Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WinFix2005 Pop Up - removal [CLOSED]


  • This topic is locked This topic is locked

#1
jmdiniz

jmdiniz

    New Member

  • Member
  • Pip
  • 1 posts
Hi there

Here is my Hijack log

Can you please adise what lines should I fix?


Best regards

Joao


Logfile of HijackThis v1.99.1
Scan saved at 18:05:48, on 11-08-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Software X-Micro\Bluetooth\bin\btwdins.exe
C:\Programas\Symantec AntiVirus\DefWatch.exe
C:\Programas\ewido\security suite\ewidoctrl.exe
C:\Programas\ewido\security suite\ewidoguard.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\PROGRA~1\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programas\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\QuickTime\qttask.exe
C:\Programas\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\iTunes\iTunesHelper.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe
C:\PROGRA~1\FICHEI~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Programas\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE
C:\Programas\Skype\Phone\Skype.exe
C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programas\Software X-Micro\Bluetooth\BTTray.exe
C:\Programas\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Programas\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Speedagenda\SpeedAgenda.exe
C:\Programas\WinZip\WZQKPICK.EXE
C:\Programas\Dosprn\DOSprn.exe
C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jdiniz.BRIBPT\Ambiente de trabalho\HIJACK\HijackThis.exe
C:\Programas\Microsoft Office\OFFICE11\OUTLOOK.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 132.5.0.1:3328
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: (no name) - _{7D5363BA-EA6A-4A20-8AAB-DA7A702F0159} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programas\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Programas\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programas\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Programas\iMeshBar\bar\1.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programas\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [[01]##############################################################################################################################] C:\Documents and Settings\jdiniz.BRIBPT\Internet Optimizer\update\rogue.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programas\Ficheiros comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programas\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programas\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Programas\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Programas\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHEI~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [mwqk] C:\PROGRA~1\COMMON~1\mwqk\mwqkm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: DOSprn.lnk = C:\Programas\Dosprn\DOSprn.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O4 - Global Startup: Speed Agenda.lnk = C:\Speedagenda\SpeedAgenda.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programas\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software X-Micro\Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programas\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programas\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programas\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software X-Micro\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software X-Micro\Bluetooth\btsendto_ie.htm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bribpt.brother.pt
O17 - HKLM\Software\..\Telephony: DomainName = bribpt.brother.pt
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bribpt.brother.pt
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bribpt.brother.pt
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programas\Software X-Micro\Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programas\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programas\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programas\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programas\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programas\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi jmdiniz and welcome to GeeksToGo! My name is Excal and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

:tazz:

Excal
  • 0

#3
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP