PiperK1980 Posted July 13, 2008 ID:22709 Share Posted July 13, 2008 Ok. So I read the Pre-Post instructions but I have a problem with that. I cannot access the internet through the infected computer to save my life. It just hangs there. And it wasn't like that before. So I can't scan with Panda. My dad brought his computer over cause his roommate got it all infected. It had no problem connecting to the internet until I took all that stuff off and deleted an IE add-on: awywux.dll in Safe Mode (the only way to delete it). I was able to get rid of everything else (I thought) but MS Juan won't go away. I've seen the other posts about this but I don't know if those are that user specific and would help me cause they could have different files than me. It has Spy-bot and HijackThis on it so I can produce a log for HijackThis. I'm usually excellent about getting this stuff off but this thing has me stumped and I need help. HELP! Link to post Share on other sites More sharing options...
dkaser Posted July 13, 2008 ID:22715 Share Posted July 13, 2008 PiperK1980,Welcome to the forums. Since you can't access Internet Explorer, just follow the pre-post instructions omitting the Panda scan for now.Derek Link to post Share on other sites More sharing options...
PiperK1980 Posted July 13, 2008 Author ID:22738 Share Posted July 13, 2008 Ok. Now the date you see is because for some reason the system seems to be stuck in the past for some reason. Everytime I change it after about the 2nd reboot it changes itself. I've changed it through the system by hitting [DEL] on startup numerous times. The first MBAM is before deleting the awywux.dll file. I noticed in another post here that it and add-on in IE. That is indeed where I found in through Manage Add-Ons in IE.------------------------------------------------------Malwarebytes' Anti-Malware 1.20Database version: 942Windows 5.1.2600 Service Pack 211:55:18 PM 1/20/2003mbam-log-1-20-2003 (23-55-18).txtScan type: Full Scan (C:\|)Objects scanned: 69348Time elapsed: 38 minute(s), 32 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 9Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\khfDuSkL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\LkSuDfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp\Bin\4.8.0.0\ASAPCom.dll (Adware.Hotbar) -> Quarantined and deleted successfully.C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp\Bin\4.8.0.0\Redemption.dll (Adware.Hotbar) -> Quarantined and deleted successfully.C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp\Bin\4.8.0.0\SBInst.exe (Adware.Hotbar) -> Quarantined and deleted successfully.C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp\Bin\4.8.0.0\SBOLExt.dll (Adware.Hotbar) -> Quarantined and deleted successfully.C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp\Bin\4.8.0.0\SBUIRes.dll (Adware.Hotbar) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{285E6F5E-0EBE-4C8B-ABD5-341E2ED85EFB}\RP2\A0001030.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\khfDtTlk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.--------------------------------------------------------------------------------------------------------This is the scan AFTER deleting awywux.dll and getting the no internet connection. As you can see the system reset it's date and time.Malwarebytes' Anti-Malware 1.20Database version: 942Windows 5.1.2600 Service Pack 211:38:44 PM 1/20/2003mbam-log-1-20-2003 (23-38-44).txtScan type: Full Scan (C:\|)Objects scanned: 70235Time elapsed: 26 minute(s), 9 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)I don't get it. Did I really get rid of it? It's making me out to be a liar. My network connections says that it's connected but IE still just hangs there after the progress bar at the bottom finally get half way. I get the feeling it's lurking somewhere taunting me.--------------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:44:03 PM, on 1/20/2003Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\McAfee.com\Agent\mcagent.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\System32\DVDRAMSV.exeC:\WINDOWS\System32\imapi.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\McAfee\VirusScan\McShield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\oodag.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Blue Coat K9 Web Protection\k9filter.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\WINDOWS\System32\TuneUpDefragService.exeC:\PROGRA~1\McAfee\MSC\mcupdmgr.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: {dd261c2a-c6b8-cdf9-3864-b77b3b84a952} - {259a48b3-b77b-4683-9fdc-8b6ca2c162dd} - C:\WINDOWS\system32\awywux.dll (file missing)O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cabO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exeO23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE--End of file - 4602 bytes Link to post Share on other sites More sharing options...
dkaser Posted July 13, 2008 ID:22745 Share Posted July 13, 2008 PiperK1980,Please run HijackThis again. When it finishes, check the following entries and click on the "Fix checked" button:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comO2 - BHO: {dd261c2a-c6b8-cdf9-3864-b77b3b84a952} - {259a48b3-b77b-4683-9fdc-8b6ca2c162dd} - C:\WINDOWS\system32\awywux.dll (file missing)Then, reboot and post a new Hijackthis log.Derek Link to post Share on other sites More sharing options...
PiperK1980 Posted July 14, 2008 Author ID:22754 Share Posted July 14, 2008 Here it is:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:10:01 AM, on 1/21/2003Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\McAfee.com\Agent\mcagent.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\System32\DVDRAMSV.exeC:\WINDOWS\System32\imapi.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\McAfee\VirusScan\McShield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\oodag.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Blue Coat K9 Web Protection\k9filter.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cabO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exeO23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE--End of file - 3733 bytes Link to post Share on other sites More sharing options...
dkaser Posted July 14, 2008 ID:22756 Share Posted July 14, 2008 PiperK1980,That log looks clean. Go ahead and try starting IE again to see if it works properly.With regards to the clock issue, does the clock only reset if you reboot the computer, or will it reset itself while the computer is running? If it only happens at shutdown/reboot, then it's possible that your CMOS battery is dead/dying. That would cause the clock settings to reset to their defaults periodically.Derek Link to post Share on other sites More sharing options...
PiperK1980 Posted July 14, 2008 Author ID:22766 Share Posted July 14, 2008 Thank you. I will try it later this morning. The clock only resets itself during restart. But he has been having problems with his DVD-ROM/Burners. One can read, no burn and the other doesn't read at all. I've replaced them with my DVD-Rom's but it does the same thing. I've replaced cables and still nothing. I'm thinking there's a motherboard issue with everything going on. I'll report about the IE issue after I wake up. Link to post Share on other sites More sharing options...
PiperK1980 Posted July 14, 2008 Author ID:22791 Share Posted July 14, 2008 Still no internet. It just hangs there. I did notice that when I startup sometimes that at the first screen showing what it's booting up it says 'CMOS battery is low" and then I have to hit F2 to continue. Obviously that's the problem with the clock (thanks for that info) but could that be the problem with the CD/DVD-Roms too? It's almost like the motherboard can't read them. Link to post Share on other sites More sharing options...
JeanInMontana Posted July 18, 2008 ID:23188 Share Posted July 18, 2008 Hi PiperK1980 I am going to step in here since the topic has been 4 days with no reply from a helper. I apologize for that and suggest you give this a try to fix the connection issues. LSPfix Repairs Winsock 2 settings, caused by buggy or improperly-removed Internet software[and malware], that result in loss of Internet accessLSP-Fix is a free Windows utility to repair a loss of Internet access associated with certain types of software. This type of software, known as a Layered Service Provider or LSP, typically handles low-level Internet-related tasks, and data is passed through a chain of these programs on its way to and from the Internet. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, causing the Internet connection to become inaccessible. Link to post Share on other sites More sharing options...
PiperK1980 Posted July 19, 2008 Author ID:23292 Share Posted July 19, 2008 Thank you. I will try that was soon as I get the CMOS back up. I took the battery out and am having a hard time putting it back in. Link to post Share on other sites More sharing options...
JeanInMontana Posted July 20, 2008 ID:23388 Share Posted July 20, 2008 Oh dear. Link to post Share on other sites More sharing options...
PiperK1980 Posted July 22, 2008 Author ID:23524 Share Posted July 22, 2008 I got the battery replaced (Yeah!) and that's fine. I still can't connect and I tried LSPfix and that didn't work. It said no problems. My next step would be a reinstall unless there is something else I could try. Link to post Share on other sites More sharing options...
JeanInMontana Posted July 22, 2008 ID:23527 Share Posted July 22, 2008 Let's try this one http://www.majorgeeks.com/download4899.html and I think you should update MBAM and show me a quick scan with that please and a new HJT log. Link to post Share on other sites More sharing options...
PiperK1980 Posted July 22, 2008 Author ID:23576 Share Posted July 22, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:07:18 PM, on 7/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\McAfee.com\Agent\mcagent.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\System32\DVDRAMSV.exeC:\WINDOWS\System32\imapi.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\McAfee\VirusScan\McShield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\oodag.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Blue Coat K9 Web Protection\k9filter.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exec:\PROGRA~1\mcafee\msc\mcuimgr.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cabO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exeO23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE--End of file - 3855 bytes---------------------------------------------------------------------------------------------------------Malwarebytes' Anti-Malware 1.20Database version: 942Windows 5.1.2600 Service Pack 22:33:35 PM 7/21/2008mbam-log-7-21-2008 (14-33-35).txtScan type: Full Scan (C:\|)Objects scanned: 70530Time elapsed: 26 minute(s), 54 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
JeanInMontana Posted July 23, 2008 ID:23594 Share Posted July 23, 2008 Update MBAM current version is 1.22 run the quick scan with it and then with HJT please. Link to post Share on other sites More sharing options...
PiperK1980 Posted July 25, 2008 Author ID:23835 Share Posted July 25, 2008 (edited) I had posted the logs but my dad insisted that I reinstall. Thanks for all your help. I'll be around hoping to help someone someway. Edited July 28, 2008 by PiperK1980 Link to post Share on other sites More sharing options...
JeanInMontana Posted July 28, 2008 ID:23991 Share Posted July 28, 2008 You post logs over and over in the process of removal of malware. Once is never enough. I hope your able to connect now. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.SpywareBlaster from Javacool SoftwareWinPatrol by BillPStudios SiteHound by FireTrustRogueRemoverhpHostsThe windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature.Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you. Link to post Share on other sites More sharing options...
Recommended Posts