Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

EVERYTIME I LOG INTO GEOCITIES MY COMPUTER FREEZES


  • This topic is locked This topic is locked

#1
computer_idiot

computer_idiot

    Member

  • Member
  • PipPip
  • 86 posts
HI,
I am on a Dell Computer that is running windows xp home.
This is a rental computer but I have had virus wear ran on it, etc, just as it was my own. But for some reason now the past 2 weeks I am not able to work on my website, everytime I go to upload photos, the upload will not work and it freezes my computer.
It didn't do this like this before, sometimes it would freeze in the middle of something if I go look at another website, so I stopped doing that, but now it freezes and/or will not let me upload pix.
Anybody know what the deal is?
Thanks
  • 0

Advertisements


#2
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
*Note to Staff...this is a SEPARATE issue/computer than the Compaq we've been helping this user with!
  • 0

#3
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Have you had this computer checked for Malware? If not, you could post a HijackThis log in THIS thread, and I'll be happy to look it over to make sure it isn't Malware related. If it is, I can help you clean it up. If it's not...at least that step will be done, and one of the Experts in this section can help you further. :tazz:
  • 0

#4
computer_idiot

computer_idiot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
I ran edwido on it, that found some, so should I go ahead and do a highjack on this too?
  • 0

#5
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
It wouldn't hurt! Go ahead and post one, and let me take a look at it so we can be sure! :tazz:
  • 0

#6
computer_idiot

computer_idiot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Ok, here it is. Actually geos isn't my only problem, it freezes up nearly 50 times a day, someone told me it was that xp home is crap.

Logfile of HijackThis v1.99.1
Scan saved at 12:20:46 AM, on 7/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\EarthLink TotalAccess\MailClnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lexreg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\DOCUME~1\Jerry\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SRNMIC~1\SYSCHECK.COM
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: WAVE 3 Weather Wizard.lnk = C:\Program Files\Common Files\WAVE 3 Weather Wizard\TrueWeather.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/c..._12_1,0,2,5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EE8F491-1955-4AD4-BF3C-5847D0600CC0}: NameServer = 207.69.188.185 207.69.188.186
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

THANKS!!
  • 0

#7
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Ok, I think this problem is Malware related for sure.

First of all, you are running THREE anti-virus applications, McAfee, Symantec and Solo. It is NOT advisable to run more than one anti-virus application. They can conflict with each other, leaving them all useless. Also, it can cause system crashes, etc. you need to choose ONE of these three, and uninstall the other two. If you need help with that, let me know.

Ok, on to the fix! :tazz: You should either print these instructions, or save them to a Notepad file on your desktop. Part of the fix will require you to be in Safe mode, and you will be unable to access the Internet at that time!

1. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: WAVE 3 Weather Wizard.lnk = C:\Program Files\Common Files\WAVE 3 Weather Wizard\TrueWeather.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/c..._12_1,0,2,5.cab

Now close all windows other than HiJackThis, then click Fix Checked.

2. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

3. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Wave3WeatherWizard
iWon
MyWaySA

Please note any other programs that you dont recognize in that list in your next response

4. Please delete these folders using Windows Explorer(if present):

C:\Program Files\MyWaySA
C:\Program Files\iWon\iWonBar
C:\Program Files\Common Files\WAVE 3 Weather Wizard


5. Reboot the computer normally.

6. Download CleanUp
Install the program

Running CleanUp
  • Start CleanUp
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Uncheck cookies
    Note: This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea.
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
7. After all of the above is done, please post a new HijackThis log here in a reply! ;)
  • 0

#8
computer_idiot

computer_idiot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Hi,
Thanks, actually I am only running 1, which is solo, it is a rental and macafee came with it with trial version, so when that ran out I downloaded the Norton, when that ran out I downloaded Solo. I own Nortons, but can't by my disk.

Do I have to remove Wave 3 wizard?? That is our local tv channel that alerts us of serve weather, I live in the country and do not have tornado alarms out here.
Just wondering.

I will try this, but I don't think I can remove Macafee since it belongs to the rental people and doesn't scan for viruses anymore, but let me know.

Thanks!!

OH, I ran ewido and now it is saying xp is infected and wants to remove it, do I leave it?? I don't have the disk and do not feel like going all the way there with the computer so they can rerun it, what do I do?

Edited by computer_idiot, 28 July 2005 - 08:44 AM.

