help,help,security, viruses, spyware, worms,adware

[2FNFAST]

ok,i had dialup for a long-time,then i got highspeed,which not i have spyware,and the whole bunch


sometimes when i click on a link,it takes me 2  some  WINDOWS SEARCH BAR,and some other search bars

its pissing me off,i can't get rid if it,so,help me out,remember

i don't want any demo antivius *censored*,or i can find a key for the demo


i also had winantivirus,which is hard 2 get rid of,but,it barely pop's up anymore,

[fffreak]

Ok, what kind of malware protection software do you have? If you do not have any, I recommend seeing this article. Second thing download HijackThis! and post a log here.

8-)fffreak

[2FNFAST]

i have alot,like adaware,norton,and like 4 otherone's,im just goign 2 uninstall them all,


Logfile of HijackThis v1.99.1
Scan saved at 3:46:57 PM, on 2/16/2007
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\regscan.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kyle.HOME-AER5SZYWM9.000\Local Settings\Temp\Temporary Directory 10 for hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {6A14CC37-451B-CF27-B79B-0127865D7548} - C:\WINDOWS\System32\rueakde.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EFBFE8F4-9C2C-454B-AD24-F58D19405561} - C:\WINDOWS\System32\xxyxvur.dll (file missing)
O2 - BHO: (no name) - {F717C649-06A8-0B5F-DB4E-5F9099D06F9C} - (no file)
O2 - BHO: (no name) - {FA5A2B36-DBE2-4E96-843A-81F12675F618} - C:\WINDOWS\System32\nnnll.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzed004YYUS_ZZzer000
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129fd.bay129.hotmail.msn.com/resources/MsnPUpld.cab
O20 - Winlogon Notify: winigd32 - C:\WINDOWS\SYSTEM32\winigd32.dll
O20 - Winlogon Notify: winvjv32 - C:\WINDOWS\SYSTEM32\winvjv32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

[GX1_Man]

ok,i had dialup for a long-time,then i got highspeed,which not i have spyware,and the whole bunch


sometimes when i click on a link,it takes me 2  some  WINDOWS SEARCH BAR,and some other search bars

its pissing me off,i can't get rid if it,so,help me out,remember

i don't want any demo antivius *censored*,or i can find a key for the demo


i also had winantivirus,which is hard 2 get rid of,but,it barely pop's up anymore,

Fortunately we remember you:

http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1163974193/0#0

and I am assuming you got this from stealing your neighbor's internet:

http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1167464788/0#0

So have a read, watch your language and we'll see you later.

http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1149948530


Here's some good reading for you and others about your past for those who do not know what you are all about:

http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?action=usersrecentposts;username=2FNFAST:

http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1170447669/0#0

 

[oddjob]

GX1_Man .... thanks for the heads up.

2FNFAST ... is this a Dell machine?

This HJT log and the computer are a complete and utter mess. I'm surprised you can even get the machine to boot up.

The computer has ...

> an out of date and insecure operating system. It has no Service Packs BUT DO NOT install SP2 on to an infected computer. Only install SP1 or, better, SP1a from here...

http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx

> HijackThis in a temporary location. It must be somewhere permanent so backups are not lost.

> MywebSearch malware.

> MyWaySearch malware.

> the Look2Me infection.

> the ConHook-N Trojan.

> the OPTIX-SE Trojan.

> the W32/Rbot-HA worm.

> an Adlogix adware infection.


I also see you have been visiting FunWebProducts. This is a bad site and will infect your machine with all manner of malware.

You have no trace of an up to date java installation.

I cannot be certain your Norton antivirus or a firewall is fully up to date or operational here.


To fix everything you have could take hours of work. I personally cannot spent that kind of time on this as you clearly are not interested in protecting yourself or others by using your computer safely with decent protection.

Even if this time is spent trying to clean up this computer I could not guarantee the fix would be completely successful.

In  my view you have only one sensible option. I recommend you save all your important data, reformat the hard drive and reinstall from the beginning.

When you have done this make sure you have proper protection on your computer before going back online.


OJ