I am having weird happenings with my old Dell computer that my brother and I use for internet surfing. First the browser is hijacked. I can not go to any security sites because I get diverted to a different one or the page can not display. There was a strange user name for Windows XP at logon which was a long number that started with an I. I removed the user (using windows which probably didn't help) and logged in with my user name. I can only scan with AdAware which only comes up with tracking cookies. I have the latest AVG software 8.0. It will start but then there is an error (must shut down, report to Microsoft?). I click do not report and AVG will keep runing but it will turn red and say I have no virus definitions for a few seconds then it will all turn green again and look like its working correctly. I've tried installing Spybot but it can not access the internet to install. I've tried installing McAfee Antivirus but it can not access the internet to install. I've tried installing Hijackthis but it will not install. I can see it running when I ctrl-alt-del but nothing happens then it disappears from the system processes. I've checked my host file (in the system32 folder) which has only the local host line in it. I have a cable modem with a router connected with two computers connected to it. I'm not sure what to do since nothing will install. Thanks for the help!
I ran Run Scanner on my computer which worked...here is the file info...I also downloaded the Hijackthis.exe instead of the install version...the log file is after the Run Scanner one.
Runscanner logfile http://www.runscanner.net
* = signed file
- = file not found
General info
------------
Computer name : MATTSCOMP
Creation time : 12/1/2008 9:38:48 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 1.7.0.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\windows
Running processes
-----------------
* C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
* C:\windows\System32\alg.exe (Microsoft Corporation)
* C:\PROGRA~1\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
* C:\PROGRA~1\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
* C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
* C:\windows\system32\csrss.exe (Microsoft Corporation)
C:\Documents and Settings\Matt\Desktop\ComboFix.exe
* C:\windows\system32\ctfmon.exe (Microsoft Corporation)
* C:\windows\system32\svchost.exe (Microsoft Corporation)
* C:\windows\system32\svchost.exe (Microsoft Corporation)
* C:\windows\system32\svchost.exe (Microsoft Corporation)
* C:\windows\system32\svchost.exe (Microsoft Corporation)
* C:\windows\system32\svchost.exe (Microsoft Corporation)
* C:\windows\system32\svchost.exe (Microsoft Corporation)
* C:\windows\System32\svchost.exe (Microsoft Corporation)
* C:\windows\system32\lsass.exe (Microsoft Corporation)
C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
* C:\Documents and Settings\Matt\Desktop\RunScanner.exe (Runscanner.net)
* C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
* C:\windows\system32\services.exe (Microsoft Corporation)
* C:\windows\system32\spoolsv.exe (Microsoft Corporation)
* C:\windows\Explorer.EXE (Microsoft Corporation)
C:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
Unrated items
-------------
002 C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
002 C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
011 C:\WINDOWS\system32\drivers\bvrp_pci.sys (bvrp_pci)
011 * C:\windows\System32\Drivers\GEARAspiWDM.sys (GEAR ASPI Filter Driver)
011 C:\windows\System32\Drivers\PxHelp20.sys (PxHelp20)
011 C:\windows\System32\drivers\sfdrv01.sys (StarForce Protection Environment Driver (version 1.x))
011 C:\windows\System32\drivers\sfhlp02.sys (StarForce Protection Helper Driver (version 2.x))
011 C:\windows\System32\drivers\sfsync02.sys (StarForce Protection Synchronization Driver (version 2.x))
011 C:\windows\System32\drivers\sfsync04.sys (StarForce Protection Synchronization Driver (version 4.x))
031 C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) {CF184AD3-CDCB-4168-A3F7-8E447D129300}
041 * C:\Program Files\NetZero\Toolbar.dll {F0F8ECBE-D460-4B34-B007-56A92E8F84A7}
045 * C:\Program Files\NetZero\Toolbar.dll {F0F8ECBE-D460-4B34-B007-56A92E8F84A7}
052 GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}
052 * C:\Program Files\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.) {52706EF7-D7A2-49AD-A615-E903858CF284}
061 C:\WINDOWS\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}
061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
061 C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79304-84BE-11CE-9641-444553540000}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79305-84BE-11CE-9641-444553540000}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79306-84BE-11CE-9641-444553540000}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79307-84BE-11CE-9641-444553540000}
062 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
073 Uniblue SpeedUpMyPC Nag.job : C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe (Uniblue Software)
073 Uniblue SpeedUpMyPC.job : C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe (Uniblue Software)
100 SearchUrl HKCU : http://my.netzero.ne...ch?r=minisearch
104 * C:\WINDOWS\Downloaded Program Files\ilinci76.dll (iLinc Communications, Inc.) {03A89EFD-E023-5707-A22D-45F77558EB4C}
104 GUID / CLSID not found {33564D57-0000-0010-8000-00AA00389B71}
104 * C:\Program Files\IGN\Download Manager\DLMControl.dll (IGN Entertainment) {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
104 GUID / CLSID not found {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
104 GUID / CLSID not found {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
104 C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
104 * C:\WINDOWS\Downloaded Program Files\popcaploader.dll (PopCap Games) {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
104 GUID / CLSID not found ActiveGS.cab
107 C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
170 {267dd498-c275-11da-8830-001111b3ce78} : F:\JDSecure\Windows\JDSecure20.exe
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
173 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79304-84BE-11CE-9641-444553540000}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79304-84BE-11CE-9641-444553540000}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79304-84BE-11CE-9641-444553540000}
225 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79304-84BE-11CE-9641-444553540000}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79304-84BE-11CE-9641-444553540000}
229 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
231 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info
Missing files
-------------
011 C:\windows\system32\drivers\Abiosdsk.sys
011 C:\windows\system32\drivers\abp480n5.sys
011 C:\windows\system32\drivers\adpu160m.sys
011 C:\windows\system32\drivers\Aha154x.sys
011 C:\windows\system32\drivers\aic78u2.sys
011 C:\windows\system32\drivers\aic78xx.sys
011 C:\windows\system32\drivers\AliIde.sys
011 C:\windows\system32\drivers\amsint.sys
011 C:\windows\system32\drivers\asc.sys
011 C:\windows\system32\drivers\asc3350p.sys
011 C:\windows\system32\drivers\asc3550.sys
011 C:\windows\system32\drivers\Atdisk.sys
011 C:\windows\system32\drivers\cd20xrnt.sys
011 C:\windows\system32\drivers\Changer.sys
011 C:\windows\system32\drivers\CmdIde.sys
011 C:\windows\system32\drivers\Cpqarray.sys
011 C:\windows\system32\drivers\dac2w2k.sys
011 C:\windows\system32\drivers\dac960nt.sys
011 C:\DOCUME~1\Matt\LOCALS~1\Temp\ddxgb.sys
011 C:\windows\system32\drivers\dpti2o.sys
011 C:\windows\system32\drivers\hpn.sys
011 C:\windows\system32\drivers\i2omgmt.sys
011 C:\windows\system32\drivers\i2omp.sys
011 C:\windows\system32\drivers\ini910u.sys
011 C:\windows\system32\drivers\lbrtfdc.sys
011 C:\windows\system32\drivers\mraid35x.sys
011 C:\windows\system32\drivers\PCIDump.sys
011 C:\windows\system32\drivers\PDCOMP.sys
011 C:\windows\system32\drivers\PDFRAME.sys
011 C:\windows\system32\drivers\PDRELI.sys
011 C:\windows\system32\drivers\PDRFRAME.sys
011 C:\windows\system32\drivers\perc2.sys
011 C:\windows\system32\drivers\perc2hib.sys
011 C:\windows\system32\drivers\ql1080.sys
011 C:\windows\system32\drivers\Ql10wnt.sys
011 C:\windows\system32\drivers\ql12160.sys
011 C:\windows\system32\drivers\ql1240.sys
011 C:\windows\system32\drivers\ql1280.sys
011 C:\windows\system32\drivers\Simbad.sys
011 C:\windows\system32\drivers\Sparrow.sys
011 C:\windows\system32\drivers\sym_hi.sys
011 C:\windows\system32\drivers\sym_u3.sys
011 C:\windows\system32\drivers\symc810.sys
011 C:\windows\system32\drivers\symc8xx.sys
011 C:\windows\system32\drivers\TosIde.sys
011 C:\windows\system32\drivers\ultra.sys
011 C:\windows\system32\drivers\ViaIde.sys
011 C:\windows\system32\drivers\WDICA.sys
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:37 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\windows\explorer.exe
C:\Documents and Settings\Matt\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualap...rg/activegs.cab
O16 - DPF: {03A89EFD-E023-5707-A22D-45F77558EB4C} (ILINCInstall73 Class) - http://206.127.84.13...ad/ilinci76.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6662.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...ploader_v10.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--
End of file - 6247 bytes
Edited by Matts31, 01 December 2008 - 11:27 PM.
Sign In
Create Account