  • 0

#9
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Ewido wants to remove XP?? That doesn't sound right. Do NOT let it remove it. SAVE the report from Ewido, and post it here in a reply so I can take a look.
  • 0

#10
computer_idiot

computer_idiot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:03:15 PM, 7/28/2005
+ Report-Checksum: 6DDA4B08

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{10125C2E-6821-4070-B24E-2E992501AD55} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{277E1FE1-CF65-11D3-B377-0800460222F0} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{58384780-211C-11d4-AEB7-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6D54A7C1-C379-11D3-B377-0800460222F0} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{70522FA0-4656-11d5-B0E9-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{70522FA1-4656-11d5-B0E9-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{70522FA2-4656-11d5-B0E9-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7631768F-511E-41d8-BADB-604B0034776B} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CA0B9B6D-C2AF-11D3-B376-0800460222F0} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CA0B9B71-C2AF-11D3-B376-0800460222F0} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10125C2D-6821-4070-B24E-2E992501AD55} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10125C2F-6821-4070-B24E-2E992501AD55} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{277E1FE0-CF65-11D3-B377-0800460222F0} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6D54A7C0-C379-11D3-B377-0800460222F0} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654581-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654582-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654583-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654584-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654585-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\iWonPM.iWonProgressiveCounterPlugin -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\iWonPM.iWonProgressiveCounterPlugin\CLSID -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\iWonPM.iWonProgressiveCounterPlugin\CurVer -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\iWonPM.iWonSlotPlugin -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\iWonPM.iWonSlotPlugin\CLSID -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\iWonPM.iWonSlotPlugin\CurVer -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\iWonPM.iWonTextPlugin -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\iWonPM.iWonTextPlugin\CLSID -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\iWonPM.iWonTextPlugin\CurVer -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeShutdown -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeShutdown\CLSID -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeShutdown\CurVer -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeStartup -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeStartup\CLSID -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeStartup\CurVer -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\IWonToolbar.SettingsPlugin -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\IWonToolbar.SettingsPlugin\CLSID -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\IWonToolbar.SettingsPlugin\CurVer -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Softomate.IEToolbar -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CLSID -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{78429873-F771-11D3-AE1D-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{83654580-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\iWon -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\iWon\iWonBar -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\iWon\iWonSlots -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70522FA2-4656-11D5-B0E9-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKU\S-1-5-21-197669222-1646739075-4052817112-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70522FA0-4656-11D5-B0E9-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKU\S-1-5-21-197669222-1646739075-4052817112-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70522FA1-4656-11D5-B0E9-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKU\S-1-5-21-197669222-1646739075-4052817112-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70522FA2-4656-11D5-B0E9-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKU\S-1-5-21-197669222-1646739075-4052817112-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKU\S-1-5-21-197669222-1646739075-4052817112-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA0B9B71-C2AF-11D3-B376-0800460222F0} -> Spyware.iWon : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\jy0bk8ei.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\jy0bk8ei.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\jy0bk8ei.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\jy0bk8ei.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\jy0bk8ei.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\jy0bk8ei.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jerry\Cookies\jerry@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jerry\Cookies\[email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Jerry\Cookies\jerry@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jerry\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerry\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerry\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jerry\Cookies\jerry@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Jerry\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Jerry\Cookies\jerry@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jerry\Incomplete\Preview-T-872159-Microsoft Windows XP Professional.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Jerry\Incomplete\T-872159-Microsoft Windows XP Professional.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Program Files\AlertSpy\SpyWares\spydb.exe -> Spyware.AlexaBar : Cleaned with backup
C:\Program Files\AlertSpy\uninst.exe -> Spyware.AlexaBar : Cleaned with backup
C:\Program Files\iWon\iWonBar\1.bin\IWON2NS.EXE -> Spyware.MyWay : Cleaned with backup
C:\Program Files\iWon\iWonBar\1.bin\NPIWON0.DLL -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Spyware.Comet : Cleaned with backup


::Report End
  • 0

#11
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP

--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------


C:\Documents and Settings\Jerry\Incomplete\Preview-T-872159-Microsoft Windows XP Professional.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Jerry\Incomplete\T-872159-Microsoft Windows XP Professional.zip/Setup.exe -> Worm.VB.an : Error during cleaning

View Post



It tried to remove XP because this is an illegal version of it, downloaded through Bittorrent or the likes. We do not offer support to anyone who is running an illegal operating system, even if it is through no fault of your own. It is a strict board policy, and one we cannot break.
This topic is being closed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP