Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can't Open Up Hijackthis


  • Please log in to reply
44 replies to this topic

#1 robbiep22

robbiep22

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 11 May 2007 - 02:14 PM

i downloaded HijackThis but i can't open it up. what program should i open it with? thanks

    Advertisements

Register to Remove


#2 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 12 May 2007 - 10:47 AM

It may be malware preventing it. Try DSS.

STEP 1.
======
Deckard’s System Scanner

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
If the above did not work, try renaming hijackthis.exe to removal.exe and then see if you can reply with the log.

If the above does not work then
Download Itty Bitty Process Manager (IBProcMan.zip)(direct download) http://www.merijn.or...s/ibprocman.zip
Try running that - it will provide a 'task manager' like process in which you can stop running processes. Don't stop any yet, just list all that it has so I can check them and give advice.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#3 robbiep22

robbiep22

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 12 May 2007 - 04:51 PM

i downloaded dss and it gets to 12% and then it says it has encountered a problem and needs to close and it gives me the options of; debug, send report, dont send. so i went on to the second thing u said, i renamed hijackthis and when i clicked on it, it says there was something wrong with it so i deleted it then redownloaded it and renamed it. then when i open it it asked if i want to unzip the folder so i tried to unzip it because that was the only option i had and it says it cant because i need some other program to do it. so i went on to the third thing and it open up fine i just dont know what to do after that.

#4 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 12 May 2007 - 07:00 PM

Okay so for the third item- you are referring to http://www.merijn.or...s/ibprocman.zip. If not please reply and clarify. Run the ibprocman.exe. It should open up and then can you right-click the window, select copy list to clipboard and then paste it in your reply? I am looking for something similar to this:

Process list saved on 7:53:42 PM, on 5/12/2007
Platform: WinNT 5.01.2600 SP2

[pid] [full path to filename] [file version] [company name]
628 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
1356 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
1400 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
1412 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
1560 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1696 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
600 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
656 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
800 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
1132 C:\Program Files\Comodo\Firewall\cmdagent.exe 2.4.0.20 COMODO
1176 C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe 1.0.33.1 FRISK Software
1220 C:\WINDOWS\BCMSMMSG.exe 3.5.25.0 Broadcom Corporation
1292 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 4.50.100.-32103 InstallShield Software Corporation
1320 C:\Program Files\QuickTime\qttask.exe 7.1.3.100 Apple Computer, Inc.
1568 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe 3.0.0.1448 Adobe Systems Incorporated
1600 C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe 1.0.0.21
1788 C:\Program Files\Logitech\MouseWare\system\em_exec.exe 9.78.34.0 Logitech Inc.
1812 C:\Program Files\Comodo\Firewall\CPF.exe 2.4.0.58 COMODO
1820 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe 6.0.10.6 Sun Microsystems, Inc.
1852 C:\WINDOWS\System32\inetsrv\inetinfo.exe 5.1.2600.2180 Microsoft Corporation
1868 C:\Program Files\Messenger\msmsgs.exe 4.7.0.3001 Microsoft Corporation
1916 C:\WINDOWS\System32\nvsvc32.exe 6.14.10.7811 NVIDIA Corporation
1924 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation
1992 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe 1.2.1128.5462 Google Inc.
2032 C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin\OWSTIMER.EXE 10.0.2614.0 Microsoft Corporation
2040 C:\WINDOWS\system32\SearchIndexer.exe 6.0.5361.0 Microsoft Corporation
3128 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
3316 C:\Program Files\Mozilla Firefox\firefox.exe 1.8.20070.30919 Mozilla Corporation
3900 C:\Program Files\Internet Explorer\iexplore.exe 7.0.6000.16441 Microsoft Corporation
356 C:\WINDOWS\System32\dllhost.exe 5.1.2600.2180 Microsoft Corporation
2872 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe 2.0.-14809.210 Microsoft Corporation
3452 C:\DOCUME~1\Susan\LOCALS~1\Temp\Temporary Directory 1 for ibprocman.zip\IBProcMan.exe 1.4.0.0 Soeperman Enterprises Ltd.


Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#5 robbiep22

robbiep22

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 12 May 2007 - 08:51 PM

yea thats the one im talking about. but when i open it up it doesnt show anything like what you said it should.

#6 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 13 May 2007 - 02:53 AM

Does it show anything? Can you post (reply) with anything?
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#7 robbiep22

robbiep22

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 13 May 2007 - 12:01 PM

yea it shows stuff but it is just folders i have drive c.

#8 robbiep22

robbiep22

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 13 May 2007 - 12:07 PM

ok i figured it out. heres the list it gave me. Process list saved on 2:06:42 PM, on 5/13/2007 Platform: WinNT 5.01.2600 SP2 [pid] [full path to filename] [file version] [company name] 592 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation 680 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation 724 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation 736 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation 896 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation 984 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation 1272 c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe 104.0.13.2 Symantec Corporation 1416 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation 1460 c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe 104.0.13.2 Symantec Corporation 1604 c:\Program Files\Common Files\Symantec Shared\ccProxy.exe 104.0.13.2 Symantec Corporation 1640 c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe 6.0.4.402 Symantec Corporation 1692 c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe 2.1.0.4 Symantec Corporation 1740 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 1.9.1.762 Symantec Corporation 1928 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation 2024 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe 4.6.1.2 AOL LLC 140 C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 3.0.0.171 Symantec Corporation 268 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 7.0.9466.0 Microsoft Corporation 284 c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe 12.6.0.1 Symantec Corporation 340 C:\WINDOWS\system32\nvsvc32.exe 6.14.10.8205 NVIDIA Corporation 492 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation 632 C:\WINDOWS\wanmpsvc.exe 9.0.0.0 America Online, Inc. 2220 C:\WINDOWS\system32\wscntfy.exe 5.1.2600.2180 Microsoft Corporation 2320 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation 2336 C:\Program Files\AIM6\aim6.exe 1.4.9.1 AOL LLC 2396 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe 2536 C:\Program Files\AIM6\aolsoftware.exe 1.5.6.1 America Online, Inc. 2688 C:\WINDOWS\system32\wuauclt.exe 5.8.0.2469 Microsoft Corporation 2976 C:\PROGRA~1\AMERIC~1.0\aol.exe 8.0.0.0 America Online, Inc. 2984 C:\PROGRA~1\AMERIC~1.0\waol.exe 8.0.0.0 America Online, Inc. 3052 C:\PROGRA~1\AMERIC~1.0\aolwbspd.exe 1.0.5.0 America Online Inc 4092 C:\WINDOWS\system32\wuauclt.exe 5.8.0.2469 Microsoft Corporation 2276 c:\program files\aol\aol toolbar 4.0\AolTbServer.exe 4.0.32.1 AOL LLC 3196 C:\Program Files\WinRAR\WinRAR.exe 3.62.0.0 3576 C:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation 4040 C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX23.719\IBProcMan.exe 1.4.0.0 Soeperman Enterprises Ltd.

#9 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 13 May 2007 - 04:30 PM

Can you tell me about the WinRaR? What do you use that for?

======
Please show all files for your system.
You will need to reverse this process when all steps are done.


Submit File to Jotti
Please click on Jotti
Use the "Browse" button and locate the following file on your computer:
C:\Program Files\WinRAR\WinRAR.exe
Click the "Submit" button.
Please copy and post (reply) with the results

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustota...l/index_en.html

Please also check the properties of those files (right-click and select properties from the popupmenu). Look if you can find some company information, etc.

I am not sure why you are having problems running hijackthis. Maybe if we tried another way, it might work.

Please delete the hijackthis applications you currently have. Please try this:

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#10 robbiep22

robbiep22

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 13 May 2007 - 07:48 PM

jotti scan results:

Scanner results
Scan taken on 14 May 2007 01:37:41 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing

hijackthis results:

Logfile of HijackThis v1.99.1
Scan saved at 9:46:07 PM, on 5/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\AMERIC~1.0\aol.exe
C:\PROGRA~1\AMERIC~1.0\waol.exe
C:\PROGRA~1\AMERIC~1.0\aolwbspd.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\genwxete.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSzim055YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1178386656062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178386582640
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA583F7F-2974-46D1-B0C0-BD65EC545661}: NameServer = 205.188.146.145
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe





VBA32 Found nothing

    Advertisements

Register to Remove


#11 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 13 May 2007 - 08:59 PM

Good! We got a hijackthis log.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#12 robbiep22

robbiep22

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 14 May 2007 - 02:04 PM

VundoFix scan results

VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 3:35:20 PM 5/14/2007

Listing files found while scanning....

C:\WINDOWS\system32\dplfmt.dll
C:\WINDOWS\system32\fccyxvs.dll
C:\WINDOWS\system32\llbslifk.dll
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\oqstv.tmp
C:\WINDOWS\system32\ptjomvnl.dll
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\tmp23A.tmp.dll
C:\WINDOWS\system32\urqnmnk.dll
C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\wrpdxgfq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dplfmt.dll
C:\WINDOWS\system32\dplfmt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccyxvs.dll
C:\WINDOWS\system32\fccyxvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\llbslifk.dll
C:\WINDOWS\system32\llbslifk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\oqstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\oqstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqstv.tmp
C:\WINDOWS\system32\oqstv.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\ptjomvnl.dll
C:\WINDOWS\system32\ptjomvnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\rttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\ssttr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmp23A.tmp.dll
C:\WINDOWS\system32\tmp23A.tmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqnmnk.dll
C:\WINDOWS\system32\urqnmnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\vtsqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wrpdxgfq.dll
C:\WINDOWS\system32\wrpdxgfq.dll Has been deleted!

Performing Repairs to the registry.
Done!


HijackThis results

Logfile of HijackThis v1.99.1
Scan saved at 4:01:36 PM, on 5/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\AMERIC~1.0\aol.exe
C:\PROGRA~1\AMERIC~1.0\waol.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\PROGRA~1\AMERIC~1.0\aolwbspd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26067289-580c-4c52-8da5-aac1d0d4f3ee} - C:\WINDOWS\system32\dplfmt.dll (file missing)
O2 - BHO: (no name) - {2EE6B413-9BCB-4A49-BA29-9955D8AD5F4F} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\tmp22.tmp.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\genwxete.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSzim055YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1178386656062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178386582640
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#13 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 15 May 2007 - 11:21 AM

Please set your system to show all files; please see here if you're unsure how to do this.

Run hijackthis. Click Do a System Scan Only. Put a Check in the box on the left side on these:
O2 - BHO: (no name) - {26067289-580c-4c52-8da5-aac1d0d4f3ee} - C:\WINDOWS\system32\dplfmt.dll (file missing)
O2 - BHO: (no name) - {2EE6B413-9BCB-4A49-BA29-9955D8AD5F4F} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\tmp22.tmp.dll
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\genwxete.dll",realset
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSzim055YYUS
O20 - AppInit_DLLs:

Close ALL windows and browsers except HijackThis and click Fix checked and exit.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\system32\genwxete.dll<=file
Exit Explorer, and reboot as normal afterwards.

STEP 1.
======
Please download AVG Anti-Spyware from HERE
and save that file to your
desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop
    and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen
    • select the icon "Update"
    • then select the "Update now" link.
    • Next select the "Start Update" button,
    the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of
    the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then
    select ""Quarantine".".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found
    "
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting
    your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or
    programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab
    then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all
    actions
    "
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the
    screen and save it to a text file on your system (make sure to remember where
    you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
Please post(reply) with the logs from the AVG anti-spyware and a fresh HijackThis log.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#14 robbiep22

robbiep22

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 15 May 2007 - 02:23 PM

im not the smartest when it comes to computers so how do i get to windwos explorer in safe mode.

#15 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 15 May 2007 - 02:40 PM

Yes it is confusing when they name things internet explorer, Windows Explorer, etc. but you can use Windows Explorer. You don't have to though if you can navigate to the file and delete it. Go to Start=> Accessories => Windows Explorer It has the folder icon with the magnifying glass.

Edited by Susan528, 15 May 2007 - 02:58 PM.

Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users