skipped C:\QooBox\Quarantine\C\Documents and Settings\Owner\Incomplete\Preview-T-3545425-little mermaid 2.mpg.vir Infected: Trojan-Downloader.WMA.Wimad.n skipped C:\QooBox\Quarantine\C\Documents and Settings\Owner\Shared\(New Release) good is good sheral crow 23.wma.vir Infected: Trojan-Downloader.WMA.Wimad.d skipped C:\QooBox\Quarantine\C\Documents and Settings\Owner\Shared\little mermaid 2.mpg.vir Infected: Trojan-Downloader.WMA.Wimad.n skipped C:\QooBox\Quarantine\C\Documents and Settings\Owner\Shared\TOTALLY HIP TRACK.wma.vir Infected: Trojan-Downloader.WMA.Wimad.l skipped C:\QooBox\Quarantine\C\My Games\Tropix\postcard.exe.vir Infected: Trojan-Downloader.Win32.Agent.dro skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP105\A0139839.exe Infected: not-a-virus:AdTool.Win32.FenomenGame.a skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP140\A0153437.exe Infected: Backdoor.Win32.Rbot.piv skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP172\A0167991.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.niz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP174\A0169173.exe Infected: Backdoor.Win32.Mex.s skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP177\A0172336.exe Infected: Trojan-Downloader.Win32.Agent.lsl skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP178\A0173433.exe Infected: not-a-virus:AdWare.Win32.AdBand.y skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP178\A0173436.exe Infected: Trojan-Downloader.Win32.Agent.mri skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP198\A0197881.exe Infected: Trojan-Downloader.Win32.Agent.dro skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP209\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{FF9E4CF5-BFF3-459A-BA39-40EB0FAA1110}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\TEMP\Perflib_Perfdata_298.dat Object is locked skipped C:\WINDOWS\TEMP\Perflib_Perfdata_780.dat Object is locked skipped C:\WINDOWS\TEMP\sqlite_8KS1nOURSlufHbP Object is locked skipped C:\WINDOWS\TEMP\sqlite_GbFQ1hgiudqIWgu Object is locked skipped C:\WINDOWS\TEMP\sqlite_isna6e3NAEsfBnj Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

#35 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 04 June 2008 - 08:56 AM

Hello susie

Please, Please Don't do anymore downloads until we are finished (which will be soon).

:uninstall some programs:

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add remove programs
click on the following programs

AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
J2SE Runtime Environment 5.0 Update 10
Java™ SE Runtime Environment 6 Update 1


and click on remove

Restart the computer now

: Update Java :

Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.
  • Download the latest version of Java™ SE Runtime Environment 6u6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.


:Delete files and folders:

I need you to right click on the start button
click on explore
and navegate to and delete these files or folders (if present):


"C:\Documents and Settings\Owner\Incomplete<---this folder
"C:\Documents and Settings\Owner\Shared<---this folder

:information and logs:

In your next post I need the following

1.new log from hijackthis
2.How is the computer doing
[/list]
Gringo

Edited by gringo_pr, 04 June 2008 - 08:58 AM.


#36 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 09 June 2008 - 12:39 PM

Hello susie It hase been a while since you posted back to me. Are you having problems? Just responde back to me and let me know you are still working on this. Gringo

#37 IAmSusie3

IAmSusie3

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 09 June 2008 - 03:43 PM

Yes...im still here ....sorry...i will do this stuff tonight after the kids go to bed. thanks for hanging in there with me.

#38 IAmSusie3

IAmSusie3

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 10 June 2008 - 07:52 PM

HEY....I'VE DONE EVERYTHING...DOWNLOADING THE JAVA RUNTIME STUFF AND THEN I WILL GET THOSS LOG FILE TO YOU. I'VE TOLD ALL THE KIDDOS...NO DOWNLOADS FOR NOW...BUT DON'T HOLD YOUR BREATH...HOPEFULLY THEY WILL LISTEN...BEAR WITH ME...

#39 IAmSusie3

IAmSusie3

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 10 June 2008 - 08:24 PM

OK...EVERYTHING YOU HAVE ASKED FOR IS NOW DONE...AND HERE IS THE NEW HIJACK THIS LOG...I HOPE THIS IS RIGHT. AS FAR AS HOW IS THE COMPUTER DOING...I WILL LET YOU KNOW...
HERE'S THE LOG FILE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:26 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\Avast4\ashWebSv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe
O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe.vir
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: iWin Desktop Alerts.lnk = C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe.vir
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to miniMEDIA Video Converter... - C:\Program Files\Tiger Electronics\miniMEDIA\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?da9fb24d82bf41f28a3bb81f4fd0ec6f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?da9fb24d82bf41f28a3bb81f4fd0ec6f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Pyramids - http://download2.gam...ts/y/pyt1_x.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Amazing Adventures The Lost Tomb\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase2895.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.k..._2/axofupld.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12635 bytes

