Poor guy didn't get much sleep last night, and I think I need to send him some coffee up to Canada for helping me tonight!
WinFixer + I now think a nasty virus/trojan [CLOSED]
Started by
gmg
, Sep 05 2005 12:46 PM
-
This topic is locked
#31
Posted 06 September 2005 - 09:54 PM
Kat
-
- Retired Staff
-
- 19,711 posts
Retired
Poor guy didn't get much sleep last night, and I think I need to send him some coffee up to Canada for helping me tonight!
#32
Posted 06 September 2005 - 10:00 PM
gmg
- Topic Starter
-
- Member
-
- 24 posts
Member
Ok, ran hijack and got rid of them.
Before I delete from Add/Remove: quick question, there are two viewpoints:
viewpoints (read only)
and viewpoint media player...but this has the symbol next to it for my windows media player and there is no windows media player...should I delete that as well?
As for programs I don't recognize:
Agere Systems AC'97 Modem
C-Major Audio
DoMore
Learn2 Player
Pure Networks Port Magic
WinPhlash
Finally, what do you mean with the last part by deleting using "windows explorer"? How do I do that? I'm not going to do anything else til I hear back...just in case.
Thanks!
Gina
Before I delete from Add/Remove: quick question, there are two viewpoints:
viewpoints (read only)
and viewpoint media player...but this has the symbol next to it for my windows media player and there is no windows media player...should I delete that as well?
As for programs I don't recognize:
Agere Systems AC'97 Modem
C-Major Audio
DoMore
Learn2 Player
Pure Networks Port Magic
WinPhlash
Finally, what do you mean with the last part by deleting using "windows explorer"? How do I do that? I'm not going to do anything else til I hear back...just in case.
Thanks!
Gina
#33
Posted 06 September 2005 - 10:12 PM
gmg
- Topic Starter
-
- Member
-
- 24 posts
Member
And for one more problem, none of my three email accounts are working...
can I try a restart?
-UPDATE-
Ok, had to restart...internet froze. Now things aren't posting well...I have tried to update this post twice only to have it go to "page cannot be displayed"...hopefully this time it will work.
Things seem to be going from bad to worse!
Thanks all!
Gina
-UPDATE-
One more update...it seems the internet freezing was more my ISP than anything else...my roomates computer wasn't working either, and I called, only to be told their having some 'difficulties' and it may 'flicker' a bit over the next 24 hrs. I don't know what that's going to do to my ability to fix this stuff...
alas...what can you do.
can I try a restart?
-UPDATE-
Ok, had to restart...internet froze. Now things aren't posting well...I have tried to update this post twice only to have it go to "page cannot be displayed"...hopefully this time it will work.
Things seem to be going from bad to worse!
Thanks all!
Gina
-UPDATE-
One more update...it seems the internet freezing was more my ISP than anything else...my roomates computer wasn't working either, and I called, only to be told their having some 'difficulties' and it may 'flicker' a bit over the next 24 hrs. I don't know what that's going to do to my ability to fix this stuff...
alas...what can you do.
Edited by gmg, 06 September 2005 - 11:52 PM.
#34
Posted 06 September 2005 - 11:48 PM
Kat
-
- Retired Staff
-
- 19,711 posts
Retired
stay calm!! The other person who is working with me on your issues will be logging in within about another hour. He has already promised me he'll peek in here and give me some help!
You can get rid of both Viewpoints if you don't use them. Go ahead and uninstall the DoMore program, as well.
Also, if you would be so kind, do the following for me as well:
Create a Startup List
* Open HiJackThis
* Click on the "Config..." button on the bottom right
* Click on the tab "Misc Tools"
* Check off the 2 boxes next to the Box that says "Generate StartupList log"
* Click on the button "Generate StartupList log"
* Copy and past the StartupList from the notepad into your next post
The other person who is working with me on your issues will be logging in within about another hour. He has already promised me he'll peek in here and give me some help! You can get rid of both Viewpoints if you don't use them. Go ahead and uninstall the DoMore program, as well.
Also, if you would be so kind, do the following for me as well:
Create a Startup List
* Open HiJackThis
* Click on the "Config..." button on the bottom right
* Click on the tab "Misc Tools"
* Check off the 2 boxes next to the Box that says "Generate StartupList log"
* Click on the button "Generate StartupList log"
* Copy and past the StartupList from the notepad into your next post
#35
Posted 06 September 2005 - 11:57 PM
gmg
- Topic Starter
-
- Member
-
- 24 posts
Member
Here's the list thingy...I'll try to stay with you guys tonight, but I'm not feeling so great so I may have to duck out early and try again tomorrow.
Thanks again!
Gina
StartupList report, 9/6/2005, 10:55:48 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\COMMON~1\AOL\110176~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\110176~1\EE\AOLServiceHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ATIModeChange = Ati2mdxx.exe
AGRSMMSG = AGRSMMSG.exe
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
StacSysTray = C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
Gateway Ink Monitor = "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
NeroCheck = C:\WINNT\System32\NeroCheck.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HostManager = C:\Program Files\Common Files\AOL\1101763676\EE\AOLHostManager.exe
AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Pure Networks Port Magic = "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINNT\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
--------------------------------------------------
Shell & screensaver key from C:\WINNT\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINNT\System32\ssstars.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
--------------------------------------------------
Enumerating Task Scheduler jobs:
ISP signup reminder 3.job
Norton AntiVirus - Scan my computer - Owner.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINNT\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204
[HouseCall Control]
InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoft...free/asinst.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINNT\system32\SHELL32.dll
CDBurn: C:\WINNT\system32\SHELL32.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: C:\WINNT\System32\stobject.dll
--------------------------------------------------
End of report, 6,947 bytes
Report generated in 0.063 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Thanks again!
Gina
StartupList report, 9/6/2005, 10:55:48 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\COMMON~1\AOL\110176~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\110176~1\EE\AOLServiceHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ATIModeChange = Ati2mdxx.exe
AGRSMMSG = AGRSMMSG.exe
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
StacSysTray = C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
Gateway Ink Monitor = "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
NeroCheck = C:\WINNT\System32\NeroCheck.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HostManager = C:\Program Files\Common Files\AOL\1101763676\EE\AOLHostManager.exe
AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Pure Networks Port Magic = "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINNT\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
--------------------------------------------------
Shell & screensaver key from C:\WINNT\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINNT\System32\ssstars.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
--------------------------------------------------
Enumerating Task Scheduler jobs:
ISP signup reminder 3.job
Norton AntiVirus - Scan my computer - Owner.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINNT\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204
[HouseCall Control]
InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoft...free/asinst.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINNT\system32\SHELL32.dll
CDBurn: C:\WINNT\system32\SHELL32.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: C:\WINNT\System32\stobject.dll
--------------------------------------------------
End of report, 6,947 bytes
Report generated in 0.063 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
#36
Posted 07 September 2005 - 12:05 AM
gmg
- Topic Starter
-
- Member
-
- 24 posts
Member
Oh...I forgot...I didn't delete viewpoint/viewpoint media player because I'm still not sure if that's the same thing as windows media player or not (the icon is the same)...if it is, then I'll keep in, since I use the media player quite a lot.
thanks
thanks
#37
Posted 07 September 2005 - 12:14 AM
Kat
-
- Retired Staff
-
- 19,711 posts
Retired
Hi Gina! Thanks for getting me that log. I'm sorry you're not feeling well. If you need to go to bed, that is fine. I'll have Bobbi look over everything we've done thus far, and have him give me some ideas to get your Safe Mode and everything else working again. I'll get some instructions posted for you by the time you get up! Sleep well! 
Sleep well!
#38
Posted 07 September 2005 - 12:25 AM
gmg
- Topic Starter
-
- Member
-
- 24 posts
Member
Kat~ You're so nice! 
I have to be up for another hour or so to finish up some reading, so if you guys come up with anything, I'll still be around. If not, I'll be back tomorrow and hopefully we can get this all patched up and move on from the woes of winfixer!
Thanks again for EVERYTHING!
Gina
I have to be up for another hour or so to finish up some reading, so if you guys come up with anything, I'll still be around. If not, I'll be back tomorrow and hopefully we can get this all patched up and move on from the woes of winfixer!Thanks again for EVERYTHING!
Gina
#39
Posted 07 September 2005 - 12:33 AM
Kat
-
- Retired Staff
-
- 19,711 posts
Retired
You are so welcome! I only wish I could get this all fixed up myself. HOwever, we're not sure that the Safe Mode problem is from WinFixer. That may be something else entirely, which is why Atribune needed that reg key exported and sent to him to look at. I can kill the Malware on your computer, but when it gets into these "odd" problems, I 
Don't worry, though. With Atribune and Bobbi helping out, there's not a doubt in my mind we'll get you sorted out!
Don't worry, though. With Atribune and Bobbi helping out, there's not a doubt in my mind we'll get you sorted out!
#40
Posted 07 September 2005 - 12:57 AM
gmg
- Topic Starter
-
- Member
-
- 24 posts
Member
I keep on thinking of more and more things to ask! I need to transfer some files in excel and word, but I've been hesitant to open much in the past few days...am I more or less in the clear now as far as malware/viruses go? In other words...can I be opening/editing/sending files without worrying about who or what I'm infecting?
Gracias
Gina
Gracias
Gina
#41
Posted 07 September 2005 - 05:25 AM
Kat
-
- Retired Staff
-
- 19,711 posts
Retired
ok, that safeboot.txt just may have found something for us! Let's check this out.
Please download GetService.zip
Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you.
getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here.
Please download GetService.zip
Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you.
getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here.
#42
Posted 17 September 2005 - 10:53 AM
Kat
-
- Retired Staff
-
- 19,711 posts
Retired
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
