Help???

I posted the below in the other thread you posted in:

There are several types of trojans out there that cause these problems. For example see this.

http://windowsxp.mvps.org/ToolsQuit.htm

I have fixed quite a few problems like this our forum.

As Turcoloco pointed out, you need to run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

 

Re: ready to give up!!!!!

Do not have more than one antivirus application installed? You implied you have Symantec's? Is it up to date with current definitions? If so, have you run a full system scan from safe mode?

Try renaming hijackthis.exe to myhjt.com (yes to .com) and see if that runs.

Have you tried running the items in the section of the READ ME FIRST titles: Alternative Scans - If still having problems

 

What do yo mean you cannot rename hijack?
When you say " if i try to unzip it, it just flashes and closes." do you mean you cannot extract it from the ZIP file?

If that is the case, then you should not be saying you cannot run HijackThis, you should be saying you could not unzip it. What are you using to UNZIP files?

Try WinZip

What registry command are you talking about?

 

Okay I'm still confused. If Winzip does not work, how did you extract the hijackthis.exe file in the first place.

 

Okay! But you did not follow directions about posting HJT logs. They must be an attachment to your message and you must exit all browsers before running HJT. You had:
C:\Program Files\Internet Explorer\iexplore.exe

Also, it is now probably time to rename myhjt.com.exe back to the proper file name.
Change this: C:\Program Files\myhjt.com\myhjt.com.exe
So it reads: C:\Program Files\HJT\hijackthis.exe

And you did not name it as I wanted it anyway. I said myhjt.com not myhjt.com.exe

 

You still have components from Norton Antivirus and you are running AVG. You must only run one antivirus application. Finish the uninstall of the other Norton components. Or uninstall AVG and reinstall Norton because some it it appears to be missing.

Goto Add/Remove programs and uninstall WeatherBug!

My normal procedures usually include deletion of bad files at the end of HJT fixing, but I'm going to hold off on deleting some files until I'm suse you don't need them.


Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).

Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, End them:
C:\WINDOWS\system32\svcxnw32.exe
C:\WINDOWS\twain_32\B6U12KF\WATCH.exe

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O1 - Hosts: 127.90.165.62 www.symantec.com
O1 - Hosts: 127.116.226.42 securityresponse.symantec.com
O1 - Hosts: 127.66.92.252 symantec.com
O1 - Hosts: 127.94.133.174 www.mcafee.com
O1 - Hosts: 127.39.136.166 mcafee.com
O1 - Hosts: 127.3.104.43 us.mcafee.com
O1 - Hosts: 127.89.239.173 www.sophos.com
O1 - Hosts: 127.117.4.193 sophos.com
O1 - Hosts: 127.251.23.96 www.viruslist.com
O1 - Hosts: 127.101.100.227 viruslist.com
O1 - Hosts: 127.108.165.71 f-secure.com
O1 - Hosts: 127.167.202.162 www.f-secure.com
O1 - Hosts: 127.21.59.5 kaspersky.com
O1 - Hosts: 127.30.229.199 www.avp.com
O1 - Hosts: 127.205.138.43 www.kaspersky.com
O1 - Hosts: 127.13.135.17 avp.com
O1 - Hosts: 127.97.73.180 www.networkassociates.com
O1 - Hosts: 127.56.33.63 networkassociates.com
O1 - Hosts: 127.217.78.46 www.ca.com
O1 - Hosts: 127.95.102.166 ca.com
O1 - Hosts: 127.137.3.186 my-etrust.com
O1 - Hosts: 127.252.231.130 www.my-etrust.com
O1 - Hosts: 127.37.229.100 secure.nai.com
O1 - Hosts: 127.72.145.76 nai.com
O1 - Hosts: 127.61.213.133 www.nai.com
O1 - Hosts: 127.239.68.176 trendmicro.com
O1 - Hosts: 127.239.96.45 www.trendmicro.com
O1 - Hosts: 127.5.3.0 housecall.trendmicro.com
O1 - Hosts: 127.190.77.202 www.pandasoftware.com
O1 - Hosts: 127.15.115.49 www.bitdefender.com
O1 - Hosts: 127.195.10.129 www.ravantivirus.com
O1 - Hosts: 127.68.149.202 www3.ca.com
O1 - Hosts: 127.176.218.245 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.78.10.76 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.107.198.120 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.58.67.250 windowsupdate.microsoft.com
O1 - Hosts: 127.33.200.209 www.windowsupdate.com
O1 - Hosts: 127.79.98.10 windowsupdate.com
O4 - HKLM\..\Run: [IPConfig] svcxnw32.exe
O4 - HKLM\..\Run: [mswnvmx32] winclk4.exe init
O4 - HKLM\..\Run: [DLLStat] vxdload16.exe -services
O4 - HKLM\..\RunServices: [DLLStat] vxdload16.exe -services
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [IPConfig] svcxnw32.exe
O4 - HKCU\..\Run: [DLLStat] vxdload16.exe -drivers
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\B6U12KF\WATCH.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://210.80.76.119/object/Dldrv.ocx
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?

After clicking FIX, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
c:\windows\system32\svcxnw32.exe
c:\windows\system32\winclk4.exe
C:\Program Files\AWS <--- the whole folder if still there
Now reboot in normal mode and post a new HJT log. And tell us how things are working.