|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
10-26-2004, 08:38 PM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2003
Posts: 90
OS: windows xp
|
getting messages on my pc
i keep on getting these messages saying ufkfvvi3 is trying to get files from your local folder C:\Documents and Settings\Owner\ Application Data\Yahoo! Messenger\shysweetlady2001\shared
do you want to approve the request? yes no im always getting these messages from different names and i keep on clicking on no and it keeps on popping up can anymore tell me how i can get rid of it thank you. |
|
     
|
|
10-26-2004, 08:45 PM
|
#2 (permalink) |
|
Asst. Manager, Automotive Forums; HJT Trainee
Join Date: Jan 2003
Location: Behind you, watching you as you type.
Posts: 7,241
OS: Click "My System" to view details
|
i don't currently have yahoo on my machine but let me try to remember exactly how to turn that off.
somewhere in the options (or setup) there is one that speaks about shared folders. if you don't want people to see your shared folder, first make sure the folder is empty, and then set yahoo to not use one. i'm going to install yahoo in a few minutes anyhow, so if you need, i can look further into more precise details.
__________________
<signature>  TSF is funded by our Admin's pocket, care to help? New Members: Subscribe to your thread (Thread Tools) to receive an instant email notification when you get a reply. Power Tip: Creating a single new thread in the correct section is the best way to assure your thread will receive a reply. </signature> |
|
|
|
|
10-26-2004, 09:06 PM
|
#4 (permalink) |
|
Asst. Manager, Automotive Forums; HJT Trainee
Join Date: Jan 2003
Location: Behind you, watching you as you type.
Posts: 7,241
OS: Click "My System" to view details
|
ok, i'm downloading it now.
__________________
<signature> TSF is funded by our Admin's pocket, care to help? New Members: Subscribe to your thread (Thread Tools) to receive an instant email notification when you get a reply. Power Tip: Creating a single new thread in the correct section is the best way to assure your thread will receive a reply. </signature> |
|
|
|
|
10-26-2004, 10:20 PM
|
#5 (permalink) |
|
Asst. Manager, Automotive Forums; HJT Trainee
Join Date: Jan 2003
Location: Behind you, watching you as you type.
Posts: 7,241
OS: Click "My System" to view details
|
ok, open the messenger, and press control+shift+P and the preferences box will open.
go to "file transfer" and refer to the picture.
__________________
<signature> TSF is funded by our Admin's pocket, care to help? New Members: Subscribe to your thread (Thread Tools) to receive an instant email notification when you get a reply. Power Tip: Creating a single new thread in the correct section is the best way to assure your thread will receive a reply. </signature> |
|
|
|
|
10-27-2004, 05:01 AM
|
#7 (permalink) |
|
Knower of all that is MS
Join Date: Aug 2004
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro
|
Please download HijackThis. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help us determine if there is any spyware/malware on your computer.
__________________
 GO BIG BLUE!! |
|
|
|
|
10-27-2004, 05:03 AM
|
#8 (permalink) | |
|
Asst. Manager, Automotive Forums; HJT Trainee
Join Date: Jan 2003
Location: Behind you, watching you as you type.
Posts: 7,241
OS: Click "My System" to view details
|
Quote:
yes, to get rid of this pop up, you need to set it to not share a folder.
__________________
<signature> TSF is funded by our Admin's pocket, care to help? New Members: Subscribe to your thread (Thread Tools) to receive an instant email notification when you get a reply. Power Tip: Creating a single new thread in the correct section is the best way to assure your thread will receive a reply. </signature> |
|
|
|
|
|
10-27-2004, 05:17 PM
|
#10 (permalink) |
|
Registered User
Join Date: Aug 2003
Posts: 90
OS: windows xp
|
Logfile of HijackThis v1.98.2
Scan saved at 5:15:58 PM, on 10/27/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe C:\Program Files\Ares\Ares.exe C:\WINDOWS\System32\PackethSvc.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\system32\setup\lsassw.exe C:\WINDOWS\system32\setup\spools.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TK0Z5DC1\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local> O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHelper.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll O4 - HKLM\..\Run: [Configuration Loader] chkprocess.exe O4 - HKLM\..\Run: [S3 Internal Chip] s3serv.exe O4 - HKLM\..\Run: [System Monitor] sysmon32.exe O4 - HKLM\..\Run: [Microsoft Config Loader] msconfig32.exe O4 - HKLM\..\Run: [connection] connect.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [Piolet[1]] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VH9AQXYB\Piolet[1].exe SILENT O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunServices: [Configuration Loader] chkprocess.exe O4 - HKLM\..\RunServices: [System Monitor] sysmon32.exe O4 - HKLM\..\RunServices: [Microsoft Config Loader] msconfig32.exe O4 - HKLM\..\RunServices: [S3 Internal Chip] s3serv.exe O4 - HKLM\..\RunServices: [connection] connect.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra button: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\Program Files\Internet Explorer\PLUGINS\Nocs.dll (file missing) O9 - Extra 'Tools' menuitem: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\Program Files\Internet Explorer\PLUGINS\Nocs.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: DigiChat Applet - http://albany.digi-net.com/DigiChat/.../Client_IE.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095390754984 O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/C...orLauncher.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {D10B5C22-DC60-430D-B548-489CB49A2367} (FreeScan Class) - http://alternatedownload.zeroads.com...zsfreescan.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yaho...bio5_0_2_5.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab |
|
|
|
|
10-27-2004, 07:01 PM
|
#12 (permalink) |
|
Asst. Manager, Automotive Forums; HJT Trainee
Join Date: Jan 2003
Location: Behind you, watching you as you type.
Posts: 7,241
OS: Click "My System" to view details
|
you're welcome, i think.
did it work?
__________________
<signature> TSF is funded by our Admin's pocket, care to help? New Members: Subscribe to your thread (Thread Tools) to receive an instant email notification when you get a reply. Power Tip: Creating a single new thread in the correct section is the best way to assure your thread will receive a reply. </signature> |
|
|
|
|
10-27-2004, 07:31 PM
|
#14 (permalink) |
|
Asst. Manager, Automotive Forums; HJT Trainee
Join Date: Jan 2003
Location: Behind you, watching you as you type.
Posts: 7,241
OS: Click "My System" to view details
|
cool! :)
Make sure and check back to see what may be bad in your log... as soon as someone looks it over, we might have some instructions for you to follow. although, just to clear something up... jg, the name "ufkfvvi3" is another yahoo user that is trying to peer into sweetlady's shared yahoo folder. now that it is turned off, no-one will be able to request that, meaning the pop up will no longer hit. (for what it's worth, by default, yahoo sets this to allow people to peer into it, but asks first with a pop up, and i used to constantly get random people trying to get files from me this way, until i turned that option off. it's like people just search and try to get files from whoever might be sharing any.) but we should check that log real good anyways.
__________________
<signature> TSF is funded by our Admin's pocket, care to help? New Members: Subscribe to your thread (Thread Tools) to receive an instant email notification when you get a reply. Power Tip: Creating a single new thread in the correct section is the best way to assure your thread will receive a reply. </signature> Last edited by Volt-Schwibe : 10-27-2004 at 07:37 PM. |
|
|
|
|
| Thread Tools | |
|
|
