 |  |  |  |  |  |  |  |
Unable to Download Hijackthis
 |
Hi Colin i did what you said and here is my log from pandasoftware.....
Incident Status Location
Potentially unwanted tool:Application/SpywareQuake Not disinfected C:\Documents and Settings\Jackie\Local Settings\Temp\sa156.exe[Spy-Quake2.exe]
Adware:Adware/Comet Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\fileutil.dll
Dialerialer.XX Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ICD3.tmp\EGDACCESS.inf
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\p2psetup.exe
Potentially unwanted tool:Application/SpywareQuake Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\sa14E.exe[Spy-Quake2.exe]
Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9BMLMSWI\SystemDoctor2006FreeInstall[1].cab
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@ads.pointroll[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@atwola[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@casalemedia[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@errorsafe[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@fastclick[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@realmedia[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@stats1.reliablestats[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@tribalfusion[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@winantivirus[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@www.drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@www.errorsafe[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@www.winantivirus[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\VeTsi\Desktop\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\Documents and Settings\VeTsi\Desktop\SmitfraudFix\swsc.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\VeTsi\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Possible Virus. Not disinfected C:\Documents and Settings\VeTsi\Desktop\SmitfraudFix.zip[SmitfraudFix/swsc.exe]
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Adware:Adware/CWS.Searchmeup Not disinfected C:\Program Files\Common Files\svchost.exe
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-348149589-1267394578-43318865-1008\Dc818.txt
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\gqyokcys.dll.bad
Spyware
pyware/Virtumonde Not disinfected C:\VundoFix Backups\hwihryww.dll.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\mdrpcqff.exe.bad
Spywarepyware/Virtumonde Not disinfected C:\VundoFix Backups\services.dll.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\sfmlwwbb.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\upibieyk.exe.bad
Dialer:dialer.no Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgUS2404.exe
Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M2808NetInstaller.exe
Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe
Dialer
ialer.Gen Not disinfected C:\WINDOWS\switchagreement.txt
Virus:Trj/Lineage.ATD Disinfected C:\WINDOWS\system32\evlshu.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\swsc.exe
Dialerialer.B Not disinfected C:\WINDOWS\Temp\IAUninstall\uninstall.exe
I noticed alot of the cookies that this scan shows is all of those annoying pop ups i get all the time
and my new hijackthis log..
Logfile of HijackThis v1.99.1
Scan saved at 1:59:28 AM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\common files\aol\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\VeTsi\My Documents\HiJackthis\hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1127950147\ee\SSCRun.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Thanks alot for everything
Incident Status Location
Potentially unwanted tool:Application/SpywareQuake Not disinfected C:\Documents and Settings\Jackie\Local Settings\Temp\sa156.exe[Spy-Quake2.exe]
Adware:Adware/Comet Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\fileutil.dll
Dialerialer.XX Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ICD3.tmp\EGDACCESS.inf
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\p2psetup.exe
Potentially unwanted tool:Application/SpywareQuake Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\sa14E.exe[Spy-Quake2.exe]
Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9BMLMSWI\SystemDoctor2006FreeInstall[1].cab
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@ads.pointroll[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@atwola[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@casalemedia[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@errorsafe[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@fastclick[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@realmedia[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@stats1.reliablestats[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@tribalfusion[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@winantivirus[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@www.drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@www.errorsafe[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\VeTsi\Cookies\vetsi@www.winantivirus[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\VeTsi\Desktop\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\Documents and Settings\VeTsi\Desktop\SmitfraudFix\swsc.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\VeTsi\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Possible Virus. Not disinfected C:\Documents and Settings\VeTsi\Desktop\SmitfraudFix.zip[SmitfraudFix/swsc.exe]
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Adware:Adware/CWS.Searchmeup Not disinfected C:\Program Files\Common Files\svchost.exe
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-348149589-1267394578-43318865-1008\Dc818.txt
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\gqyokcys.dll.bad
Spyware
pyware/Virtumonde Not disinfected C:\VundoFix Backups\hwihryww.dll.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\mdrpcqff.exe.bad
Spyware
pyware/Virtumonde Not disinfected C:\VundoFix Backups\services.dll.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\sfmlwwbb.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\upibieyk.exe.bad
Dialer:dialer.no Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgUS2404.exe
Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M2808NetInstaller.exe
Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe
Dialer
ialer.Gen Not disinfected C:\WINDOWS\switchagreement.txt Virus:Trj/Lineage.ATD Disinfected C:\WINDOWS\system32\evlshu.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\swsc.exe
Dialerialer.B Not disinfected C:\WINDOWS\Temp\IAUninstall\uninstall.exe
I noticed alot of the cookies that this scan shows is all of those annoying pop ups i get all the time
and my new hijackthis log..
Logfile of HijackThis v1.99.1
Scan saved at 1:59:28 AM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\common files\aol\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\VeTsi\My Documents\HiJackthis\hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1127950147\ee\SSCRun.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Thanks alot for everything
Last edited by Vetsi2103; Oct 29th, 2006 at 3:23 am.
Rescan with Hijackthis, check this and click Fix Checked
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing)
Download
http://www.ccleaner.com/
Start CCleaner.
Click on the "Options" icon at the left side of the window, then click on "Advanced."
Deselect "Only delete files in Windows Temp folders older than 48 hours".
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
After CCleaner has completed, click Exit.
DownLoad http://www.downloads.subratam.org/KillBox.zip
Copy these instructions to Notepad for safe mode.
Restart your computer into safe mode now. (keep tapping F8 on startup)
Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the X button after you enter each file. It will ask for confimation to delete the file. Click Yes.
Note:
It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files.
C:\WINDOWS\switchagreement.txt
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M2808NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgUS2404.exe
C:\Program Files\Common Files\svchost.exe
Go to Start-Run
Type Shell:Cache\Content.IE5 in the open box
Delete everything in temporary internet files. You won't be able to delete the index file, that's normal.
Go to Start-Run
Type %temp%
Delete everything in the temp folder.
Reboot and post another Hijackthis log
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing)
Download
http://www.ccleaner.com/
Start CCleaner.
Click on the "Options" icon at the left side of the window, then click on "Advanced."
Deselect "Only delete files in Windows Temp folders older than 48 hours".
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
After CCleaner has completed, click Exit.
DownLoad http://www.downloads.subratam.org/KillBox.zip
Copy these instructions to Notepad for safe mode.
Restart your computer into safe mode now. (keep tapping F8 on startup)
Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the X button after you enter each file. It will ask for confimation to delete the file. Click Yes.
Note:
It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files.
C:\WINDOWS\switchagreement.txt
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M2808NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgUS2404.exe
C:\Program Files\Common Files\svchost.exe
Go to Start-Run
Type Shell:Cache\Content.IE5 in the open box
Delete everything in temporary internet files. You won't be able to delete the index file, that's normal.
Go to Start-Run
Type %temp%
Delete everything in the temp folder.
Reboot and post another Hijackthis log
Last edited by Colin Mac; Oct 29th, 2006 at 8:01 am.
I did what you said and here is my new Hijackthis log:
I am still getting these pop ups from adfarm ,ameana.com, mediaplex and win32virus something i forgot what the rest is Thanx again for all your help...btw my comp is acting alot faster thanx to you
Logfile of HijackThis v1.99.1
Scan saved at 5:20:20 PM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\common files\aol\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Documents and Settings\VeTsi\My Documents\HiJackthis\hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1127950147\ee\SSCRun.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
I am still getting these pop ups from adfarm ,ameana.com, mediaplex and win32virus something i forgot what the rest is Thanx again for all your help...btw my comp is acting alot faster thanx to you
Logfile of HijackThis v1.99.1
Scan saved at 5:20:20 PM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\common files\aol\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Documents and Settings\VeTsi\My Documents\HiJackthis\hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1127950147\ee\SSCRun.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Try get back quicker if you can, it's been a week and things can change. I know you might be busy.
Check and Fix these with HJT
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing
Run CCleaner again
Start CCleaner.
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
After CCleaner has completed, click Exit.
Then run Panda Active scan again and post that report with a new HJT log .
Check and Fix these with HJT
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing
Run CCleaner again
Start CCleaner.
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
After CCleaner has completed, click Exit.
Then run Panda Active scan again and post that report with a new HJT log .
|
Similar Threads
- bridge.dll and unable to download (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: unclosable process firefox.exe or iexplore.exe
- Next Thread: Spam: The Dirty Dozen
Views: 3124 | Replies: 13
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
adobe adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial commercials conficker connect control crosssitescripting cyber cybercrime ddos domains e-mafia education email europe exam exploit explorer facebook fake fancheckvirus firefox gaming gumblar hijack hosting internet kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile news norton obama panel parents patch pc phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus rootkit scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system threat trojan unwanted update usa virus viruses vista volume warning web windows worm zero-day
