HijackThis

Can anyone here read HijackThis results?  My computer has a few bugs/viruses/malware…etc, and I cannot get rid of them.  Here’s what i tried before getting the HijackThis log.

Spybot
Ad-Aware 07
Housecall Anti-virus
Panda Antivirus
Bit Defender

Spybot keeps finding different virus n such but when I go to remove them from my computer the screen goes blue and a message comes up saying to turnoff my computer.  This didn’t happen with any of the others scanners and were able to remove some bugs. Weird!  Also i can’t check my email either because when i go to log in a great little screen pops up with a message saying, “The information exchange over the site cannot be viewed by others. However, there’s a problem with the security certificate.  Do You want to proceed?”.
Now, I know that it’s a virus trying to get me to press yes because the same message comes up over Hotmail and Aol, AND I can check my mail fine from other computers.  Anyway that’s BASICALLY whats going on…can anyone help???  lol.

Oh and here’s the HijackThis log incase we have any wizzes out there…

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:19 PM, on 9/11/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM…\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM…\Run: [DVDLauncher] “C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe”
O4 - HKLM…\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM…\Run: [ISUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup
O4 - HKLM…\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM…\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM…\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM…\Run: [pccguide.exe] “C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe”
O4 - HKLM…\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\HP\HP Software Update\HPWuSchd.exe”
O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM…\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU…\Run: [OE_OEM] “C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe”
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [DellSupport] “C:\Program Files\DellSupport\DSAgnt.exe” /startup
O4 - HKCU…\Run: [zffr] C:\Program Files\InetGet2\stub109_4_0_4_0.exe
O4 - HKCU…\Run: [Aim6] “C:\Program Files\AIM6\aim6.exe” /d locale=en-US ee://aol/imApp
O4 - HKCU…\Run: [autoload] C:\WINDOWS\system32\drivers\smss.exe
O4 - HKCU…\Run: [autorun] C:\Documents and Settings\Holly Hagedorn\smss.exe
O4 - Startup: Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - softdev.adelphia.net/sdccommon/d … ctlins.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.mail.live.com/mail/w1/resou … NPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resourc … oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - upload.facebook.com/controls/Fac … loader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com/activescan … asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - aolsvc.aol.com/onlinegames/trytw … player.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - aolsvc.aol.com/onlinegames/popzu … der_v7.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

–
End of file - 7840 bytes

i dont know what to tell you we had to go buy a new pc we had big problems with ours and couldnt get rid of all the bugs , we even had a password stealer on ours. IE kept closing out on us with illegal ops and we couldnt even do a scan period. i hope someone can help you , it cost us $700 for a new pc, it was cheaper in the long run than repairing our old one for the 3rd time. good luck!!

Dear sweet cheese do you have enough programs running? D:  I only let 21 at any one time go on my comp, and I don’t know what half of your processes are lol.

Have you tried Windows Live OneCare?  You can get a free… 90 trial I believe.  Yeah its 90 days.  Anyhow this comp (family comp not mine) was pretty bugged up and OneCare swept everything away.    Other than that I’m not sure what exactly is bugging your poor computer.

LOL…I KNOW!!  I have no idea what the heck is running but something is!   I’ll try that and let you know how it works.  thank you for you help.  At least i can still check on my horsies n stuff. I do have AOL which i know a lot of computer people disapprove of but it’s never caused me a problem  though I know it does run some unnessecery stuff. Anyway thanks again.

By the way peeps don’t even think about steeling HijackThis as a name!  lol…TAKEN!   lol…just thought it sounded cute.  Prolly for my Alaskan Wildcat X High Chances baby. 

Woo-hoo
High Chances X Alaskan Wildcat = HijackThis

(just to make it offical. )

Yuh, but do those computers have the same problem as this one? XD I get those popups too and I click yes. It’s not a virus, or at least for me its not. Do you use Fire Fox? FF popped up up the other day “WARNING! This site is a FRAUD.” I got an email from PayPal saying I made a transaction, went “WTF?”, clicked the link to login, and I was warned =) NOT the real PayPal. I would suggest Fire Fox for now as a browser while everything sorts out (if you use FF right now x.x I don’t know!) If you TYPE in the url rather than clicking a link (i.e. www.hotmail.com) into the address bar, the site really can’t be fraud (er… right? tired x.x). Frauds usually have various IP like numbers after/before them (er like 45.2456.353463.46890347603476.SITE.com // what an awesome IP like number, yeah? XD)

But uhm. I’ve been running this computer with no Anti Virus for about a year and it hasn’t crashed. It actually was a lot nicer to me once I uninstalled Norton. Erm. I wouldn’t recommend that, but I did that knowing I would be getting a new computer in a couple weeks (see the sentence where it says I uninstalled my anti virus last year)

Edea told me to download Live Care one. My computer threw knives; it is severely allergic to anti viruses and crashes whenever one is turned on -_- For what Live One DID do, it was amazing. It was just too much for my ancient… thing. It’s not even a computer… it’s like… a beast. Lol

Yikes that is a LOT of programs to be running at once. I personally use three things on my computer:

1. Nod32 for virus/worm scanning, it isn’t free but it is the BEST antivirus software out there that I have found, runs updates seemlessly in the background, and a very good program.

2. Windows Defender, free if you have a VALID version of Windows, and it does get rid of any trackers, spyware + adware it has ever detected. Its actually the only Windows program I really like that is dependable

3. Ad-Aware, for what Windows defender does not get (or what they DON’T want to get) I use this every once and a while to pickup the files Defender has missed.

Only time I’ve ever had a worm/virus on the PC (cross my fingers) is when my dad downloaded and opened an email containing a virus. Nod32 however scans downloaded files and WILL NOT LET YOU OPEN THEM if it detects a virus beforehand. Comes up with a big message and everything which is super handy ^___^

Lindsay

Okay I didn’t word that right.   The message pops up on the infected computer on both email accounts but it doesn’t pop up At All if I check them from a different computer.  So basically it’s just something on my computer keeping me from checking my e-mail.  That’s funny about your computer…I’m thinking the ancient ones might be more reliable now days…lol! 

I’ve tried Onecare and my computer won’t even let me download it.  I think i have something that prevents me from deleteing it or something.  Like a freakin super virus or something…blah!

Thanks Lindsay.   I’m gonna try windows defender and see what it does.  I might just have to pay for something though to get this dang thing gone!   I don’t think Hijackthis just shows what programs are running but just shows you in a series of codes what’s going on on the computer.  When I do CTL, ALT, Delete, there is nothing running unless it’s something I have open…weird huh?  I dunno…i really apprieciate your guys help…i’ll let ya know if anything develops.

Good luck! It is weird how the old ones suck but work better lol. It’s like cell phones – new features, but most services don’t work where you need them lol

If you hit Ctrl-Alt-Delete the only things that should show up in the Applications tab are the things that show up in your explorer bar at the bottom of the screen (so for instance right now mine shows Firefox and my AIM client).

If you want to see what your computer is ACTUALLY running, go to the processes tab.  I currently have 39 processes running, so that’s all the random stuff that runs in the background without you being able to see it (so some iTunes and iPod programs, 4 different versions of svchost.exe, and some other stuff I have no idea what it is ).  That’s usually what I keep an eye on to look for any hidden programs.  Whenever something new shows up that I don’t recognize it’s time to run a virus scan to check.

If you have the Windows install disk for your computer, it might be worth just backing up all the files you need onto a DVD or something and reformatting.  Typically my husband and I reformat anywhere from once every 3 months to once a year or so (he does it more than I do).  I don’t like reformatting a ton as it can cause issues when you have to get new drivers for everything, but it’s pretty much guaranteed to wipe out any viruses .