#40 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 11 June 2008 - 02:14 PM

Hello it looks like you have two antivirus running mcafee and norton I need to know if one of them is expired so we can get rid of one (if they are both active I need to know which one you want to keep) so I get remove one let me know about this as soon as possible please gringo

    Advertisements

Register to Remove


#41 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 15 June 2008 - 11:07 AM

hey IAmSusie3 how are you doing with this? Gringo

#42 IAmSusie3

IAmSusie3

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 18 June 2008 - 06:48 AM

HEY...IM HERE....I DONT HAVE CLUE ABOUT THOSE THINGS...BUT IM PRETTY SURE MCAFEE IS EXPIRED. SO GET RID OF THAT. AND WHEN I PRESS CONTROL ALT DELETE...(I GUESS THAT'S "TASK MANAGER") ANYWAY...LIKE 38 TO 45 PROCESSESS OR APPLICATIONS (WHICHEVER IS THE 2ND TAB) COMES UP A LOT...I DON'T KNOW WHAT ALL THAT STUFF IS AND IF I EVEN NEED IT. COULD YOU CHECK THERE TOO. LET'S CLEAN ALL THAT MESS OUT. AS FAR AS HOW THE COMPUTER IS RUNNING...SOMETIMES IT FREEZES UP AND THE ONLY WAY TO FIX IT IS TO "CONTROL ALT DELETE" AND END "YBROWSER" OR "IEXPLORER" (WHICHEVER ONE IM ON.) AND SOMETIMES...THERE ARE 2 "YBROWSERS" SHOWING AND I'LL CLICK ONE AND IT WON'T GO AWAY OR DO ANYTHING. (AND i ONLY HAVE ONE OPEN....THE OTHER ONE WILL MAKE IT GO AWAY AND IT WILL DISAPPEAR. DOES THAT MAKE ANY SENSE. i WAS JUST WONDERING BECAUSE IT'S NEVER WAS LIKE THAT BEFORE. I JUST WANTED TO MAKE SURE SOMEBODY ELSE WASN'T USING THE COMPUTER..LIKE A STRANGER. THANKS FOR NOT GIVING UP ON ME... I TOLD YOU IT MAY TAKE ME A FEW OR MORE DAYS TO GET BACK WITH YOU...BUT I WON'T GO AWAY. THANKS. :notworthy:

#43 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 18 June 2008 - 12:44 PM

Hello susie

AND WHEN I PRESS CONTROL ALT DELETE...(I GUESS THAT'S "TASK MANAGER") ANYWAY...LIKE 38 TO 45 PROCESSESS OR APPLICATIONS (WHICHEVER IS THE 2ND TAB) COMES UP A LOT...I DON'T KNOW WHAT ALL THAT STUFF IS AND IF I EVEN NEED IT. COULD YOU CHECK THERE TOO. LET'S CLEAN ALL THAT MESS OUT

that is normal and not to worry.

THERE ARE 2 "YBROWSERS" SHOWING AND I'LL CLICK ONE AND IT WON'T GO AWAY OR DO ANYTHING. (AND i ONLY HAVE ONE OPEN....THE OTHER ONE WILL MAKE IT GO AWAY AND IT WILL DISAPPEAR. DOES THAT MAKE ANY SENSE

In your running prosses from hijackthis I see ybrowser.exe and ybrwicon.exe which look almost the same but not two ybrowser.exe could this be what you are talking about?


:uninstall some programs:

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add remove programs
click on the following programs

McAfee AntiSpyware
McAfee SecurityCenter


and click on remove

:remove Macafee:

Download the removal tool from:

http://download.mcaf...atches/MCPR.exe
  • Click Save and save the file to any folder on your computer.
  • Navigate to the folder where the file is saved.
  • Make sure all McAfee windows are closed.
  • Double-click MCPR.EXE to run the removal tool.
    • Note: Windows Vista users must right-click MCPR.EXE and select Run as Administrator.
  • Restart your computer after receiving the message CleanUp Successful.

let me have a new hijackthis log to make sure mcafee completly left


Gringo

#44 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 24 June 2008 - 07:23 AM

Hello Susie How are we doing this week? Gringo

#45 IAmSusie3

IAmSusie3

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 24 June 2008 - 10:08 PM

HEY....I'M STILL HERE. THE KIDS ARE ON THE COMPUTER...BUT I WILL DO ALL THAT WHEN THEY GET OFF...IN A FEW HOURS. HANG WITH ME.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users