|
| ||
| Unable to Download Hijackthis I'm a newbie and i came across this forum while looking to see what iswrong with my comp i have a virus on my cmputer and from reading all the posts i have spyware quake.....on the bottom of my screen i get a message saying your computer is infected system has detected virus activities. also i was getting a million pop ups to spyware quake and other sites.I tried downloading hijack this so i could post my log and someone could tell me how to fix it but every link i click does not let me download hijackthis it goes starigh to IE and says web page cannot be displayed can someone please tell me why this is happening. Thanx in advance:cheesy: |
| ||
| Re: Unable to Download Hijackthis Try this link Download HJTsetup.exe http://www.thespykiller.co.uk/files/HJTsetup.exe Double-click HJTsetup.exe to start the installation. HJT will be installed in C:\Program Files\Hijackthis by default Accept all default options by continuing to click Next or Install during the setup process. When you click 'Finish', HJT will automatically open Select Do a system scan and save a logfile. The log will open in notepad. Copy and Paste the log here. |
| ||
| Re: Unable to Download Hijackthis Quote:
Logfile of HijackThis v1.99.1 Scan saved at 7:10:06 AM, on 10/19/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Norton Personal Firewall\NISUM.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe c:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\Program Files\NavNT\defwatch.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\isnotify.exe C:\WINDOWS\system32\ishost.exe C:\WINDOWS\system32\ismini.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Common Files\AOL\1127950147\ee\AOLSoftware.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe C:\Program Files\mcafee.com\personal firewall\MPfTray.exe C:\Program Files\mcafee.com\antivirus\oasclnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Common Files\AOL\1127950147\ee\SSCEvtHdlr.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\VeTsi\My Documents\HiJackthis\hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll O1 - Hosts: 216.19.0.250 idenupdate.motorola.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {114BB925-7A10-7CA8-D228-07B059B354FB} - C:\WINDOWS\system32\rwjayhg.dll O2 - BHO: (no name) - {19CC7AD4-9A88-48A3-9C94-93837523CF80} - C:\WINDOWS\System32\pmnlm.dll (file missing) O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hwihryww.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {38C427A3-FD2D-4063-ACF4-5935F3AA8D6B} - C:\WINDOWS\System32\nnnp.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127950147\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [zwcmnaf.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zwcmnaf.dll,qmufwbe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1127950147\ee\SSCRun.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/05025f667a458d38f1b4033c036e4923_28.exe O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing) O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Thanks any help will be appreciated |
| ||
| Re: Unable to Download Hijackthis Download http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs as a 'RiskTool'; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user |
| ||
| Re: Unable to Download Hijackthis Quote:
Thank You! Here it is.... SmitFraudFix v2.111 Scan done at 22:53:23.25, Thu 10/19/2006 Run from C:\Documents and Settings\VeTsi\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\ishost.exe FOUND ! C:\WINDOWS\system32\ismini.exe FOUND ! C:\WINDOWS\system32\ixt?.dll FOUND ! C:\WINDOWS\system32\ixt??.dll FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! C:\WINDOWS\system32\components\flx?.dll FOUND ! C:\WINDOWS\system32\components\flx??.dll FOUND ! C:\WINDOWS\system32\components\flx???.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\VeTsi »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\VeTsi\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VeTsi\FAVORI~1 C:\DOCUME~1\VeTsi\FAVORI~1\Antivirus Test Online.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Safety Bar\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="about:Home" "SubscribedURL"="about:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Ty again for your help |
| ||
| Re: Unable to Download Hijackthis Copy these instructions to NotePad for reading while in Safe Mode Reboot your computer in Safe Mode by doing the following : * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, a menu with options should appear; * Select the first option, to run Windows in Safe Mode, then press "Enter". * Choose your usual account. Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt Warning: running option #2 on a non infected computer will remove your Desktop background. Post the C:\rapport.txt and a new HJT log in your next reply. |
| ||
| Re: Unable to Download Hijackthis Quote:
Thank you!! I did everything you said...here is my report from smitfraudfix. SmitFraudFix v2.111 Scan done at 21:04:17.25, Fri 10/20/2006 Run from C:\Documents and Settings\VeTsi\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\ishost.exe Deleted C:\WINDOWS\system32\ismini.exe Deleted C:\WINDOWS\system32\ixt?.dll Deleted C:\WINDOWS\system32\components\flx?.dll Deleted C:\WINDOWS\system32\components\flx??.dll Deleted C:\DOCUME~1\VeTsi\FAVORI~1\Antivirus Test Online.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\Program Files\Safety Bar\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End And my new HiJackthis Log.... Logfile of HijackThis v1.99.1 Scan saved at 9:25:50 PM, on 10/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Norton Personal Firewall\NISUM.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe c:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\Program Files\NavNT\defwatch.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Common Files\AOL\1127950147\ee\AOLSoftware.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe C:\Program Files\mcafee.com\personal firewall\MPfTray.exe C:\Program Files\mcafee.com\antivirus\oasclnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Common Files\AOL\1127950147\ee\SSCEvtHdlr.exe C:\Documents and Settings\VeTsi\My Documents\HiJackthis\hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll O1 - Hosts: 216.19.0.250 idenupdate.motorola.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {114BB925-7A10-7CA8-D228-07B059B354FB} - C:\WINDOWS\system32\rwjayhg.dll O2 - BHO: (no name) - {19CC7AD4-9A88-48A3-9C94-93837523CF80} - C:\WINDOWS\System32\pmnlm.dll (file missing) O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hwihryww.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {38C427A3-FD2D-4063-ACF4-5935F3AA8D6B} - C:\WINDOWS\System32\nnnp.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127950147\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [zwcmnaf.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zwcmnaf.dll,qmufwbe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1127950147\ee\SSCRun.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/0502...36e4923_28.exe O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Also...as i was writing this to you i got a pop up from ameana.com wanting me to buy antivrus program and adfarm.com i just closed it not with the X but by right clicking then close...how could i get rid of that. Thanks again for your help it is much appreciated |
| ||
| Re: Unable to Download Hijackthis Make sure you have only one active Antivirus, two will conflict so choose one and uninstall the others or set to on demand scanning only. Please download Vundofix.exe to your desktop http://www.atribune.org/ccount/click.php?id=4 Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. ============== Your java is out of date click here to download Java Runtime Environment (JRE) 5.0 Update 9 http://java.sun.com/javase/downloads/index.jsp add/remove programs and unistall any previous versions of java. install the latest. ============== Next Download AVG Anti-Spyware http://www.ewido.net/en/download/ · Install and run · Click Scanner · select the "Settings" tab. · Once in the Settings screen click on "Recommended actions" and then select "Delete". · Select "Automatically generate report after every scan" · UnSelect "Only if threats were found" · Click Complete System Scan and the scan will begin. · When the scan is finished, Set all items to delete · Click Apply all actions · Click the Save report button. · Save the report to your C: Drive Reboot Post that log and a new HiJack log |
| ||
| Re: Unable to Download Hijackthis ok i ... here is my VundoFix log... VundoFix V6.2.6 Checking Java version... Java version is 1.5.0.4 Scan started at 2:12:54 PM 10/21/2006 Listing files found while scanning.... C:\WINDOWS\system32\gqyokcys.dll C:\WINDOWS\system32\hwihryww.dll C:\WINDOWS\system32\rwjayhg.dll C:\WINDOWS\system32\mdrpcqff.exe C:\WINDOWS\system32\sfmlwwbb.exe C:\WINDOWS\system32\upibieyk.exe C:\Program Files\Common Files\{B8A56D43-0A1E-1033-1016-030224200001}\services.dll C:\WINDOWS\System32\pmnlm.dll C:\WINDOWS\System32\mlnmp.ini C:\WINDOWS\System32\mlnmp.bak1 C:\WINDOWS\System32\mlnmp.bak2 C:\WINDOWS\System32\mlnmp.ini2 C:\WINDOWS\System32\mlnmp.tmp Beginning removal... Attempting to delete C:\WINDOWS\system32\gqyokcys.dll C:\WINDOWS\system32\gqyokcys.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\hwihryww.dll C:\WINDOWS\system32\hwihryww.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rwjayhg.dll C:\WINDOWS\system32\rwjayhg.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mdrpcqff.exe C:\WINDOWS\system32\mdrpcqff.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\sfmlwwbb.exe C:\WINDOWS\system32\sfmlwwbb.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\upibieyk.exe C:\WINDOWS\system32\upibieyk.exe Has been deleted! Attempting to delete C:\Program Files\Common Files\{B8A56D43-0A1E-1033-1016-030224200001}\services.dll C:\Program Files\Common Files\{B8A56D43-0A1E-1033-1016-030224200001}\services.dll Has been deleted! Attempting to delete C:\WINDOWS\System32\mlnmp.ini C:\WINDOWS\System32\mlnmp.ini Has been deleted! Attempting to delete C:\WINDOWS\System32\mlnmp.bak1 C:\WINDOWS\System32\mlnmp.bak1 Has been deleted! Attempting to delete C:\WINDOWS\System32\mlnmp.bak2 C:\WINDOWS\System32\mlnmp.bak2 Has been deleted! Attempting to delete C:\WINDOWS\System32\mlnmp.ini2 C:\WINDOWS\System32\mlnmp.ini2 Has been deleted! Attempting to delete C:\WINDOWS\System32\mlnmp.tmp C:\WINDOWS\System32\mlnmp.tmp Has been deleted! Performing Repairs to the registry. Done! I updated Java as instructed Avg log... --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 6:20:24 AM 10/22/2006 + Scan result: C:\RECYCLER\S-1-5-21-348149589-1267394578-43318865-1008\Dc786\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned. HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Cleaned. C:\WINDOWS\system32\egaccess4_1058.dll -> Dialer.EgroupDial.v : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\ICD4.tmp\EGDACCESS_1067.dll -> Dialer.InstantAccess.f : Cleaned. C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201003.dll -> Dialer.InstantAccess.f : Cleaned. C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201004.dll -> Dialer.InstantAccess.f : Cleaned. C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201005.dll -> Dialer.InstantAccess.f : Cleaned. C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201006.dll -> Dialer.InstantAccess.f : Cleaned. C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201007.dll -> Dialer.InstantAccess.f : Cleaned. C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201008.dll -> Dialer.InstantAccess.f : Cleaned. C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201009.dll -> Dialer.InstantAccess.f : Cleaned. C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201011.dll -> Dialer.InstantAccess.f : Cleaned. C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201012.dll -> Dialer.InstantAccess.f : Cleaned. C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201013.dll -> Dialer.InstantAccess.f : Cleaned. C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201015.dll -> Dialer.InstantAccess.f : Cleaned. C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201016.dll -> Dialer.InstantAccess.f : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VU4ZBH45\EGDACCESS_1073_XP[2].cab/EGDACCESS_1073.dll -> Dialer.InstantAccess.m : Cleaned. C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201010.dll -> Dialer.InstantAccess.m : Cleaned. C:\WINDOWS\system32\egaccess4_1060.dll -> Dialer.InstantAccess.r : Cleaned. C:\WINDOWS\system32\egaccess4_1061.dll -> Dialer.InstantAccess.r : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\23G3KR6Z\WinAntiVirusPro2006ScannerInstall[1].cab/UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\15AP97M3\SysProtectScannerInstall[1].cab/USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned. C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\VeTsi\Cookies\vetsi@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned. C:\Documents and Settings\VeTsi\Cookies\vetsi@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned. C:\Documents and Settings\VeTsi\Cookies\vetsi@com[1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\VeTsi\Cookies\vetsi@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\VeTsi\Cookies\vetsi@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\VeTsi\Cookies\vetsi@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\WINDOWS\system32\egaccess4_1059.dll -> Trojan.Dialer.pc : Cleaned. ::Report end And my new HiJackthis log... Logfile of HijackThis v1.99.1 Scan saved at 6:25:02 AM, on 10/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Norton Personal Firewall\NISUM.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe c:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\Program Files\NavNT\defwatch.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\Common Files\AOL\1127950147\ee\AOLSoftware.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe C:\Program Files\mcafee.com\personal firewall\MPfTray.exe C:\Program Files\mcafee.com\antivirus\oasclnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\AOL\1127950147\ee\SSCEvtHdlr.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe c:\program files\common files\aol\1127950147\ee\anotify.exe C:\Documents and Settings\VeTsi\My Documents\HiJackthis\hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll O1 - Hosts: 216.19.0.250 idenupdate.motorola.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {114BB925-7A10-7CA8-D228-07B059B354FB} - C:\WINDOWS\system32\rwjayhg.dll (file missing) O2 - BHO: (no name) - {19CC7AD4-9A88-48A3-9C94-93837523CF80} - C:\WINDOWS\System32\pmnlm.dll (file missing) O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hwihryww.dll (file missing) O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {38C427A3-FD2D-4063-ACF4-5935F3AA8D6B} - C:\WINDOWS\System32\nnnp.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127950147\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [zwcmnaf.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zwcmnaf.dll,qmufwbe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1127950147\ee\SSCRun.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/0502...36e4923_28.exe O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Also as I was writing you this internet explorer opened up to a blank page that said about: 1435554 I ended it too fast i didn't get the exact #'s. On a brighter note ever since you told me to do all these things for my comp it's running faster spyquake is gone and that annoying triangle is gone also. Thank you again for all your help !! |
| ||
| Re: Unable to Download Hijackthis Rescan with Hijackthis and check these. Close all other windows and then clcik Fix Checked. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file) O1 - Hosts: 216.19.0.250 idenupdate.motorola.com O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file) O2 - BHO: (no name) - {114BB925-7A10-7CA8-D228-07B059B354FB} - C:\WINDOWS\system32\rwjayhg.dll (file missing) O2 - BHO: (no name) - {19CC7AD4-9A88-48A3-9C94-93837523CF80} - C:\WINDOWS\System32\pmnlm.dll (file missing) O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hwihryww.dll (file missing) O2 - BHO: (no name) - {38C427A3-FD2D-4063-ACF4-5935F3AA8D6B} - C:\WINDOWS\System32\nnnp.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [zwcmnaf.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zwcmnaf.dll,qmufwbe O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/0502...36e4923_28.exe O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing) Run ActiveScan online virus scan: http://www.pandasoftware.com/products/activescan.htm When the scan is finished, save the results from the scan! Paste them here with a new hijackthis log. |
| All times are GMT -4. The time now is 12:27 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC