 |  |  |  |  |  |  |  |
Unable to Download Hijackthis
 |
I'm a newbie and i came across this forum while looking to see what iswrong with my comp i have a virus on my cmputer and from reading all the posts i have spyware quake.....on the bottom of my screen i get a message saying your computer is infected system has detected virus activities. also i was getting a million pop ups to spyware quake and other sites.I tried downloading hijack this so i could post my log and someone could tell me how to fix it but every link i click does not let me download hijackthis it goes starigh to IE and says web page cannot be displayed can someone please tell me why this is happening.
Thanx in advance:cheesy:
Thanx in advance:cheesy:
Try this link
Download HJTsetup.exe
http://www.thespykiller.co.uk/files/HJTsetup.exe
Double-click HJTsetup.exe to start the installation.
HJT will be installed in C:\Program Files\Hijackthis by default
Accept all default options by continuing to click Next or Install during the setup process.
When you click 'Finish', HJT will automatically open
Select Do a system scan and save a logfile.
The log will open in notepad.
Copy and Paste the log here.
Download HJTsetup.exe
http://www.thespykiller.co.uk/files/HJTsetup.exe
Double-click HJTsetup.exe to start the installation.
HJT will be installed in C:\Program Files\Hijackthis by default
Accept all default options by continuing to click Next or Install during the setup process.
When you click 'Finish', HJT will automatically open
Select Do a system scan and save a logfile.
The log will open in notepad.
Copy and Paste the log here.
•
•
•
•
Originally Posted by Colin Mac 
Try this link
Download HJTsetup.exe
http://www.thespykiller.co.uk/files/HJTsetup.exe
Double-click HJTsetup.exe to start the installation.
HJT will be installed in C:\Program Files\Hijackthis by default
Accept all default options by continuing to click Next or Install during the setup process.
When you click 'Finish', HJT will automatically open
Select Do a system scan and save a logfile.
The log will open in notepad.
Copy and Paste the log here.
Logfile of HijackThis v1.99.1
Scan saved at 7:10:06 AM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\AOL\1127950147\ee\AOLSoftware.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\AOL\1127950147\ee\SSCEvtHdlr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\VeTsi\My Documents\HiJackthis\hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {114BB925-7A10-7CA8-D228-07B059B354FB} - C:\WINDOWS\system32\rwjayhg.dll
O2 - BHO: (no name) - {19CC7AD4-9A88-48A3-9C94-93837523CF80} - C:\WINDOWS\System32\pmnlm.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hwihryww.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {38C427A3-FD2D-4063-ACF4-5935F3AA8D6B} - C:\WINDOWS\System32\nnnp.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127950147\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zwcmnaf.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zwcmnaf.dll,qmufwbe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1127950147\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/05025f667a458d38f1b4033c036e4923_28.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Thanks any help will be appreciated
Last edited by Vetsi2103; Oct 19th, 2006 at 4:26 pm.
Download http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs as a 'RiskTool'; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs as a 'RiskTool'; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user
•
•
•
•
Originally Posted by Colin Mac
Download http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs as a 'RiskTool'; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user
Thank You! Here it is....
SmitFraudFix v2.111
Scan done at 22:53:23.25, Thu 10/19/2006
Run from C:\Documents and Settings\VeTsi\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismini.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\VeTsi
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\VeTsi\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VeTsi\FAVORI~1
C:\DOCUME~1\VeTsi\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Safety Bar\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Ty again for your help
Last edited by Vetsi2103; Oct 19th, 2006 at 11:58 pm.
Copy these instructions to NotePad for reading while in Safe Mode
Reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning: running option #2 on a non infected computer will remove your Desktop background.
Post the C:\rapport.txt and a new HJT log in your next reply.
Reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning: running option #2 on a non infected computer will remove your Desktop background.
Post the C:\rapport.txt and a new HJT log in your next reply.
•
•
•
•
Originally Posted by Colin Mac
Copy these instructions to NotePad for reading while in Safe Mode
Reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning: running option #2 on a non infected computer will remove your Desktop background.
Post the C:\rapport.txt and a new HJT log in your next reply.
Thank you!! I did everything you said...here is my report from smitfraudfix.
SmitFraudFix v2.111
Scan done at 21:04:17.25, Fri 10/20/2006
Run from C:\Documents and Settings\VeTsi\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\WINDOWS\system32\components\flx??.dll Deleted
C:\DOCUME~1\VeTsi\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\Program Files\Safety Bar\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
And my new HiJackthis Log....
Logfile of HijackThis v1.99.1
Scan saved at 9:25:50 PM, on 10/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\AOL\1127950147\ee\AOLSoftware.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\AOL\1127950147\ee\SSCEvtHdlr.exe
C:\Documents and Settings\VeTsi\My Documents\HiJackthis\hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {114BB925-7A10-7CA8-D228-07B059B354FB} - C:\WINDOWS\system32\rwjayhg.dll
O2 - BHO: (no name) - {19CC7AD4-9A88-48A3-9C94-93837523CF80} - C:\WINDOWS\System32\pmnlm.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hwihryww.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {38C427A3-FD2D-4063-ACF4-5935F3AA8D6B} - C:\WINDOWS\System32\nnnp.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127950147\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zwcmnaf.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zwcmnaf.dll,qmufwbe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1127950147\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/0502...36e4923_28.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Also...as i was writing this to you i got a pop up from ameana.com wanting me to buy antivrus program and adfarm.com i just closed it not with the X but by right clicking then close...how could i get rid of that.
Thanks again for your help it is much appreciated
Make sure you have only one active Antivirus, two will conflict so choose one and uninstall the others or set to on demand scanning only.
Please download Vundofix.exe to your desktop http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
==============
Your java is out of date
click here to download
Java Runtime Environment (JRE) 5.0 Update 9
http://java.sun.com/javase/downloads/index.jsp
add/remove programs and unistall any previous versions of java.
install the latest.
==============
Next
Download AVG Anti-Spyware http://www.ewido.net/en/download/
· Install and run
· Click Scanner
· select the "Settings" tab.
· Once in the Settings screen click on "Recommended actions" and then select "Delete".
· Select "Automatically generate report after every scan"
· UnSelect "Only if threats were found"
· Click Complete System Scan and the scan will begin.
· When the scan is finished, Set all items to delete
· Click Apply all actions
· Click the Save report button.
· Save the report to your C: Drive
Reboot
Post that log and a new HiJack log
Please download Vundofix.exe to your desktop http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
==============
Your java is out of date
click here to download
Java Runtime Environment (JRE) 5.0 Update 9
http://java.sun.com/javase/downloads/index.jsp
add/remove programs and unistall any previous versions of java.
install the latest.
==============
Next
Download AVG Anti-Spyware http://www.ewido.net/en/download/
· Install and run
· Click Scanner
· select the "Settings" tab.
· Once in the Settings screen click on "Recommended actions" and then select "Delete".
· Select "Automatically generate report after every scan"
· UnSelect "Only if threats were found"
· Click Complete System Scan and the scan will begin.
· When the scan is finished, Set all items to delete
· Click Apply all actions
· Click the Save report button.
· Save the report to your C: Drive
Reboot
Post that log and a new HiJack log
Last edited by Colin Mac; Oct 21st, 2006 at 8:56 am.
ok i ... here is my VundoFix log...
VundoFix V6.2.6
Checking Java version...
Java version is 1.5.0.4
Scan started at 2:12:54 PM 10/21/2006
Listing files found while scanning....
C:\WINDOWS\system32\gqyokcys.dll
C:\WINDOWS\system32\hwihryww.dll
C:\WINDOWS\system32\rwjayhg.dll
C:\WINDOWS\system32\mdrpcqff.exe
C:\WINDOWS\system32\sfmlwwbb.exe
C:\WINDOWS\system32\upibieyk.exe
C:\Program Files\Common Files\{B8A56D43-0A1E-1033-1016-030224200001}\services.dll
C:\WINDOWS\System32\pmnlm.dll
C:\WINDOWS\System32\mlnmp.ini
C:\WINDOWS\System32\mlnmp.bak1
C:\WINDOWS\System32\mlnmp.bak2
C:\WINDOWS\System32\mlnmp.ini2
C:\WINDOWS\System32\mlnmp.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gqyokcys.dll
C:\WINDOWS\system32\gqyokcys.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hwihryww.dll
C:\WINDOWS\system32\hwihryww.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rwjayhg.dll
C:\WINDOWS\system32\rwjayhg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mdrpcqff.exe
C:\WINDOWS\system32\mdrpcqff.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\sfmlwwbb.exe
C:\WINDOWS\system32\sfmlwwbb.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\upibieyk.exe
C:\WINDOWS\system32\upibieyk.exe Has been deleted!
Attempting to delete C:\Program Files\Common Files\{B8A56D43-0A1E-1033-1016-030224200001}\services.dll
C:\Program Files\Common Files\{B8A56D43-0A1E-1033-1016-030224200001}\services.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\mlnmp.ini
C:\WINDOWS\System32\mlnmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\mlnmp.bak1
C:\WINDOWS\System32\mlnmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\mlnmp.bak2
C:\WINDOWS\System32\mlnmp.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\mlnmp.ini2
C:\WINDOWS\System32\mlnmp.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\mlnmp.tmp
C:\WINDOWS\System32\mlnmp.tmp Has been deleted!
Performing Repairs to the registry.
Done!
I updated Java as instructed
Avg log...
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:20:24 AM 10/22/2006
+ Scan result:
C:\RECYCLER\S-1-5-21-348149589-1267394578-43318865-1008\Dc786\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned.
HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Cleaned.
C:\WINDOWS\system32\egaccess4_1058.dll -> Dialer.EgroupDial.v : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\ICD4.tmp\EGDACCESS_1067.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201003.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201004.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201005.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201006.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201007.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201008.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201009.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201011.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201012.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201013.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201015.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201016.dll -> Dialer.InstantAccess.f : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VU4ZBH45\EGDACCESS_1073_XP[2].cab/EGDACCESS_1073.dll -> Dialer.InstantAccess.m : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201010.dll -> Dialer.InstantAccess.m : Cleaned.
C:\WINDOWS\system32\egaccess4_1060.dll -> Dialer.InstantAccess.r : Cleaned.
C:\WINDOWS\system32\egaccess4_1061.dll -> Dialer.InstantAccess.r : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\23G3KR6Z\WinAntiVirusPro2006ScannerInstall[1].cab/UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\15AP97M3\SysProtectScannerInstall[1].cab/USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\VeTsi\Cookies\vetsi@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\VeTsi\Cookies\vetsi@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\VeTsi\Cookies\vetsi@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\VeTsi\Cookies\vetsi@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\VeTsi\Cookies\vetsi@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\VeTsi\Cookies\vetsi@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\WINDOWS\system32\egaccess4_1059.dll -> Trojan.Dialer.pc : Cleaned.
::Report end
And my new HiJackthis log...
Logfile of HijackThis v1.99.1
Scan saved at 6:25:02 AM, on 10/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\1127950147\ee\AOLSoftware.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1127950147\ee\SSCEvtHdlr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\program files\common files\aol\1127950147\ee\anotify.exe
C:\Documents and Settings\VeTsi\My Documents\HiJackthis\hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {114BB925-7A10-7CA8-D228-07B059B354FB} - C:\WINDOWS\system32\rwjayhg.dll (file missing)
O2 - BHO: (no name) - {19CC7AD4-9A88-48A3-9C94-93837523CF80} - C:\WINDOWS\System32\pmnlm.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hwihryww.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {38C427A3-FD2D-4063-ACF4-5935F3AA8D6B} - C:\WINDOWS\System32\nnnp.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127950147\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zwcmnaf.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zwcmnaf.dll,qmufwbe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1127950147\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/0502...36e4923_28.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Also as I was writing you this internet explorer opened up to a blank page that said about: 1435554 I ended it too fast i didn't get the exact #'s. On a brighter note ever since you told me to do all these things for my comp it's running faster spyquake is gone and that annoying triangle is gone also.
Thank you again for all your help !!
VundoFix V6.2.6
Checking Java version...
Java version is 1.5.0.4
Scan started at 2:12:54 PM 10/21/2006
Listing files found while scanning....
C:\WINDOWS\system32\gqyokcys.dll
C:\WINDOWS\system32\hwihryww.dll
C:\WINDOWS\system32\rwjayhg.dll
C:\WINDOWS\system32\mdrpcqff.exe
C:\WINDOWS\system32\sfmlwwbb.exe
C:\WINDOWS\system32\upibieyk.exe
C:\Program Files\Common Files\{B8A56D43-0A1E-1033-1016-030224200001}\services.dll
C:\WINDOWS\System32\pmnlm.dll
C:\WINDOWS\System32\mlnmp.ini
C:\WINDOWS\System32\mlnmp.bak1
C:\WINDOWS\System32\mlnmp.bak2
C:\WINDOWS\System32\mlnmp.ini2
C:\WINDOWS\System32\mlnmp.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gqyokcys.dll
C:\WINDOWS\system32\gqyokcys.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hwihryww.dll
C:\WINDOWS\system32\hwihryww.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rwjayhg.dll
C:\WINDOWS\system32\rwjayhg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mdrpcqff.exe
C:\WINDOWS\system32\mdrpcqff.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\sfmlwwbb.exe
C:\WINDOWS\system32\sfmlwwbb.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\upibieyk.exe
C:\WINDOWS\system32\upibieyk.exe Has been deleted!
Attempting to delete C:\Program Files\Common Files\{B8A56D43-0A1E-1033-1016-030224200001}\services.dll
C:\Program Files\Common Files\{B8A56D43-0A1E-1033-1016-030224200001}\services.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\mlnmp.ini
C:\WINDOWS\System32\mlnmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\mlnmp.bak1
C:\WINDOWS\System32\mlnmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\mlnmp.bak2
C:\WINDOWS\System32\mlnmp.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\mlnmp.ini2
C:\WINDOWS\System32\mlnmp.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\mlnmp.tmp
C:\WINDOWS\System32\mlnmp.tmp Has been deleted!
Performing Repairs to the registry.
Done!
I updated Java as instructed
Avg log...
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:20:24 AM 10/22/2006
+ Scan result:
C:\RECYCLER\S-1-5-21-348149589-1267394578-43318865-1008\Dc786\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned.
HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Cleaned.
C:\WINDOWS\system32\egaccess4_1058.dll -> Dialer.EgroupDial.v : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\ICD4.tmp\EGDACCESS_1067.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201003.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201004.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201005.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201006.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201007.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201008.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201009.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201011.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201012.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201013.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201015.dll -> Dialer.InstantAccess.f : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201016.dll -> Dialer.InstantAccess.f : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VU4ZBH45\EGDACCESS_1073_XP[2].cab/EGDACCESS_1073.dll -> Dialer.InstantAccess.m : Cleaned.
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP537\A0201010.dll -> Dialer.InstantAccess.m : Cleaned.
C:\WINDOWS\system32\egaccess4_1060.dll -> Dialer.InstantAccess.r : Cleaned.
C:\WINDOWS\system32\egaccess4_1061.dll -> Dialer.InstantAccess.r : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\23G3KR6Z\WinAntiVirusPro2006ScannerInstall[1].cab/UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\15AP97M3\SysProtectScannerInstall[1].cab/USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\VeTsi\Cookies\vetsi@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\VeTsi\Cookies\vetsi@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\VeTsi\Cookies\vetsi@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\VeTsi\Cookies\vetsi@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\VeTsi\Cookies\vetsi@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\VeTsi\Cookies\vetsi@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\WINDOWS\system32\egaccess4_1059.dll -> Trojan.Dialer.pc : Cleaned.
::Report end
And my new HiJackthis log...
Logfile of HijackThis v1.99.1
Scan saved at 6:25:02 AM, on 10/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\1127950147\ee\AOLSoftware.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1127950147\ee\aolsoftware.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1127950147\ee\SSCEvtHdlr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\program files\common files\aol\1127950147\ee\anotify.exe
C:\Documents and Settings\VeTsi\My Documents\HiJackthis\hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {114BB925-7A10-7CA8-D228-07B059B354FB} - C:\WINDOWS\system32\rwjayhg.dll (file missing)
O2 - BHO: (no name) - {19CC7AD4-9A88-48A3-9C94-93837523CF80} - C:\WINDOWS\System32\pmnlm.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hwihryww.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {38C427A3-FD2D-4063-ACF4-5935F3AA8D6B} - C:\WINDOWS\System32\nnnp.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127950147\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zwcmnaf.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zwcmnaf.dll,qmufwbe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1127950147\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/0502...36e4923_28.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1127950147\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Also as I was writing you this internet explorer opened up to a blank page that said about: 1435554 I ended it too fast i didn't get the exact #'s. On a brighter note ever since you told me to do all these things for my comp it's running faster spyquake is gone and that annoying triangle is gone also.
Thank you again for all your help !!
Rescan with Hijackthis and check these. Close all other windows and then clcik Fix Checked.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: (no name) - {114BB925-7A10-7CA8-D228-07B059B354FB} - C:\WINDOWS\system32\rwjayhg.dll (file missing)
O2 - BHO: (no name) - {19CC7AD4-9A88-48A3-9C94-93837523CF80} - C:\WINDOWS\System32\pmnlm.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hwihryww.dll (file missing)
O2 - BHO: (no name) - {38C427A3-FD2D-4063-ACF4-5935F3AA8D6B} - C:\WINDOWS\System32\nnnp.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [zwcmnaf.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zwcmnaf.dll,qmufwbe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/0502...36e4923_28.exe
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm
When the scan is finished, save the results from the scan!
Paste them here with a new hijackthis log.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: (no name) - {114BB925-7A10-7CA8-D228-07B059B354FB} - C:\WINDOWS\system32\rwjayhg.dll (file missing)
O2 - BHO: (no name) - {19CC7AD4-9A88-48A3-9C94-93837523CF80} - C:\WINDOWS\System32\pmnlm.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hwihryww.dll (file missing)
O2 - BHO: (no name) - {38C427A3-FD2D-4063-ACF4-5935F3AA8D6B} - C:\WINDOWS\System32\nnnp.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [zwcmnaf.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zwcmnaf.dll,qmufwbe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/0502...36e4923_28.exe
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm
When the scan is finished, save the results from the scan!
Paste them here with a new hijackthis log.
|
Similar Threads
- bridge.dll and unable to download (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: unclosable process firefox.exe or iexplore.exe
- Next Thread: Spam: The Dirty Dozen
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos domains education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
