snowplow Posted August 19, 2008 ID:25199 Share Posted August 19, 2008 was running ok evin got rade of a cuple things for me but thin it would just stay in drive c and not go to the other drives so i uninstald it and reinstald it and it will still just stay in drive c if on start up i unchak c thin it will scan the others with out eny trable it gets its updays evry time i use it would it help to reinstal it agin if i lit it go it will run and run in c i did one time and it ran for 15 hr still in c drive i put this some ware elks not share of right topic Link to post Share on other sites More sharing options...
snowplow Posted August 19, 2008 Author ID:25292 Share Posted August 19, 2008 was running ok evin got rade of a cuple things for me but thin it would just stay in drive c and not go to the other drives so i uninstald it and reinstald it and it will still just stay in drive c if on start up i unchak c thin it will scan the others with out eny trable it gets its updays evry time i use it would it help to reinstal it agin if i lit it go it will run and run in c i did one time and it ran for 15 hr still in c drive i put this some ware elks not share of right topic i ran it agin last night after updating it and it still stade in drive c and ran for 6 hrs Link to post Share on other sites More sharing options...
1972vet Posted August 19, 2008 ID:25302 Share Posted August 19, 2008 Please do not use the "Report" button just to get a Moderator's attention. Start reading Here. Link to post Share on other sites More sharing options...
snowplow Posted August 19, 2008 Author ID:25330 Share Posted August 19, 2008 Please do not use the "Report" button just to get a Moderator's attention. Start reading Here.ok i will have to do this later this after noon i do have that spybot search & destroy so maybe thats all it is Link to post Share on other sites More sharing options...
snowplow Posted August 19, 2008 Author ID:25337 Share Posted August 19, 2008 Malwarebytes' Anti-Malware 1.25Database version: 1071Windows 6.0.6001 Service Pack 13:50:01 PM 8/19/2008mbam-log-08-19-2008 (15-50-01).txtScan type: Quick ScanObjects scanned: 39612Time elapsed: 9 minute(s), 13 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
snowplow Posted August 20, 2008 Author ID:25355 Share Posted August 20, 2008 thats the Malwarebyte Quick scan i am doing the Panda Active Scan now its taking some time bin running for abut 1 hr and its 26% i will post as sone as its done -it shows it fownd 26 files infected now - thin i will do the Hi Jack -- i dont think i can do that will this one is running Link to post Share on other sites More sharing options...
snowplow Posted August 20, 2008 Author ID:25360 Share Posted August 20, 2008 Export to: Threats with free disinfection (0)Only available for registered users.Register free - I'm registered Threats disinfected with the paid version (11)Low danger level (11) Cookie/Atwola Tracking Cookie Latent Show + Info 1. C:\Users\wysnowplow\AppData\Roaming\Microsoft...ws\Cookies\wysnowplow@atwola[5].txt2. C:\Users\wysnowplow\AppData\Roaming\Microsoft...ws\Cookies\wysnowplow@atwola[4].txt3. C:\Users\wysnowplow\AppData\Roaming\Microsoft...ws\Cookies\wysnowplow@atwola[3].txt4. C:\Users\wysnowplow\AppData\Roaming\Microsoft...ws\Cookies\wysnowplow@atwola[2].txt5. C:\Users\wysnowplow\AppData\Roaming\Microsoft...ookies\Low\wysnowplow@atwola[2].txt6. C:\Users\wysnowplow\AppData\Roaming\Microsoft...ws\Cookies\wysnowplow@atwola[1].txt Cookie/Xiti Tracking Cookie Latent Show + Info 1. C:\Users\wysnowplow\AppData\Roaming\Microsoft...dows\Cookies\wysnowplow@xiti[3].txt2. C:\Users\wysnowplow\AppData\Roaming\Microsoft...dows\Cookies\wysnowplow@xiti[2].txt3. C:\Users\wysnowplow\AppData\Roaming\Microsoft...dows\Cookies\wysnowplow@xiti[1].txt4. C:\Users\wysnowplow\AppData\Roaming\Microsoft...\Cookies\Low\wysnowplow@xiti[1].txt Cookie/Outster Tracking Cookie Latent Show + Info 1. C:\Users\wysnowplow\AppData\Roaming\Microsoft...s\Cookies\wysnowplow@outster[2].txt Cookie/Cgi-bin Tracking Cookie Latent Show + Info 1. C:\Users\wysnowplow\AppData\Roaming\Microsoft...wysnowplow@www2.addfreestats[2].txt Cookie/Searchp... Tracking Cookie Latent Show + Info 1. C:\Users\wysnowplow\AppData\Roaming\Microsoft...low@searchportal.information[2].txt2. C:\Users\wysnowplow\AppData\Roaming\Microsoft...low@searchportal.information[1].txt Cookie/RealMed... Tracking Cookie Latent Show + Info 1. C:\Users\wysnowplow\AppData\Roaming\Microsoft...Cookies\wysnowplow@realmedia[2].txt Cookie/Ccbill Tracking Cookie Latent Show + Info 1. C:\Users\wysnowplow\AppData\Roaming\Microsoft...ws\Cookies\wysnowplow@ccbill[3].txt2. C:\Users\wysnowplow\AppData\Roaming\Microsoft...ws\Cookies\wysnowplow@ccbill[2].txt3. C:\Users\wysnowplow\AppData\Roaming\Microsoft...ws\Cookies\wysnowplow@ccbill[1].txt4. C:\Users\wysnowplow\AppData\Roaming\Microsoft...ws\Cookies\wysnowplow@ccbill[4].txt Cookie/Azjmp Tracking Cookie Latent Show + Info 1. C:\Users\wysnowplow\AppData\Roaming\Microsoft...ows\Cookies\wysnowplow@azjmp[2].txt Cookie/Com.com Tracking Cookie Latent Show + Info 1. C:\Users\wysnowplow\AppData\Roaming\Microsoft...ndows\Cookies\wysnowplow@com[1].txt Cookie/adultfr... Tracking Cookie Latent Show + Info 1. C:\Users\wysnowplow\AppData\Roaming\Microsoft...wysnowplow@adultfriendfinder[3].txt2. C:\Users\wysnowplow\AppData\Roaming\Microsoft...wysnowplow@adultfriendfinder[2].txt3. C:\Users\wysnowplow\AppData\Roaming\Microsoft...wysnowplow@adultfriendfinder[1].txt Cookie/Go Tracking Cookie Latent Show + Info C:\Windows\System32\dmekq.exe it looks like cookies and 1 Suspicious files --- i sant it but it didnt do enything --- and no i dont wont to bye it Link to post Share on other sites More sharing options...
snowplow Posted August 20, 2008 Author ID:25366 Share Posted August 20, 2008 i dont know what you gays think but to me evrything looks ok Link to post Share on other sites More sharing options...
JeanInMontana Posted August 20, 2008 ID:25412 Share Posted August 20, 2008 Hi snowplow and welcome to Malwarebytes. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode.Click on the Tools section and then Resident.You will see two items.1. Resident "SD helper" (Internet Explorer bad download blocker.) active2. Resident "Tea Timer" (Protection of over-all system settings.) active.Uncheck number 2..Leave number 1 checked always.You can enable Tea Timer again if you wish once all special fixes have been done.Now update MBAM and run a quick scan again, post that log and a new HJT log please. Link to post Share on other sites More sharing options...
snowplow Posted August 20, 2008 Author ID:25433 Share Posted August 20, 2008 ok -- i did all that and also this morning i ran a full scan and it ran for 5 hr befor i stoped it and it was still in c drive hare is this one from the quick scan Malwarebytes' Anti-Malware 1.25Database version: 1072Windows 6.0.6001 Service Pack 12:08:58 PM 8/20/2008mbam-log-08-20-2008 (14-08-58).txtScan type: Quick ScanObjects scanned: 39194Time elapsed: 6 minute(s), 28 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
snowplow Posted August 20, 2008 Author ID:25434 Share Posted August 20, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:56:36 PM, on 8/19/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\Common Files\aol\1178253688\ee\aolsoftware.exeC:\Program Files\PC Tools AntiVirus\PCTAV.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Windows\ehome\ehtray.exeC:\Program Files\AWS\WeatherBug\Weather.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Hallmark\Hallmark Card Studio 2007 Deluxe\Planner\PLNRnote.exeC:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\AOL 9.1\waol.exeC:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.bresnan.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO1 - Hosts: ::1 localhostO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dllO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178253688\ee\AOLSoftware.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCANO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenterO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exeO4 - Global Startup: Event Planner Reminder.lnk = ?O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.htmlO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dllO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO13 - Gopher Prefix: Link to post Share on other sites More sharing options...
JeanInMontana Posted August 20, 2008 ID:25436 Share Posted August 20, 2008 No you didn't any of it. You did not turn off TeaTimer and you have posted a partial HJT log. Now please turn off TeaTimer and run a quick scan with MBAM after you update it and post that log and a new HJT log. Link to post Share on other sites More sharing options...
snowplow Posted August 20, 2008 Author ID:25438 Share Posted August 20, 2008 ok i will do it agin but i did what you said Link to post Share on other sites More sharing options...
JeanInMontana Posted August 20, 2008 ID:25439 Share Posted August 20, 2008 No you didn't turn off TeaTimer it shows clearly in the part of the HJT log you posted.C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Link to post Share on other sites More sharing options...
snowplow Posted August 20, 2008 Author ID:25441 Share Posted August 20, 2008 Malwarebytes' Anti-Malware 1.25Database version: 1072Windows 6.0.6001 Service Pack 12:58:03 PM 8/20/2008mbam-log-08-20-2008 (14-58-03).txtScan type: Quick ScanObjects scanned: 39171Time elapsed: 5 minute(s), 13 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)hare is the quick scan and i looked and that that other is off now you wont a hijack one too Link to post Share on other sites More sharing options...
snowplow Posted August 21, 2008 Author ID:25476 Share Posted August 21, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:40:23 PM, on 8/20/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\Common Files\aol\1178253688\ee\aolsoftware.exeC:\Program Files\PC Tools AntiVirus\PCTAV.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Windows\ehome\ehtray.exeC:\Program Files\AWS\WeatherBug\Weather.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Hallmark\Hallmark Card Studio 2007 Deluxe\Planner\PLNRnote.exeC:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exeC:\Program Files\AOL 9.1\waol.exeC:\Program Files\AOL 9.1\shellmon.exeC:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exeC:\Windows\HijackThis.exeC:\Windows\system32\SearchFilterHost.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.bresnan.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO1 - Hosts: ::1 localhostO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dllO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178253688\ee\AOLSoftware.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCANO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenterO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exeO4 - Global Startup: Event Planner Reminder.lnk = ?O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.htmlO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dllO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.sparkpea.net/controls/msnchat45.cabO17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exeO23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exeO23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 8816 bytes ok this one is after a reboot and i dont see it on it so i gas thats what i need to do dont be thinking i'am bummping haeds with you but i did do what you told me to do but it looks like i needed to reboot to Link to post Share on other sites More sharing options...
JeanInMontana Posted August 21, 2008 ID:25501 Share Posted August 21, 2008 OK it's gone. I don't see anything malware in your log either. We can clean up some stuff. Run HJT in scan only and put a check next to the following items, then click fix.R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Now I'm not sure what your problem was or what you thought it was. Something about scanning C:/ ? Link to post Share on other sites More sharing options...
snowplow Posted August 21, 2008 Author ID:25504 Share Posted August 21, 2008 what it was and still is that win i run Malwarebytes &Anti - Malware in full scan it stays in c drive and just keeps going i tryed it agin last night and it want for 6 hr and still in c drive and still going i did take those 3 out do i need to reboot after it now ? Link to post Share on other sites More sharing options...
JeanInMontana Posted August 21, 2008 ID:25505 Share Posted August 21, 2008 There is no point in scanning anything other than C. That is the main drive of the machine and the only place that can get infected. MBAM is made to remove any malware found using the quick scan. Link to post Share on other sites More sharing options...
snowplow Posted August 21, 2008 Author ID:25507 Share Posted August 21, 2008 ok naver hard that before so i gas evrything is going ok thin THINK YOU FOR YOUR HELP AND TIME Link to post Share on other sites More sharing options...
JeanInMontana Posted August 22, 2008 ID:25620 Share Posted August 22, 2008 Since this issue has been resolved I will close the thread to prevent others from posting into it.Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.SpywareBlaster from Javacool SoftwareWinPatrol by BillPStudios SiteHound by FireTrustRogueRemoverhpHostsThe windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price from the link in my signature. Link to post Share on other sites More sharing options...
Recommended Posts