944,131 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > refused Hijackthis wrong script??
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Feb 25th, 2005
0

refused Hijackthis wrong script??

Expand Post »
:mad: I am not able to open HijackThis [new version] windows says that it will not recoginze script..??
I have a new PC, and had it customized cheap and windows professional came with it.
After several days of exploring it's capabilities, I was hit with something that rewrote all the shield protection and crashed windows, I watched this process, and could not use Ad Aware my favorite in time.
I also have, bought spysweep which is useless,and was using the shield, I have a firewall and anti virus Mc Afee.
It may have written itself into a program, example cache and cookie washer, I tried to get rid of it from add/remove programs.
thanks
joal
Reputation Points: 10
Solved Threads: 0
Junior Poster in Training
joal is offline Offline
59 posts
since Oct 2004
Permalink
Feb 26th, 2005
0

Re: refused Hijackthis wrong script??

1. I have a good copy of HijackThis on my FTP site; download that and see if it runs. If so, post the log file it generates.


2. If you can get online reliably, run the free anti-virus/anti-spyware scans at the following two sites:

http://housecall.trendmicro.com/
http://www.pandasoftware.com/actives..._principal.htm


3. Try running Ad Aware while booted into Safe Mode if possible.
DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003
Permalink
Feb 26th, 2005
0

Re: refused Hijackthis wrong script??

Thank you, I ran housecall last night but deleted it, I will download Panda, but did get this log hooray
Logfile of HijackThis v1.99.1
Scan saved at 9:13:19 PM, on 2/26/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINNT\Explorer.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\system32\VTTimer.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\AGRSMMSG.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\COMMON~1\AOL\110929~1\EE\AOLHOS~1.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\AOL\110929~1\EE\AOLServiceHost.exe
C:\Program Files\CallWave\IAM.exe
C:\WINNT\explorer.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\HJT\HijackThis.exe
C:\Program Files\America Online 9.0a\shellmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109296375\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Administrator"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
Reputation Points: 10
Solved Threads: 0
Junior Poster in Training
joal is offline Offline
59 posts
since Oct 2004
Permalink
Feb 26th, 2005
0

Re: refused Hijackthis wrong script??

I got rid of the cache and cookie washer, but can't get rid of this file , I went into add/remove and it still shows
joal
Reputation Points: 10
Solved Threads: 0
Junior Poster in Training
joal is offline Offline
59 posts
since Oct 2004
Permalink
Feb 26th, 2005
0

Re: refused Hijackthis wrong script??

Quote originally posted by joal ...
I got rid of the cache and cookie washer, but can't get rid of this file , I went into add/remove and it still shows
joal
What file can't you get rid of?

You should go to Windows Update and get the Critical Updates for your system (SP4).
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Feb 26th, 2005
0

Re: refused Hijackthis wrong script??

Thank you, the file I am referring to is:
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Administrator".
I have hesitated to update window for two reasons, one is that I am suppose to be getting updates automatically, and two, for some reason, I have many many programs that read..Windows 2000 Hotfix and related files like..$NT uninstall ... etc .
I don't know how they got there, but they have loaded up my programs and files.
I did try to delete some , and did a lousy job it seems.
I have wanted to understand how they are getting there, is my windows automatic update is putting them there???
joal
Reputation Points: 10
Solved Threads: 0
Junior Poster in Training
joal is offline Offline
59 posts
since Oct 2004
Permalink
Feb 26th, 2005
0

Re: refused Hijackthis wrong script??

Do you want to get rid of the Cookie Washer program? If so, you should go to Add/Remove Programs in your Control Panel and remove it; then use hijackthis to fix the O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Administrator" entry. and finally, go to C:\Program Files and delete the Cookie Washer folder.

The Hotfixes you mentioned are the patches from your Windows Updates -- you shouldn't delete them. If you're not getting your updates automatically, you should get them manually.
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Feb 27th, 2005
0

Re: refused Hijackthis wrong script??

groan, I deleted patches... I did remove it from add/remove, but will fix it from HJT
thanks for your patience
joal
Reputation Points: 10
Solved Threads: 0
Junior Poster in Training
joal is offline Offline
59 posts
since Oct 2004
Permalink
Feb 27th, 2005
0

Re: refused Hijackthis wrong script??

If you can still see that program in add removes, do this too;

Click Start > Run > Type or copy & paste regedit. The registry editor will open.
Then go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and delete the offending entry in the right hand pane.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,165 posts
since Feb 2004
Permalink
Mar 5th, 2005
0

Re: refused Hijackthis wrong script??

Thank you, I did delete it from the registry, I am wondering if anyone would take a look at the log I submitted.
thank you
joal
Reputation Points: 10
Solved Threads: 0
Junior Poster in Training
joal is offline Offline
59 posts
since Oct 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Computer is on it's death bed!
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: killing spywares





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC