Jump to content


Anti-Spyware Brigade
  • Content Count

  • Joined

  • Last visited

About houmamiss

  • Rank
    Fast Fingers
  • Birthday 10/22/1965

Contact Methods

Profile Information

  • Location
    Where the sidewalk ends...
  • Interests
    My twin sons, karate, astronomy, ufos, computers, shooting and pool.
  1. We have a problem when we boot into Safe Mode. After we choose which user account we want to go into, we get a black screen with "Safe Mode" in the four corners and that's it. It flashes a dialog box at us for a nanosecond in which we're supposed to choose "yes" or "no", but we can't read that fast! We tried pressing "enter" when we saw the dialog box come up, and it started to load the desktop and then stopped and went back to black screen.
  2. I did that and the folder wasn't there, but I will try again.
  3. FZWG, this is what I just told to Jacee: Let me try to explain the user accounts situation, because I think that's why we're all confused. Normally, and from day one of owning this computer, when I turn the computer on it loads straight to a desktop without asking me which user account I want to go into. I never gave it any thought, because I'm the only person who uses my computer. Since this hijacking, I have learned that I have been in the Administrator account the whole time. When we rebooted in Safe Mode, the computer gave us the option of going into the account I regularly use (which is the Administrator account) or another account which was titled Administrator Account. I know it sounds confusing, but I swear this is what is happening. Please try to follow me here. When I told FZWG that we couldn't find the VundoFix folder when we booted in Safe Mode, he asked me which user accounts were listed in Control Panel. I told him in my thread. That's when the confusion began. Based on his reply, I opened the Guest account and also created my own limited user account. When we reboot in Safe Mode to try to log into either my account or the guest account, the computer freezes with a black screen that just says Safe Mode in the four corners. We shut the computer down after that happened twice, and we rebooted normally and came here. When I go into Control Panel, User Accounts it lists the following accounts: "Your Name Here/Administrator Account" (the account I always use) "Dane / Limited Account" (which I created today) "Guest Account" (which I just turned on today) I know it sounds unreal, but this is what is happening and I think this is why FZWG is confused with me.
  4. We went into my own limited user account and installed Hijack This. We tried to run a scan and got the following message: "For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run and type: notepad "C:\WINDOWS\System32\drivers\etc\hosts" and press Enter. Find the line(s) Hijack This reports and delete them. Save the file as "hosts." (with quotes), and reboot." and then: "An unexpected error has occurred at procedure: modMain_CheckOther1Item() Error #75 - Path/File access error Please email me at [email protected], reporting the following: * What you were trying to fix when the error occurred, if applicable * How you can reproduce the error * A complete HijackThis scan log, if possible Windows version: Windows NT 5.01.2600 MSIE version: 6.0.2900.2180 HijackThis version: 1.99.1 This message has been copied to your clipboard. Click OK to continue the rest of the scan." We tried to boot up in safe mode and tried to get into any of the accounts, the computer just froze in a black screen with safe mode at the corners. We shut down and finally booted normally. Please advise.
  5. The only account that was on was the Administrator Account. Listed in the User Accounts was "Your Name Here / Administrator Account" and "Guest Account" which was off. I turned on the Guest Account and I also created a new account for myself. When I went into the Guest Account and also my new account, the VundoFix file folders were not in either one. I guess, based on what you've just said, I will need to set up my new account with internet service and start all over with the installation of the hijack this log and move on from there.
  6. Oh yeah, another great thing is that I'm getting more pop-ups as I go along. The pop-ups are aggressive like the Win-fixer one and keep shutting my browser down. I now have three lovely pop-ups to deal with.
  7. Since I have owned this particular computer, I have never logged into any user account. I turn the thing on, and it loads Windows and then goes to a desktop which I have come to learn is the Administrator account. When we went into Safe Mode last night and went into the Admin acct, the VundoFix folder wasn't in there anywhere, not on the desktop and nothing turned up in search. I'm freaking out. Should I set up my new user account with internet service and install the VundoFix there? I don't know what to do. Should I try safe mode again and see what user accounts are listed and then come back and let you know?
  8. I opened the Guest account (NOT in safe mode) and went into it. It's bare, and the folder certainly isn't on the desktop there. I opened another account for myself, and the same thing. Man, I feel like I need to buy some kind of manual and learn how to run this thing I thought I at least knew how to run somewhat. What do I do now?
  9. Ya learn something new everyday! I won't use the computer as Administrator anymore. The accounts listed are: "Your Name Here / Computer Administrator" and "Guest (Guest account is off)". I will turn on the guest account and try booting in safe mode into that account and see if the folder is on the desktop. If it is, I will continue with your instructions. If it isn't, I suppose you'll (hopefully) be hearing from me. I feel like such a dummy!
  10. Yes, I downloaded to the Desktop and the extracted files folder is also on the Desktop. Theoretically, it should be there, but it's not when we're in Safe Mode. While in Safe Mode, we searched for the file and were unable to find it at all. I don't know if this makes a difference, but after starting in Safe Mode I was brought to the log in screen where you can choose which user account to go into. I chose Administrator, because that is the one I go into when given the option. The other account option is Guest or Other Users (I forget which). Shall I try going into that one and see if it's there? I'm so glad you're willing to help me, because right from the get-go we've got difficulties! Please advise. Thanks, houmamiss
  11. Well, I've encountered a problem already. Once in safe mode, the VundoFix program does not show up on my desktop. Please advise! I'm only at the very beginning, and I'm already Thanks. houmamiss
  12. Thank you! I've been sick and not in the right mind to tackle this yet. I plan to follow your instructions by or before this weekend. I'll let you know how it goes. Thank you so very much again. houmamiss
  13. Crickets! They're grotesque and unpredictably jumpy. Clowns, stinging insects like bees, wasps, and such. Bald guys with wispy combovers are pretty scary, and so are obese women in spandex stretchy pants. How about spiders crawling on your face while you're sleeping? #1 fear: the prospect of my sons being kidnapped.
  14. I hope I'm doing this right. Here's the log: Logfile of HijackThis v1.99.1 Scan saved at 2:55:35 PM, on 10/8/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NetZero\exec.exe C:\Program Files\NetZero\exec.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\TrueAssistant\TrueAssistant.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Documents and Settings\Compaq_Owner\My Documents\Hijack This\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=....1.1&N=PLOC&O=A R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\geebx.dll O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EarthLink Installer] " /C O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp...23/cpbrkpie.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Thank you so very much again, houmamiss
  • Create New...