Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WinFixer + I now think a nasty virus/trojan [CLOSED]


  • This topic is locked This topic is locked

#31
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
that's ok. you don't need it. Go to the safeboot file, and right click on it. go down to "Send to" and then choose "Compressed (zipped) folder". That will automatically zip it for you, and put it in your "My Documents" folder (or possibly it will zip it to C:\...where the file is located). Then send it off to Atri! :) :tazz: Poor guy didn't get much sleep last night, and I think I need to send him some coffee up to Canada for helping me tonight! :)
  • 0

Advertisements


#32
gmg

gmg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok, ran hijack and got rid of them.

Before I delete from Add/Remove: quick question, there are two viewpoints:

viewpoints (read only)
and viewpoint media player...but this has the symbol next to it for my windows media player and there is no windows media player...should I delete that as well?

As for programs I don't recognize:
Agere Systems AC'97 Modem
C-Major Audio
DoMore
Learn2 Player
Pure Networks Port Magic
WinPhlash

Finally, what do you mean with the last part by deleting using "windows explorer"? How do I do that? I'm not going to do anything else til I hear back...just in case.

Thanks!
Gina
  • 0

#33
gmg

gmg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
And for one more problem, none of my three email accounts are working...

can I try a restart?

-UPDATE-

Ok, had to restart...internet froze. Now things aren't posting well...I have tried to update this post twice only to have it go to "page cannot be displayed"...hopefully this time it will work.

Things seem to be going from bad to worse! :tazz:

Thanks all!
Gina

-UPDATE-

One more update...it seems the internet freezing was more my ISP than anything else...my roomates computer wasn't working either, and I called, only to be told their having some 'difficulties' and it may 'flicker' a bit over the next 24 hrs. I don't know what that's going to do to my ability to fix this stuff...

alas...what can you do.

Edited by gmg, 06 September 2005 - 11:52 PM.

  • 0

#34
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
stay calm!! :tazz: The other person who is working with me on your issues will be logging in within about another hour. He has already promised me he'll peek in here and give me some help! :)

You can get rid of both Viewpoints if you don't use them. Go ahead and uninstall the DoMore program, as well.

Also, if you would be so kind, do the following for me as well:


Create a Startup List

* Open HiJackThis
* Click on the "Config..." button on the bottom right
* Click on the tab "Misc Tools"
* Check off the 2 boxes next to the Box that says "Generate StartupList log"
* Click on the button "Generate StartupList log"
* Copy and past the StartupList from the notepad into your next post
  • 0

#35
gmg

gmg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here's the list thingy...I'll try to stay with you guys tonight, but I'm not feeling so great so I may have to duck out early and try again tomorrow.

Thanks again!
Gina


StartupList report, 9/6/2005, 10:55:48 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\COMMON~1\AOL\110176~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\110176~1\EE\AOLServiceHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIModeChange = Ati2mdxx.exe
AGRSMMSG = AGRSMMSG.exe
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
StacSysTray = C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
Gateway Ink Monitor = "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
NeroCheck = C:\WINNT\System32\NeroCheck.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HostManager = C:\Program Files\Common Files\AOL\1101763676\EE\AOLHostManager.exe
AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Pure Networks Port Magic = "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINNT\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINNT\System32\ssstars.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

ISP signup reminder 3.job
Norton AntiVirus - Scan my computer - Owner.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINNT\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

[HouseCall Control]
InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoft...free/asinst.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINNT\system32\SHELL32.dll
CDBurn: C:\WINNT\system32\SHELL32.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: C:\WINNT\System32\stobject.dll

--------------------------------------------------
End of report, 6,947 bytes
Report generated in 0.063 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#36
gmg

gmg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Oh...I forgot...I didn't delete viewpoint/viewpoint media player because I'm still not sure if that's the same thing as windows media player or not (the icon is the same)...if it is, then I'll keep in, since I use the media player quite a lot.

thanks
  • 0

#37
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hi Gina! Thanks for getting me that log. I'm sorry you're not feeling well. If you need to go to bed, that is fine. I'll have Bobbi look over everything we've done thus far, and have him give me some ideas to get your Safe Mode and everything else working again. I'll get some instructions posted for you by the time you get up! :) Sleep well! :tazz:
  • 0

#38
gmg

gmg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Kat~ You're so nice! :tazz: I have to be up for another hour or so to finish up some reading, so if you guys come up with anything, I'll still be around. If not, I'll be back tomorrow and hopefully we can get this all patched up and move on from the woes of winfixer!


Thanks again for EVERYTHING!

Gina
  • 0

#39
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
You are so welcome! I only wish I could get this all fixed up myself. HOwever, we're not sure that the Safe Mode problem is from WinFixer. That may be something else entirely, which is why Atribune needed that reg key exported and sent to him to look at. I can kill the Malware on your computer, but when it gets into these "odd" problems, I :tazz: :) Don't worry, though. With Atribune and Bobbi helping out, there's not a doubt in my mind we'll get you sorted out! :)
  • 0

#40
gmg

gmg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I keep on thinking of more and more things to ask! I need to transfer some files in excel and word, but I've been hesitant to open much in the past few days...am I more or less in the clear now as far as malware/viruses go? In other words...can I be opening/editing/sending files without worrying about who or what I'm infecting?

Gracias
Gina
  • 0

Advertisements


#41
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
ok, that safeboot.txt just may have found something for us! Let's check this out. :tazz:


Please download GetService.zip

Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you.

getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here.
  • 0

#42
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP