really need some help here...

This is not really a malware problem!

You need to change your AOL password since your ex must have it. The best thing to do would really be to change your screen name and password.

 

Are you talking about breaking into your AOL account or are you talking about breaking into your PC?

 

If you have changed your screen name and you have changed your passwords, that would imply your ex has access to your PC and is some how monitoring what you are doing. Is your PC phyiscally accessible by your ex? If not, perhaps a keylogger was installed along with remote access capability.

I suggest you work thru the below so we can gather more information. Also tell me how many user accounts are on your PC, and is on there for you ex? Also is the Guest account disabled?

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

No! How many user account exist on your PC for login. Don't forget there is also an account named Administrator which only appears when you boot in safe mode. And if your ex has the password for this account or it has not passord, then that is a big problem.

Well actually at this point I don't even know what operating system you have since you never told us. But in Windows XP from Control Panel, User Accounts how many accounts do you see and does the Guest account show as Guest account is off

It's the only way we can check to see in greater detail what may or may not have been done to your PC and if any malware is installed. Keyloggers (especially commercial ones) can be difficult to locate and remove. Also a remote desktop feature may have been activated and your ex could be getting into your PC that way. However that would not give him/her the ability to get into your AOL account unless you have it setup to automatically log in without entering the password (which would be a very bad thing to do because it gives you zero security).

 

Also if your ex is chaning your password to AOL, then how are you able to get into AOL?

 

Please use the quote icon to rap messages in quotes when necessary. It is at the top of the message edit window. It make it easier to read who is saying what.

Yes but are there other user accounts showing too? Also have you changed your PC password after breaking up with your EX? If not, change it now. Also change the password to the Administrator login, which again can only be viewed when you boot in safe mode.

You need to start at the very beginning of that thread and read everything and work on everything ONE STEP at a time from the beginning don't skip around and don't jump ahead. The beginning of the thread is where you begin.

 

What process is that? If you cannot get logged in because your password was changed, what do you do call them on the phone.

 

You will have to speak to AOL and ask them why their security is so bad that passwords can easily be cracked.

If you changed your screen name how is your ex finding out what your new screen name is to even attack you. Are your friends giving it to him? (If so, change it and don't give it to those friends anymore because they are not friends.)

If you run the steps in the READ & RUN ME we will have a better idea if your PC is protected or unprotected and if you are infected with malware or if you are clean.

 

We cannot help you resolve problems with AOL's lack of security. We actually don't recommend using AOL at all. However you do need to delete or change the master screen name. That is part of your problem. If he knows that then he still knows who you are. You need to talk to AOL and get the master account name changed along with a totally new password too. Also don't use any screen names that you may have used before since he would possibly know them.

You still need to run the READ & RUN ME if you would like us to check you PC for any form of malware which includes possible keyloggers or remote login access software. We cannot help you without this information because we cannot sit in front of your PC to see what is going on. This is our only visibility as to what is happening.

 

You're welcome and good luck cancelling AOL. The make it annoyingly difficult and try to convince you to keep it and will even offer it free for a number of months to try and keep you hooked. Tell the person on the line that if they cannot help you stop service that you wish to speak to a supervisor who can help you do what you want.

 

If you cannot run in safe mode for whatever reason, just use normal bootmode.

I cannot answer you question about GetRunKey and ShowNew because you did not give me enough information to know what you are referring too.

 

The directions on the download pages tell you not to do this. You appear to be trying to run the programs from inside the ZIP file which will not work. Also the only files you are to run yourself are GetRunKey.bat and ShowNew.bat. If you are not seeing the .bat, you did not do step 2 of the READ & RUN ME. You MUST EXTRACT all the files from the ZIP files into a folder on your harddisk. We recommended a folder named C:\MGtools but any folder will work as long as all files are extracted from the ZIPs. You can even extract all files from both GetRunKey and ShowNew into the same folder.

Once you have all files extracted, you need to run Windows Explorer (as explained in the download page) and run the GetRunKey.bat and ShowNew.bat files by double clicking on them from Windows Explorer. The steps must be followed in the order written for them to be as effective as we want.

Have you run ALL other steps in the READ & RUN ME? Like CounterSpy, Spybot, BitDefender, and PandaActiveScan? If not, you should not even be trying to run GetRunKey and ShowNew yet.

 

Some examples of doing this are in the procedure for downloading and installing HijackThis. Take a look at the below link and see how it is done for HijackThis. A similar procedure is used for extracting GetRunKey.zip and ShowNew.zip.

Downloading, Installing, and Running HijackThis

You really need to spend some time learning a little more about basic PC operations. Things like ZIP files and other compressed programs are used all the time and you need to understand this. This is not something we have time to teach you in a malware cleaning forum. At this point I'm really wondering if your problems or your perceived problems are really more due to your inexperience with PCs rather than malware. Don't take this the wrong way. I'm not trying to be insulting. I'm just stating a fact based on what I'm seeing your experience level to be.


May be the below will also be of use:

http://ois.unomaha.edu/casde/webshop/webshop/WNZPTUT/WINZIPOK.HTM

http://www.ceannmor.com/using_winzip.htm

http://www.users.globalnet.co.uk/~nog/t171/zipping/index.htm

http://www.cse.csiro.au/library/help/guides/winzip/winunzip.pdf

 

Wow! In 8 years you have never needed to download and extract a ZIP file before? That's truly incredible.

Please attach whatever log files you have right now so I can start looking at them. You should at least have the below logs:

• CounterSpy
• AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
• Bitdefender - from step 6
• Panda Scan - from step 6
• HijackThis

Hopefully you have been able to install and rename HijackThis as requested in step 7 or we are going to have more issues.

Now on to your problems with trying to use GetRunKey and ShowNew. Try the below!

I have attached a file named MGtools.zip for you to use. Download it to your Desktop. Then double click on the MGtools.zip file on your Desktop and extract the MGtools.exe file from inside the ZIP to your Desktop. Now double click on the MGtools.exe file to run it. It will create a C:\MGtools folder and extract all the files into this folder. It will then automatically run both GetRunKey.bat and ShowNew.bat. When finished you will see a log from ShowNew opened in a notepad window. Just close this notepad windows. The two required log files will be in your root folder. They are C:\runkeys.txt and C:\newfiles.txt Attach them to your next message. From now on if I ask for a new log from either of these programs, just goto the C:\MGtools folder and double click on the appropriate file to get the log. This woud be either GetRunKey.bat or ShowNew.bat depending on which or both are requested.

 

Yes please attach your HijackThis log! But first make sure you follow the directions in step 0 of the READ ME related to MSconfig. According to your GetRunKey log, you are not in Normal Startup mode.

The only thing you did not do right was CounterSpy log. I have no idea what you did to get that but that is not a log from CounterSpy. It is a ZIP file with a bunch of XML files in it. It would be nice to see a real log from CounterSpy and to know that you fixed what it found.

Your logs are not showing any major malware problems, but you do have some issues. You are running too many antispyware applications and some of them are junk and need to be removed. Also you need to get some updates and uninstall some old versions of software.

First a few questions though!

1. You said you "dumped" AOL. I still see all of their software installed. You should uninstall all of this now. It even has a safety and security center which is running and will conflict with other stuff you have installed. All of the below should be uninstalled since they came with AOL:

2. Do you use ComcastToolbar.exe? Is ComCast your ISP?

3. Do you use WeatherBug? It is considered adware but it is not really harmful other than slowing down your PC and impacting browsing performance.

4. I see McAfee running! Did this come from AOL as part of their security center? If so, you should still remove it and use something else.

5. I see you are using a password manager. This is a little surprising considering you have been having problems with someone stealing passwords. Why would you trust anyone else (even software) to handle and know your passwords?

I also see the below installed:

Are any of these paid versions? In this version of INVISUS only a scanner or does it include realtime protection and is that where CA Pest Patrol came from? INVISUS used to make a product that was a clone of Pest Patrol and then they started cloning CounterSpy?


Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_04
Mozilla Firefox (1.5.0.9)

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Then install the current version of FireFox from: Mozilla Firefox

 

MSconfig does not restart or configure itself. It is something you do.

You don't need to re-run any scans. MSconfig should be set to Normal Startup and not changed while we are cleaning your PC unless we specifically ask you to use it for something (which is rare but does happen). MSconfig is only meant to be a diagnostic/debugging tool. It should not be used as a permanent startup manager.

Actually Spy Sweeper is probably the best tool out there. I'm not sure what your "other" tools like Ad-Aware are finding but in many cases they just find trivial non-issues and make you think they are big problems (like cookies, MRU's and misc dead registry keys). However, experience has shown us that you can run a dozen antispyware scanning tools and each may pickup things that other either miss or ignore. The key thing is what do they fix and how bad of a problem is the malware to begin with. Many scanners don't fix a lot of what they find and many also don't even find all the malware on your PC. That is the reason that the READ & RUN ME exists and is a multistep process. It helps us to find the bigger problems that really need to removed.

We will take care of this.

We don't recommend McAfee and typical tools that ISP give you because in most cases they are full security suites which are massive resource hogs. About 25 to 30 percent of people coming here complaining that their PCs are slow and assuming that it is caused by malware are WRONG. It is their internet security suites. I would recommend that you just download (but not install yet) AVG Free Edition and ZoneAlarmFree . Then uninstall all the pieces of AOL that relate to their security package. So let's do that now along with uninstall a bunch of other things we have been discussing.

So Uninstall the below NOW! If any of these give you any error messages or do not uninstall, just tell me later when you come back.

CA Pest Patrol Realtime Protection
Safety and Security Center Uninstaller
Sunbelt CounterSpy <--- we are finished with this and you have Spy Sweeper anyway!
the INVISUS Spyware Scanner
Viewpoint Media Player
WeatherBug Browser Bar - powered by MyWebSearch

Don't continue with the below until you have attempted to uninstall the above!

Also run this ViewpointKiller to remove Viewpoint Media software because this adware junk from AOL will typical reinstall itself.

Also while we are removing things, Run this Disable/Remove Windows Messenger to remove Windows Messenger.

After you get ALL of the steps finished, now you need to install AVG Free and ZoneAlarmFree to get your protection back in place.

Counter Spy got rid of much of it. Anything that remains, we will fix manually.

If it is still installed, uninstall it (I did not notice it). It looks like you installed another one just recently on Jan 8, 2007. That is when Animabilis Software shows up. Which is also a password manager. So uninstall any of these password managers that you may have installed and then also delete the below related to it. (that is assuming that you don't use this and I would not recommend it).

C:\Documents and Settings\Valued Customer\Desktop\Password-Manager-Installer.exe
C:\Documents and Settings\Valued Customer\Application Data\Password Manager
C:\Program Files\Animabilis Software

You should always uninstall the old Sun Java version before updating to the new version.


You need to rename HijackThis properly. You renamed the folder instead of the HijackThit.exe file. You need to renamed the executable program. You have this:

C:\Program Files\analyse.exe\HijackThis.exe

It should be:

C:\Program Files\HJT\analyse.exe


After doing ALL of the above, attach new logs from ShowNew and HJT.

 

Only if you configure it to automatically update.

 

Run this procedure Getting Uninstall Programs List From The Registry and attach the requested C:\GetUnKey.txt log. I will create a patch to remove those programs from your registry.

 

Please follow the directions I gave you completely and attach the logs I asked for. You must only do what I ask you to do. If you prefer to do your own work that's fine and we are finished. I did not ask you to do a file search. The problems we are looking for are in the registry. A file search has nothing to do with this.

What procedure are you referring to? Your procedure?

 

Please post the logs I asked for in messages numbers 39 and 42. I did not ask for a GetRunKey log.

The Getting Uninstall Programs List only gets a list. It does not make any changes to your PC.

 

My message said:

The key word is attempted! Which you did!

Yes and I still need you to do this!