need to clean computer, QUICK

[christopher]

no idea what to do all i have is that sbc yahoo protection but i dont think its good

now im getting icons on my desktop and weird favorites and im on firefox now but not ie but in ie i get another toolbar that i cant remove either and my default page goes to some weird virus "clean up" page that i refuse to click links on

anything free and helpful i can do to clean my computer ASAP?

[N1K]

Mate, it would be useful if you could write here what type of protection do you use, by that I mean which AV, anti-spy and firewall program is installed on your PC..

[christopher]

Mate, it would be useful if you could write here what type of protection do you use, by that I mean which AV, anti-spy and firewall program is installed on your PC..

sbc yahoo! online protection for everything.

but i dont think its doing the job cause it doesnt find much it finds spyware from time to time but i know i have crap on here now that is doing something!! i have to get rid of it.

i cant even change my homepage back in IE.

[christopher]

im doomed. everytime i do a anti-spy clean it keeps finding stuff the same stuff i kept deleting.

i just need to clean this mess up once in for all... i've been good, had this comp since 2004 w/ no real problems until NOW everything just acts funky for no reason.

oddly i was on myspace when it happened on the forums and windows just started sprouting up.. then all the above happened.

now i just had a random 'blank' IE window cover my entire screen and i closed out of it quickly

[N1K]

im doomed. everytime i do a anti-spy clean it keeps finding stuff the same stuff i kept deleting.

i just need to clean this mess up once in for all... i've been good, had this comp since 2004 w/ no real problems until NOW everything just acts funky for no reason.

oddly i was on myspace when it happened on the forums and windows just started sprouting up.. then all the above happened.

now i just had a random 'blank' IE window cover my entire screen and i closed out of it quickly

Mate, don't rely on that free online protection. Please consider installing some good AV and Anti-Spy app since your pc is infected for sure..

Try to run Hijack this so we can see what processes are starting on your PC.. LINK

[oioldman]

i would download and install ad-aware personal, apply latets defs and run that

install a good AV and see what that does

in regsitry you good check your "run" key and delete what you don't know and/or trust (make a backup first incase you delete what you shouldn't)

see how it goes

[Tarun]

You can also read this thread which will help you clean your PC with freeware applications.

[christopher]

im doomed. everytime i do a anti-spy clean it keeps finding stuff the same stuff i kept deleting.

i just need to clean this mess up once in for all... i've been good, had this comp since 2004 w/ no real problems until NOW everything just acts funky for no reason.

oddly i was on myspace when it happened on the forums and windows just started sprouting up.. then all the above happened.

now i just had a random 'blank' IE window cover my entire screen and i closed out of it quickly

Mate, don't rely on that free online protection. Please consider installing some good AV and Anti-Spy app since your pc is infected for sure..

Try to run Hijack this so we can see what processes are starting on your PC.. LINK

i am not sure what i am supposed to do on that site

i just went down and clicked analyze this and this is what came up

Help us to keep this free service online! Please give us a small donation via PayPal.

A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft's windowsupdate site to download the newest version of the service pack.

It seems that you don't use an anti-virus scanner or your scanner is not active. Only an anti-virus scanner can protect you against new viruses. You can look here for a good anti-virus scanner.

We didn't detect any active process of a firewall on your system. Reasons maybe:

(1.) You are using the windows firewall or a hardware firewall.

(2.) You are using a firewall of an unknown vendor.

(3.) You are using a firewall, but for unknown reasons it is disabled

(4.) You don't use any firewall at all.

We recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum.

Mate, don't rely on that free online protection. Please consider installing some good AV and Anti-Spy app since your pc is infected for sure..

Try to run Hijack this so we can see what processes are starting on your PC.. LINK

Logfile of HijackThis v1.99.1

Scan saved at 2:28:17 PM, on 10/19/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Yahoo!\Antivirus\ISafe.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ishost.exe

C:\WINDOWS\System32\isnotify.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\System32\ismini.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Yahoo!\Antivirus\CAVTray.exe

C:\Program Files\Yahoo!\Antivirus\CAVRID.exe

C:\PROGRA~1\Yahoo!\YOP\yop.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

C:\Program Files\AIM95\aim.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\christopher\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://contexualsearch.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://contexualsearch.com/searchbar.html

R3 - Default URLSearchHook is missing

F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe

O1 - Hosts: 207.68.176.250 auto.search.msn.com

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1AD71CBA-7F06-75C3-F09C-00027DA5D459} - C:\WINDOWS\System32\kcuyfjb.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\System32\ixt0.dll (file missing)

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: (no name) - {7B6020C8-7F87-70B3-1AAC-B50F918B8A79} - (no file)

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [testlive] C:\PROGRA~1\EXTRA HOPE\meet style.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [uoffxzl.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\uoffxzl.dll,vejahhc

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: HushEncryptionEngine - https://mailserver2.hushmail.com/shared/Hus...ptionEngine.cab

O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab

O16 - DPF: Yahoo! MLB StatTracker - http://aud2.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab?

O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp (file missing)

O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM)

O20 - AppInit_DLLs: c:\windows\system32\awtsqpp.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: winhoo32 - C:\WINDOWS\SYSTEM32\winhoo32.dll

O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\System32\urroxtl.dll (file missing)

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

ok that is the logfile, i wound up downloading that hijack this so i could post that log file im assuming that's what you wanted me to post.

*I* dont know what to do from here but i guess you guys know how to read what's going on so if you can do what you gotta do get back to me thanks a lot

[christopher]

ok i went to that site posted above and got ad aware se and it seems that and the sbc yahoo one pick up this TrojanDownloader with a TAC of 10 which i guess is the most..

but it doesnt seem to be DELETING. cause ive done scans over and over and it keeps showing up i guess ad aware put it "quarantine" and its in my log file

but none of this makes sense or means much to me i just want to CLEAN this computer totally.

[pctuneup]

go to www.trendmicro.com and use their free online virus scan and spyware scan. Once it's cleaned everything out get spybot and AVG Antivirus. Yahoo all in one software is the same as rogers, all in one and sympatico's all in one software. They don't don't work.

[christopher]

go to www.trendmicro.com and use their free online virus scan and spyware scan. Once it's cleaned everything out get spybot and AVG Antivirus. Yahoo all in one software is the same as rogers, all in one and sympatico's all in one software. They don't don't work.

thanks

what's AVG?

[trickytwista]

avg is an anti-virus app

[christopher]

ok i downloaded a big package full of apps from a site above that i have to go to safemode to run first that i havent done yet

currently doing trend micro then ill jump to that stuff

[Tarun]

So christopher, you're following my PC Maintenance guide and running the applications from one of the Anti-Malware packages? If so, which package did you get and are you having any problems with anything?

[christopher]

So christopher, you're following my PC Maintenance guide and running the applications from one of the Anti-Malware packages? If so, which package did you get and are you having any problems with anything?

i actually just fell asleep and have to continue on w the trend micro (which seems to be working well)

i will get back to you w/in 2 hrs here im hoping all this actually cleans me up good and im not vulnerable anymore