Skip to content
View in the app

A better way to browse. Learn more.

Tip.It Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Somethin' is fishy on my 'puter...

Featured Replies

'Kay, so...I'm careful about security on my computer, since I have a wireless connection. I have a firewall, Norton, Adaware, Spywareblaster, etc etc. I've ran them all and they've not ridded of the problem (Norton didn't - I was surprised...), so I come here.

 

 

 

 

 

 

 

I ran HJT and deleted the obviously suspect things...Things that said Winantivirus, blah blah blah. Everything else looks fine, but I'm not *that* educated on computers. :P

 

 

 

 

 

 

 

My problem is this: When I'm browsing, Winantivirus Pro will hijack my browser and take me to their page saying I should download their product. I'm obviously not that stupid. I'm also getting IE pop-ups (I use Firefox but have IE installed from when I bought the computer) that are ANNOYING. One of them takes up the full screen to the point where you have to move it just to hit "X" and it TALKS. It yells "CONGRATULATIONS! You've won -- blah blah blah" and goes on and on listing prizes I could get. That's beyond obnoxious and annoying, that's down-right harassment.

 

 

 

 

 

 

 

Anything look suspect in this log?

 

 

 

 

 

 

 

hjtlogzn1.png

 

 

 

 

 

 

 

I don't see anything, but meh. I can't find anything suspicious in my program files...Nowhere. I know these aren't just random pop-up's because they're the same ones and they're popping up with IE when I use FireFox. They've been slowing my machine down too, so I have to get rid of them.

 

 

 

 

 

 

 

Any help? The only one I know the name of is that WinAntiVirus Pro crap, and there's nothing I can find to get rid of it.

 

 

 

 

 

 

 

Also, Trojan.Vundo keeps getting blocked by my firewall/Norton.

 

 

 

 

 

 

 

Looking at it again, there are 3 that look suspect, but I'm not touching them because I've deleted enough. Don't want to push my luck and have it be something I needed. :P

The popularity of any given religion today depends on the victories of the wars they fought in the past.

- Me!

I don't see anything wrong. A lot of the newer malware inject themselves into an already running processes, though.

 

 

 

 

 

 

 

Try Spybot: Search and Destroy.

  • Author

I have that too, lol.

The popularity of any given religion today depends on the victories of the wars they fought in the past.

- Me!

Didn't see anything suspicious, but I checked the non-regular [Caution: Executable File]s on LIutilities and they seem to be processes running off Ati, etc. :?, with a risk level of 0.

 

 

 

 

 

 

 

The only obviously wrong thing is the start page, though it seems like a legitimate portal with information (maybe you inserted it yourself). Really weird.

Can you actually post the log not just take a screen shot.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Can you actually post the log not just take a screen shot.

 

 

 

Ditto.

 

 

 

 

 

 

 

Rename Hijackthis[Caution: ExecutableFile] to scan[Caution: ExecutableFile].

 

 

 

 

 

 

 

I can see vundo from here which needs to be nuked but i can't do that until I get a full log.

 

 

 

 

 

 

 

Looking at it again, there are 3 that look suspect, but I'm not touching them because I've deleted enough.

 

 

 

 

 

 

 

By that...Have you been fixing things with HJT?

  • Author

 

Can you actually post the log not just take a screen shot.

 

 

 

Ditto.

 

 

 

 

 

 

 

Rename Hijackthis[Caution] to scan[Caution].

 

 

 

 

 

 

 

I can see vundo from here which needs to be nuked but i can't do that until I get a full log.

 

 

 

 

 

 

 

Looking at it again, there are 3 that look suspect, but I'm not touching them because I've deleted enough.

 

 

 

 

 

 

 

By that...Have you been fixing things with HJT?

 

 

 

 

 

 

 

Yea.

 

 

 

 

 

 

 

I don't get why you guys are saying to post...Text instead of a screen shot...Do you mean to copy/paste it to look stuff up or somethin'? *Shrug*, I thought this would be easier considering it doesn't censor anything via tip.it's lame censors. I'll scan again tomorrow (going to bed now) and post it though.

 

 

 

 

 

 

 

You said you see Vundo or something...Um, I don't know how you see that, but I'd love to know so I can fix it. :P

The popularity of any given religion today depends on the victories of the wars they fought in the past.

- Me!

Pastebin.com and then paste the link here to evade the stupid filters.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Oh dear. Now that you've told me you've been fixing random stuff with HJT that log you've posted doesn't have a lot of use.

 

 

 

 

 

 

 

Please tell me you've downloaded and extracted it to a permanent folder.

 

 

 

 

 

 

 

To restore the backups:


  •  
     
     
    [*:11xackj4]Open HiJackThis
     
     
     
    [*:11xackj4]Click on "View the list of Backups"
     
     
     
    [*:11xackj4]Place a check mark next to everything in that window
     
     
     
    [*:11xackj4]Click Restore
     
     
     
    [*:11xackj4]Click Yes
     
     
     
    [*:11xackj4]Reboot your computer
     
     
     
    [*:11xackj4]Run HiJackThis and post a new HiJackThis log for review.

 

 

 

 

 

 

 

Re-run scan[Caution: ExecutableFile] then choose save log. Save the log and notepad should open with a FULL scan[Caution: ExecutableFile] log.

 

 

 

 

 

 

 

Then do what Mercifull said.

 

 

 

 

 

 

 

I don't get why you guys are saying to post...Text instead of a screen shot...Do you mean to copy/paste it to look stuff up or somethin'? *Shrug*, I thought this would be easier considering it doesn't censor anything via tip.it's lame censors.

 

 

 

It's because we need to see what's running, Where HJT is running from, Which version of windows you have etc, etc.

 

 

 

All those information are in the top part of the log which can't be seen from the screenshot.

  • Author

Ah, okay.

 

 

 

 

 

 

 

I only fixed stuff that was obviously not supposed to be there. Like there was something called WinAntiVirus blah blah blah and that's what has been hijacking my browser every now and then, but it still happens...It's just been happening...Less. :P

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 1:59:04 PM, on 12/19/2006

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\csrss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: ExecutableFile]

 

 

 

C:\Program Files\WZCBDL Service\WZCBDLS[Caution: ExecutableFile]

 

 

 

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\alg[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile]

 

 

 

C:\Program Files\D-Link\Air USB Utility\AirCFG[Caution: ExecutableFile]

 

 

 

C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\wuauclt[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]

 

 

 

C:\Program Files\Webroot\Spy Sweeper\SpySweeper[Caution: ExecutableFile]

 

 

 

C:\Program Files\ATI Technologies\ATI.ACE\CLI[Caution: ExecutableFile]

 

 

 

C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\MOZILL~1\FIREFOX[Caution: ExecutableFile]

 

 

 

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

 

 

 

C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.hickorytech.net

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.hickorytech.net

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

 

 

 

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile] SYSTEMBOOTHIDEPLAYER

 

 

 

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution: ExecutableFile]" runtime

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx[Caution: ExecutableFile] "Owner"

 

 

 

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper[Caution: ExecutableFile]" /0

 

 

 

O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer[Caution: ExecutableFile] /0

 

 

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI[Caution: ExecutableFile]

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] (file missing)

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] (file missing)

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag[Caution: ExecutableFile]

 

 

 

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: ExecutableFile]" "WUSB54Gv4[Caution: ExecutableFile] (file missing)

 

 

 

O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS[Caution: ExecutableFile]

 

 

 

 

 

 

 

Alright, there it is. I see what you meant now. I was unaware it did that. :P

 

 

 

 

 

 

 

Edit: Lemme' know what you see and how to fix it, especially so I know how in the future.

 

 

 

 

 

 

 

Appreciate it, guys. Hooray for techies smarter than I!

The popularity of any given religion today depends on the victories of the wars they fought in the past.

- Me!

Have you restored the backup?

 

 

 

or didn't it work?

 

 

 

 

 

 

 

Move HJT out of the temp and into a permanent folder like your desktop.

 

 

 

You have to do that before fixing anything.

 

 

 

 

 

 

 

Also rename hijackthis to scan[Caution: ExecutableFile].

  • Author

There were no back-up's listed, so.

 

 

 

 

 

 

 

I took it out of the .zip file and rescanned...Got the same thing, so...lol.

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 7:42:47 PM, on 12/19/2006

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\csrss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: ExecutableFile]

 

 

 

C:\Program Files\WZCBDL Service\WZCBDLS[Caution: ExecutableFile]

 

 

 

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\alg[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile]

 

 

 

C:\Program Files\D-Link\Air USB Utility\AirCFG[Caution: ExecutableFile]

 

 

 

C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\wuauclt[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]

 

 

 

C:\Program Files\Webroot\Spy Sweeper\SpySweeper[Caution: ExecutableFile]

 

 

 

C:\Program Files\ATI Technologies\ATI.ACE\CLI[Caution: ExecutableFile]

 

 

 

C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\MOZILL~1\FIREFOX[Caution: ExecutableFile]

 

 

 

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Owner\Desktop\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.hickorytech.net

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.hickorytech.net

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

 

 

 

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile] SYSTEMBOOTHIDEPLAYER

 

 

 

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution: ExecutableFile]" runtime

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx[Caution: ExecutableFile] "Owner"

 

 

 

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper[Caution: ExecutableFile]" /0

 

 

 

O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer[Caution: ExecutableFile] /0

 

 

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI[Caution: ExecutableFile]

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] (file missing)

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] (file missing)

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag[Caution: ExecutableFile]

 

 

 

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: ExecutableFile]" "WUSB54Gv4[Caution: ExecutableFile] (file missing)

 

 

 

O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS[Caution: ExecutableFile]

The popularity of any given religion today depends on the victories of the wars they fought in the past.

- Me!

Getting there....

 

 

 

 

 

 

 

Please RE-NAME hijackthis to scan[Caution: ExecutableFile]

 

 

 

 

 

 

 

Do you know everything you've fixed then? (anything else apart from winantivirus)

 

 

 

 

 

 

 

How many entries did you fix in total.

 

 

 

 

 

 

 

P.S. Rename Hijackthis to Scan!!!!

^^ Why I dont respond to HJT threads anymore... noone ever does what they are asked.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

  • Author
Getting there....

 

 

 

 

 

 

 

Please RE-NAME hijackthis to scan[Caution]

 

 

 

 

 

 

 

Do you know everything you've fixed then? (anything else apart from winantivirus)

 

 

 

 

 

 

 

How many entries did you fix in total.

 

 

 

 

 

 

 

P.S. Rename Hijackthis to Scan!!!!

 

 

 

 

 

 

 

Yea, I basically feel like a dork now...Re-named it....

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 12:39:55 PM, on 12/20/2006

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\csrss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: ExecutableFile]

 

 

 

C:\Program Files\WZCBDL Service\WZCBDLS[Caution: ExecutableFile]

 

 

 

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\alg[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile]

 

 

 

C:\Program Files\D-Link\Air USB Utility\AirCFG[Caution: ExecutableFile]

 

 

 

C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\wuauclt[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]

 

 

 

C:\Program Files\Webroot\Spy Sweeper\SpySweeper[Caution: ExecutableFile]

 

 

 

C:\Program Files\ATI Technologies\ATI.ACE\CLI[Caution: ExecutableFile]

 

 

 

C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\MOZILL~1\FIREFOX[Caution: ExecutableFile]

 

 

 

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Owner\Desktop\scan[Caution: ExecutableFile][Caution: ExecutableFile]

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.hickorytech.net

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.hickorytech.net

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

 

 

 

O2 - BHO: (no name) - SOFTWARE - (no file)

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 

 

 

O2 - BHO: (no name) - {3DEE4ADA-01F5-4392-9AE0-B26B3025A21F} - C:\WINDOWS\Drivers\atskajva.dll

 

 

 

O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\oplktbob.dll

 

 

 

O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)

 

 

 

O2 - BHO: (no name) - {B3319D74-D897-46C2-A25F-6CCEA23EC7Ca} - C:\WINDOWS\system32\fiammpiy.dll

 

 

 

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile] SYSTEMBOOTHIDEPLAYER

 

 

 

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution: ExecutableFile]" runtime

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx[Caution: ExecutableFile] "Owner"

 

 

 

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper[Caution: ExecutableFile]" /0

 

 

 

O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer[Caution: ExecutableFile] /0

 

 

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI[Caution: ExecutableFile]

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] (file missing)

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] (file missing)

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O20 - Winlogon Notify: atskajva - C:\WINDOWS\Drivers\atskajva.dll

 

 

 

O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g441304625.dll (file missing)

 

 

 

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

 

 

 

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

 

 

 

O20 - Winlogon Notify: winfon32 - winfon32.dll (file missing)

 

 

 

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag[Caution: ExecutableFile]

 

 

 

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: ExecutableFile]" "WUSB54Gv4[Caution: ExecutableFile] (file missing)

 

 

 

O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS[Caution: ExecutableFile]

 

 

 

 

 

 

 

There. Sorry...You guys told me to do so much crap I just forgot, lol.

 

 

 

 

 

 

 

I see some new crap on there that I don't remember putting there, so I'm sure you'll find bad stuff. I just wish I knew how to stop getting this crap on my computer. I have security all over the place and it just keeps comin'.

The popularity of any given religion today depends on the victories of the wars they fought in the past.

- Me!

^^ Why I dont respond to HJT threads anymore... noone ever does what they are asked.
Lol! True.

 

 

 

 

 

 

 

You guys told me to do so much crap I just forgot, lol.

 

 

 

I see some new crap on there that I don't remember putting there

 

 

 

 

 

 

 

Well, it's just a matter of following instructions. Make sure you read the whole thing. Anyways, who actually puts crap in their computers?

 

 

 

 

 

 

 

At least you got the log. Please Do NOT fix anymore things with HJT.

 

 

 

 

 

 

 

Please download VundoFix[Caution: ExecutableFile] to your desktop

 

 

 

  • [*:2hw3gzeu]Double-click VundoFix[Caution: ExecutableFile] to run it.
     
     
     
    [*:2hw3gzeu]Click the Scan for Vundo button.
     
     
     
    [*:2hw3gzeu]Once it's done scanning, click the Remove Vundo button.
     
     
     
    [*:2hw3gzeu]You will receive a prompt asking if you want to remove the files, click YES
     
     
     
    [*:2hw3gzeu]Once you click yes, your desktop will go blank as it starts removing Vundo.
     
     
     
    [*:2hw3gzeu]When completed, it will prompt that it will reboot your computer, click OK.
     
     
     
    [*:2hw3gzeu]Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

 

 

 

 

 

 

 

Post a new hjt log and the vundo log.

The easiest way to fix things and get rid of all your problems when you dont know whats wrong. (and if your computer needs one anyways) is to re-install xp or what ever your using. I do it every 6 months. I probably dont need to but considering mines a alienware gaming computer that cost me 7k i dont like to risk stuff.

sandmansig.jpg

Pyromancer, next time you touch my signature, dont take everything about buddy.

This is Zoidnerd, im banned on rs for 2 moar dais so smd kai? Btw a cooked bread once told me he did things to little boys. I didnt name any names so deal with it.

The easiest way to fix things and get rid of all your problems when you dont know whats wrong. (and if your computer needs one anyways) is to re-install xp or what ever your using. I do it every 6 months. I probably dont need to but considering mines a alienware gaming computer that cost me 7k i dont like to risk stuff.

 

 

 

 

 

 

 

What is up with people always saying they have an AlienWare?

 

 

 

 

 

 

 

There is really no point in reinstalling Windows every 6 Months. And if you don't it is not going to risk your "7k AlienWare"...

mikercool.pngMikercool.png

Mikercool.pngMikercool.png

mikercool.pngMikercool.png

 

Getting there....

 

 

 

 

 

 

 

Please RE-NAME hijackthis to scan[Caution]

 

 

 

 

 

 

 

Do you know everything you've fixed then? (anything else apart from winantivirus)

 

 

 

 

 

 

 

How many entries did you fix in total.

 

 

 

 

 

 

 

P.S. Rename Hijackthis to Scan!!!!

 

 

 

 

 

 

 

Yea, I basically feel like a dork now...Re-named it....

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 12:39:55 PM, on 12/20/2006

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution]

 

 

 

C:\WINDOWS\system32\csrss[Caution]

 

 

 

C:\WINDOWS\system32\winlogon[Caution]

 

 

 

C:\WINDOWS\system32\services[Caution]

 

 

 

C:\WINDOWS\system32\lsass[Caution]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution]

 

 

 

C:\WINDOWS\system32\svchost[Caution]

 

 

 

C:\WINDOWS\system32\svchost[Caution]

 

 

 

C:\WINDOWS\System32\svchost[Caution]

 

 

 

C:\WINDOWS\System32\svchost[Caution]

 

 

 

C:\WINDOWS\System32\svchost[Caution]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution]

 

 

 

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution]

 

 

 

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution]

 

 

 

C:\WINDOWS\System32\svchost[Caution]

 

 

 

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution]

 

 

 

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution]

 

 

 

C:\Program Files\WZCBDL Service\WZCBDLS[Caution]

 

 

 

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4[Caution]

 

 

 

C:\WINDOWS\System32\alg[Caution]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution]

 

 

 

C:\WINDOWS\Explorer[Caution]

 

 

 

C:\Program Files\Real\RealPlayer\RealPlay[Caution]

 

 

 

C:\Program Files\D-Link\Air USB Utility\AirCFG[Caution]

 

 

 

C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution]

 

 

 

C:\WINDOWS\system32\wuauclt[Caution]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution]

 

 

 

C:\Program Files\Webroot\Spy Sweeper\SpySweeper[Caution]

 

 

 

C:\Program Files\ATI Technologies\ATI.ACE\CLI[Caution]

 

 

 

C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution]

 

 

 

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution]

 

 

 

C:\WINDOWS\system32\svchost[Caution]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution]

 

 

 

C:\PROGRA~1\MOZILL~1\FIREFOX[Caution]

 

 

 

C:\Program Files\Mozilla Firefox\firefox[Caution]

 

 

 

C:\Documents and Settings\Owner\Desktop\scan[Caution][Caution]

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.hickorytech.net

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.hickorytech.net

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

 

 

 

O2 - BHO: (no name) - SOFTWARE - (no file)

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 

 

 

O2 - BHO: (no name) - {3DEE4ADA-01F5-4392-9AE0-B26B3025A21F} - C:\WINDOWS\Drivers\atskajva.dll

 

 

 

O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\oplktbob.dll

 

 

 

O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)

 

 

 

O2 - BHO: (no name) - {B3319D74-D897-46C2-A25F-6CCEA23EC7Ca} - C:\WINDOWS\system32\fiammpiy.dll

 

 

 

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay[Caution] SYSTEMBOOTHIDEPLAYER

 

 

 

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart[Caution]

 

 

 

O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG[Caution]

 

 

 

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution]

 

 

 

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli[Caution]" runtime

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution]

 

 

 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution]"

 

 

 

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx[Caution] "Owner"

 

 

 

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper[Caution]" /0

 

 

 

O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer[Caution] /0

 

 

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution]" /background

 

 

 

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI[Caution]

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution] (file missing)

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution] (file missing)

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O20 - Winlogon Notify: atskajva - C:\WINDOWS\Drivers\atskajva.dll

 

 

 

O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g441304625.dll (file missing)

 

 

 

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

 

 

 

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

 

 

 

O20 - Winlogon Notify: winfon32 - winfon32.dll (file missing)

 

 

 

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution]

 

 

 

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag[Caution]

 

 

 

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution]

 

 

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc[Caution]

 

 

 

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1[Caution]

 

 

 

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution]

 

 

 

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution]

 

 

 

O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution]" "WUSB54Gv4[Caution] (file missing)

 

 

 

O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS[Caution]

 

 

 

 

 

 

 

There. Sorry...You guys told me to do so much crap I just forgot, lol.

 

 

 

 

 

 

 

I see some new crap on there that I don't remember putting there, so I'm sure you'll find bad stuff. I just wish I knew how to stop getting this crap on my computer. I have security all over the place and it just keeps comin'.

 

 

 

 

 

 

 

Ok, open up Windows Explorer (Press the Windows Key, and Press E), then in the adress bar at the top type this: %SystemRoot%\system32\drivers\etc\, now locate the file names hosts, open it, when prompted to choose a program select notepad, copy the contents of the file (the text in notepad) into this conversation and i will tell you what to do then.

 

 

 

 

 

 

 

Also, in the hijack this log, remove these entries

 

 

 

 

 

 

 

If you didn't place these here then remove these entries

 

 

 

"C:\Documents and Settings\Owner\Desktop\scan[Caution][Caution]"

 

 

 

 

 

 

 

If you use software called "Washer" and know its safe, keep it, otherwise remove these.

 

 

 

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx[Caution] "Owner"

 

 

 

O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer[Caution] /0

 

 

 

 

 

 

 

Remove these

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

 

 

 

 

 

 

 

O2 - BHO: (no name) - SOFTWARE - (no file)

 

 

 

O2 - BHO: (no name) - {B3319D74-D897-46C2-A25F-6CCEA23EC7Ca} - C:\WINDOWS\system32\fiammpiy.dll

 

 

 

O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\oplktbob.dll

 

 

 

O2 - BHO: (no name) - {3DEE4ADA-01F5-4392-9AE0-B26B3025A21F} - C:\WINDOWS\Drivers\atskajva.dll

 

 

 

O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)

 

 

 

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay[Caution] SYSTEMBOOTHIDEPLAYER

 

 

 

O20 - Winlogon Notify: winfon32 - winfon32.dll (file missing)

 

 

 

O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g441304625.dll (file missing)

 

 

 

O20 - Winlogon Notify: atskajva - C:\WINDOWS\Drivers\atskajva.dll

 

 

 

 

 

 

 

Then post a HijackThis Log (again yes!), and as above was said, run VundoFix

RSN: dbferrari

Level: 109

alexrider1234,

 

 

 

 

 

 

 

Simply removing the Vundo entries will do nothing, VundoFix can remove it fully automatically with a click of a button. Simply removing it via HijackThis does not work.

Create an account or sign in to comment

Important Information

By using this site, you agree to our Terms of Use.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.