|
| ||
| trojans...now nothing opens and I get a paint can't open error I actually found this forum last night and planned to post my computer log today. A couple days ago I got a virus that has only multiplied into more viruses and trojans. I have Avast and usually have no issues, but Avast can barely keep up and can't move or delete any of the files because they disapear before that can be done. Now this morning I start up my computer an none of my programs started up on startup and when I click on a program it will not open and I get the following error: "C:\..........\.....\.......exe Paint cannot read this file. This is not a valid bitmap file, or its format is not currently supported." I can get some programs to open if I righ click and choose "run as" and then click ok leaving the options set for "owner" I shut off the networking and removed my personal files. I do have trial programs on there that I REALLY need! So what now and where should I start. Thank you. |
| ||
| Re: trojans...now nothing opens and I get a paint can't open error OK I read some of the other posts and downloaded Hijackthis, ran it, checked some things and then clicked "fix" and nothing, I seem to not have access to anything. The thing I explained earlier about not being abot to open files well the one way I was able to get some of them open is not an option for anything in the control panel. I feel like I am at a brick wall. And on somethings it askes for the adminitrator password and I have no idea I even had one. I just got my notebook back from the gateway repair center in TX and it came back totally wiped out and bare and 2 days later here I am. |
| ||
| Re: trojans...now nothing opens and I get a paint can't open error I do have findthewebsiteyouneed on my computer |
| ||
| Re: trojans...now nothing opens and I get a paint can't open error Here is my first log from Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 3:32:04 PM, on 2/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\yvilktz.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\virus tools\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe O4 - HKLM\..\Run: [gimmygames] C:\WINDOWS\gimmygames.exe O4 - HKLM\..\Run: [yvilktzA] C:\WINDOWS\yvilktzA.exe O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1139907414093 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139907399292 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\yvilktz.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe --------------------------------------------------------------------- Below is the second log after I removed a few things... --------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 3:37:40 PM, on 2/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\yvilktz.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\virus tools\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe O4 - HKLM\..\Run: [yvilktzA] C:\WINDOWS\yvilktzA.exe O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\yvilktz.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe --------------------------------------------------------------------- Right now the following program is running on the notebook Symantec Spyware.Dotcomtoolbar Removal Tool 1.0.1 Now what? =( Thankfully there is a business desktop here too so I am able to do this. |
| ||
| Re: trojans...now nothing opens and I get a paint can't open error Are you able to download from the Internet? If so: You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad. > Download and install the following utilities: CCleaner - www.ccleaner.com Webroot Spy Sweeper (14 day free trial) - http://www.webroot.com/shoppingcart...4011&vcode=DT02 Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en ewido Anti-malware (14 day free trial) - http://www.ewido.net/en/download/ - Open Spy Sweeper, click on "Options", and then click on "Update Definitions" under the Program Options tab. Do not run a scan yet; just close the program once the update completes. - Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido. - Open MS Antispyware beta. Make sure the "AntiSpyware Autoupdater" feature is enabled, and that it has downloaded the most current antispyware updates. Close the program after you've verified this. - Open your anti-virus program and make sure that it has the most current virus definitions installed. Again- don't scan yet, just close the program once it's updated. >Open the Services utility in your Administrative Tools control panel. * In the list of services, locate the service named "Windows Overlay Components" and double-click on it. * In the General tab of the Properties window that opens, click the Stop button if the service is not already stopped. * Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK. Close the Services utility after that. > Run HijackThis again and have it fix the following entries: O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe O4 - HKLM\..\Run: [yvilktzA] C:\WINDOWS\yvilktzA.exe O4 - HKLM\..\RunServices: [winlog] winlog.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\yvilktz.exe * Once HJT finishes the fix, click on the "Config" button in the lower right corner of HijackThis' main window. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK: Windows Overlay Components Close HijackThis after that. > Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and: - Open Windows Explorer, and in the Folder Options->View settings under the Tools menu; check "Show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types". Close Explorer after that. - Open CCleaner. - Go to Options-> Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours" - Go to Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) : * C:\Windows\Temp * C:\Windows\Prefetch * C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ (This will delete all your cached internet content including cookies.) * C:\Documents and Settings\<Your Profile>\Local Settings\Temp * C:\Documents and Settings\<any other user's Profile>\Local Settings\Temporary Internet Files * C:\Documents and Settings\<Any other user's Profile>\Local Settings\Temp * C:\Documents and Settings\<Your Profile>\Cookies * C:\Documents and Settings\<Any other users Profile>\Cookies Hit OK - In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders - Click on Run Cleaner It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished. - Run your anti-virus, MS Antispyware, and ewido; have the programs fix all malicious items they find. When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK. Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here. - Run Spy Sweeper. * Under the Sweep Options tab, select ALL options under 'What to Sweep'. * Click the "Sweep" icon and then "Start" to begin scanning. *When the scan completes, click Next to automatically quarantine all detected items. *Click the Results icon, select Session Log, and then click Save to File. Save the scan results to your desktop and close Spy Sweeper. > Open Windows Explorer again and search for the following files. Delete them if they still exist: winlog.exe C:\windows\winsysupd9.exe C:\windows\winsysban9.exe C:\WINDOWS\yvilktzA.exe C:\WINDOWS\yvilktz.exe > Empty your Recycle Bin and reboot normally. > Run HijackThis again, and post the new log. Also post the logs that ewido and Spy Sweeper generated. |
| ||
| Re: trojans...now nothing opens and I get a paint can't open error I have tried to post them and they seem to large???? |
| ||
| Re: trojans...now nothing opens and I get a paint can't open error Spy Sweeper... --------------------------------------- ******** 10:20 AM: | Start of Session, Monday, February 20, 2006 | 10:20 AM: Spy Sweeper started 10:20 AM: Sweep initiated using definitions version 556 10:20 AM: Starting Memory Sweep 10:22 AM: Memory Sweep Complete, Elapsed Time: 00:02:11 10:22 AM: Starting Registry Sweep 10:23 AM: Found Adware: visfx 10:23 AM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951) 10:23 AM: Found Adware: findthewebsiteyouneed hijacker 10:23 AM: HKU\WRSS_Profile_S-1-5-21-1229621867-3947234152-1274267536-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437) 10:23 AM: Registry Sweep Complete, Elapsed Time:00:00:45 10:23 AM: Starting Cookie Sweep 10:23 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00 10:23 AM: Starting File Sweep 10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\tsweb1.htm". The system cannot find the file specified 10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ics.htm". The system cannot find the file specified 10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht05p.htm". The system cannot find the file specified 10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht06p.htm". The system cannot find the file specified 10:24 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht26p.htm". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht03p.htm". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht19p.htm". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht21p.htm". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht20p.htm". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht18p.htm". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht02p.htm". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht13p.htm". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0004.asp". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\page1.asp". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0010.asp". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0006.asp". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0002.asp". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0007.asp". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0005.asp". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\tip.htm". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\ipp_0014.asp". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\netmeet.htm". The system cannot find the file specified 10:25 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\au_plcy.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\welcome.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\root\cmpnents\tabletpc\i386\viewer.htm". The system cannot find the path specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\autoupdt.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht23p.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht08p.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht00p.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\safemode.htt". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht25p.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht10p.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht09p.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht15p.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht04p.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht14p.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\xptht16p.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\dtsgnup.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\actshell.htm". The system cannot find the file specified 10:27 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\msobshel.htm". The system cannot find the file specified 10:28 AM: Warning: Failed to open file "c:\windows\softwaredistribution\download\\updshell.htm". The system cannot find the file specified 10:48 AM: File Sweep Complete, Elapsed Time: 00:24:54 10:48 AM: Full Sweep has completed. Elapsed time 00:27:57 10:48 AM: Traces Found: 4 10:54 AM: Removal process initiated 10:55 AM: Quarantining All Traces: visfx 10:55 AM: Quarantining All Traces: findthewebsiteyouneed hijacker 10:55 AM: Removal process completed. Elapsed time 00:00:05 10:55 AM: Processing Startup Alerts 10:55 AM: Allowed Startup entry: Windows Defender ******** 10:18 AM: | Start of Session, Monday, February 20, 2006 | 10:18 AM: Spy Sweeper started 10:19 AM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later. 10:20 AM: | End of Session, Monday, February 20, 2006 | |
| ||
| Re: trojans...now nothing opens and I get a paint can't open error The Ewido is the one that seemstoo large. let me know if there is any other way to send it. Here is the HijackThis log... ------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 11:03:37 AM, on 2/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\BigFix\BigFix.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\virus tools\ewido anti-malware\ewidoctrl.exe C:\Program Files\virus tools\ewido anti-malware\ewidoguard.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\virus tools\HijackThis.exe C:\WINDOWS\SoftwareDistribution\Download\Install\NDP1.1sp1-KB886903-X86.exe C:\WINDOWS\TEMP\SL3.tmp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\virus tools\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\virus tools\ewido anti-malware\ewidoguard.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe |
| ||
| Re: trojans...now nothing opens and I get a paint can't open error Quote:
|
| ||
| Re: trojans...now nothing opens and I get a paint can't open error I tried that I think it would have to be 10 different posts, I will try again |
| All times are GMT -4. The time now is 4:36 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC