Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

please help remove winfixer [CLOSED]

Started by breejen , Aug 13 2005 04:47 PM

  • This topic is locked This topic is locked

#16
tampabelle
Posted 14 August 2005 - 04:31 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,


Download Pocket KillBox from here. There is a Direct Download and a description of what the Program does inside this link.

Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as KillQoo.reg (set Filetype to "All Files") and save it on your Desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\mxynnksx]

[-HKEY_CLASSES_ROOT\CLSID\{17bf7545-dbf1-4b51-b58d-979bca74e464}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"odensc.exe"=-
"iasnhl.exe"=-


Open Pocket Killbox and Copy & Paste the entries below into the "Full Path of File to Delete"

C:\WINDOWS\asappsrv.dll
C:\WINDOWS\command.exe
C:\WINDOWS\mznoo.dll
C:\WINDOWS\SYSTEM32\datadx.dll
C:\WINDOWS\SYSTEM32\eaann.dll
C:\WINDOWS\SYSTEM32\fssjjdf.dll
C:\WINDOWS\SYSTEM32\jsdvwsdk.dll
C:\WINDOWS\SYSTEM32\nikppcy.dll
C:\WINDOWS\SYSTEM32\conres.cpl
C:\WINDOWS\system32\odensc.exe
C:\WINDOWS\system32\iasnhl.exe
C:\WINDOWS\system32\sspggd.exe
C:\8355.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\riak.exe


As you Paste each entry into Killbox,place a tick by any of these Selections available

"Delete on Reboot"
"Unregister .dll before Deleting"

Click the Red Circle with the White X in the Middle to Delete!

Restart in Safe Mode and Run those files through Killbox once more to be sure nothing survived.

This time place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"

Now Locate and DoubleClick KillQoo.reg-> Allow it to merge into the Registry!

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sspggd.exe reg_run

Now close all windows other than HiJackThis, then click Fix Checked.

Restart back in Normal Mode and Post a fresh HijackThis log!
  • 0

Advertisements

#17
breejen
Posted 14 August 2005 - 05:56 PM

breejen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
here is the log from hijack this

Logfile of HijackThis v1.99.1
Scan saved at 7:55:39 PM, on 08/14/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\DOCUME~1\JOHANN~1\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BI1HelperStartUp] C:\PROGRA~1\BEACHI~1\BI1HEL~1.EXE /partner BI1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe
O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vto_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Bridge - http://download.game...nts/y/bt1_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Reversi - http://download.game...nts/y/rt0_x.cab
O16 - DPF: Yahoo! Sheepshead - http://download.game...nts/y/dt0_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinn...gsaw/jigsaw.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...ck/bjattack.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinn...x/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123370263354
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinn...be/wordcube.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v44/sol/sol.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinn...ted/haunted.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinn...man/hangman.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tile City Control) - http://www.worldwinn...ty/tilecity.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinn...paint/paint.cab
O16 - DPF: {CA356D79-679B-4B4C-8E49-5AF97014F4C1} - http://files-pl.star...tarware_323.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.g...zylomloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = L7746.wfix.com
O17 - HKLM\Software\..\Telephony: DomainName = L7746.wfix.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6170FA43-37E8-480B-89CC-60526FF476E0}: Domain = L7746.wfix.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB9F4403-37CD-4872-8E5F-E19B722822F1}: Domain = L7746.wfx.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4AAD1CB-F6DD-4F8C-BE54-F8BD78B236B0}: Domain = L7746.wfix.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = L7746.wfix.com
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#18
tampabelle
Posted 14 August 2005 - 07:20 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Now lets try this -


Click on Start ---> Run. Type Services.msc and hit enter. Locate the item - Command Service. Right click on it and then click on properties. In the Startup Type choose the option Disable. Close the window.


Run Hijack THis. Click on config ----> Misc Tools ---> Delete an NT Service. Type in cmdService and hit enter.

Reboot the PC and post a fresh HJT log.

Also let me know how your PC is behaving now.
  • 0

#19
breejen
Posted 14 August 2005 - 09:01 PM

breejen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I can't run services.msc because it says "MMC requires internet explorer 5.5 or greater to be installed" . Do you know of any way to correct that error...I have SP2 for XP installed but it won't recognize that. It just states that I need a version higher than what the program requires even for Outlook...There are so many programs I can't use because of this error
  • 0

#20
tampabelle
Posted 15 August 2005 - 08:09 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Looks like there is some infection still lurking on your PC.

1. Please visit Panda and do an online scan. Save the scan report and post it back here.

2. Are you familiar with the website L7746.wfix.com???
  • 0

#21
breejen
Posted 15 August 2005 - 04:29 PM

breejen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's the log after running Panda....I don't know much about L7746.wfix.com



Incident Status Location

Adware:adware/iedriver No disinfected C:\WINDOWS\SYSTEM32\Searchx.htm
Adware:adware/sidestep No disinfected C:\DOCUMENTS AND SETTINGS\JOHANNA PINSKER\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SideStep.lnk
Adware:adware/gator No disinfected C:\GatorPatch.log
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\FreeProdFetch
Adware:adware/delfinmedia No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl
Adware:adware/wintools No disinfected Windows Registry
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\Johanna Pinsker\Desktop\l2mfix\Process.exe
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\Johanna Pinsker\Desktop\l2mfix.exe[Process.exe]
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\Johanna Pinsker\l2mfix\Process.exe
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle07152005120414197718.asw
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle07152005120414197750.asw
Adware:Adware/AdBehavior No disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8254ACBB-362F-41C2-B817-14FDAD.asq
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1432A74C-13D4-4788-BF09-2DA14F\15FBEB63-0440-47E7-9216-05F23A
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\31E29907-C4BE-466D-A683-57FEFD\FBBBB54B-A257-45B7-A5E4-7EA091
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3A5E8061-172D-4B25-A347-7795C1\68EAFF4D-0245-4B69-9630-0A0925
Adware:Adware/VirtualBouncer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A5F4903F-D628-41C9-B37D-EE5D9B\1C945DB9-0E77-4F62-A34D-47F659
Adware:Adware/VirtualBouncer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A5F4903F-D628-41C9-B37D-EE5D9B\5B45B780-7601-40DF-BE39-8B3049
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A5F4903F-D628-41C9-B37D-EE5D9B\62CC0B76-B1DD-45C3-B361-A45E20
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A5F4903F-D628-41C9-B37D-EE5D9B\73D97518-F86C-4C21-BA81-663059
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A5F4903F-D628-41C9-B37D-EE5D9B\A71CE4FA-5511-4741-8616-A4058D
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A5F4903F-D628-41C9-B37D-EE5D9B\E154135A-11AA-463E-B2A0-A34FF7
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B2882BB4-E433-43DF-961C-B4AF5D\794ED7D8-C192-4A7E-8B76-7695FA
Adware:Adware/Look2Me No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\EF6B2739-8CB4-4AD4-9463-792D07\CD205FF9-E97C-4A44-BF5C-3D081E
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq129.tmp\common.dll
Adware:Adware/AlwaysupdatednewsNo disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1307\A0262005.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1317\A0265177.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1317\A0265179.exe
Spyware:Spyware/ClearSearch No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1317\A0265189.DLL
Spyware:Spyware/ClearSearch No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1317\A0265191.DLL
Spyware:Spyware/Media-motor No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1317\A0265211.exe
Adware:Adware/Tubby No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1317\A0265218.ini
Virus:Trj/Downloader.HK Disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1317\A0265219.exe
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1317\A0265226.dll
Adware:Adware/SBSoft No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1317\A0265231.inf
Adware:Adware/ClkOptimizer No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1326\A0266397.exe
Adware:Adware/ClkOptimizer No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1364\A0270247.dll
Possible Virus. No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1365\A0270262.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1365\A0271260.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1365\A0271315.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1365\A0271359.exe
Hacktool:Hacktool/Processor No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1365\A0271401.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1365\A0271413.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1365\A0271815.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1365\A0271833.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1367\A0271849.dll
Possible Virus. No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1367\A0271855.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1367\A0271857.exe
Adware:Adware/AdBehavior No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1367\A0271869.exe
  • 0

#22
tampabelle
Posted 15 August 2005 - 04:33 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Delete the following files -


C:\WINDOWS\SYSTEM32\Searchx.htm
C:\DOCUMENTS AND SETTINGS\JOHANNA PINSKER\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SideStep.lnk
C:\GatorPatch.log
C:\WINDOWS\cfgmgr52.ini
C:\PROGRAM FILES\COMMON FILES\FreeProdFetch
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl



Run Hijack This and click on scan. The following items need to be fixed -

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = L7746.wfix.com
O17 - HKLM\Software\..\Telephony: DomainName = L7746.wfix.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6170FA43-37E8-480B-89CC-60526FF476E0}: Domain = L7746.wfix.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB9F4403-37CD-4872-8E5F-E19B722822F1}: Domain = L7746.wfx.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4AAD1CB-F6DD-4F8C-BE54-F8BD78B236B0}: Domain = L7746.wfix.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = L7746.wfix.com

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Reboot the PC and post a fresh HJT log
  • 0

#23
breejen
Posted 15 August 2005 - 06:57 PM

breejen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here 's the new log

Logfile of HijackThis v1.99.1
Scan saved at 8:57:32 PM, on 08/15/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\SpamBayes\bin\sb_tray.exe
C:\DOCUME~1\JOHANN~1\LOCALS~1\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BI1HelperStartUp] C:\PROGRA~1\BEACHI~1\BI1HEL~1.EXE /partner BI1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe
O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vto_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Bridge - http://download.game...nts/y/bt1_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Reversi - http://download.game...nts/y/rt0_x.cab
O16 - DPF: Yahoo! Sheepshead - http://download.game...nts/y/dt0_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinn...gsaw/jigsaw.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...ck/bjattack.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinn...x/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123370263354
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinn...be/wordcube.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v44/sol/sol.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinn...ted/haunted.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinn...man/hangman.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tile City Control) - http://www.worldwinn...ty/tilecity.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinn...paint/paint.cab
O16 - DPF: {CA356D79-679B-4B4C-8E49-5AF97014F4C1} - http://files-pl.star...tarware_323.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.g...zylomloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#24
tampabelle
Posted 16 August 2005 - 07:32 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi breejen,


Your HJT log looks fine except for that O23 entry that we are having problems with.


Lets try these two steps -

1) Reboot the PC in Safe Mode.

Run Hijack This and click on config ---> Misc Tools ---> Delete an NT Service. Type in cmdService and hit enter.

Reboot the PC in Normal Mode.



2) Clcik on Start ---> Run. Type in -


sfc /scannow

and hit enter. This will check whether all your system files are current.


Let me know how both the steps go.
  • 0

#25
breejen
Posted 16 August 2005 - 06:04 PM

breejen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
when I ran the hijack this ---> Delete NT service ---> Cmd service I received the following message;"The service "cmdservice" is enabled and or running. Disable it first using hijack this itself (from the scan results) or the service misc window....
I restarted the PC in normal mode and ran scannow function but I am asked to provide xp home edition cd 2...I only have 1 cd which came with my PC....It's asking for "cache.dll". I tried to insert the cd and retrieve the file but it said that I had the wrong cd in the drive. I wonder if I can get the file from microsoft
  • 0

Advertisements

#26
tampabelle
Posted 16 August 2005 - 06:41 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
When it asks for the Windows CD, does it also give you the option of "Browse"????

If it does, then can you point it to C:\Windows\I386 folder
  • 0

#27
tampabelle
Posted 16 August 2005 - 06:50 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi lets try this again with more detailed instructions. Please read the complete instruction and then try this -


we are going to run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.
Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.

  • 0

#28
breejen
Posted 16 August 2005 - 07:45 PM

breejen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
did what you asked and no real change....I still can't open outlook because it tells me that it needs IE 4.0 or later to use the feature.
The scan went without any interruptions the update did not show anything that needed to be updated....what else could you recommend?
  • 0

#29
tampabelle
Posted 17 August 2005 - 06:27 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Breejen,

Lets try two things -


1) Please download RootKitRevealer from here:
http://www.sysintern...kitrevealer.zip
Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire contents of the log file here for me to see.


2) There is an article by Microsoft on how to repair Outlook express and IE. Please read this article - http://support.micro...om/?kbid=318378
  • 0

#30
tampabelle
Posted 30 August 2005 - 12:52 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP