Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help WinFixer Virus! [CLOSED]


  • This topic is locked This topic is locked

#1
Dcutie

Dcutie

    New Member

  • Member
  • Pip
  • 7 posts
Please help me!! I have the WinFixer virus, and I really don't know that much about computers in this sense, hence the reason I got this stupid virus. Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:23:16 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Dawn\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\D0L5ZL5F\HijackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-ca10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\mllmm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mllmm - C:\WINDOWS\System32\mllmm.dll
O20 - Winlogon Notify: vturo - C:\WINDOWS\System32\vturo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

Edited by Dcutie, 18 October 2005 - 10:59 PM.

  • 0

Advertisements


#2
Dcutie

Dcutie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Please Help it's getting worse!!
  • 0

#3
Dcutie

Dcutie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Why won't anyone help me? it's been over a week since I last posted and still no response, I'm not sure what i'm doing wrong?
  • 0

#4
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello Dcutie and welcome to Geeks To Go :tazz:

Sorry for the slow reply on this, geeks is a very busy site. Can you please post a new hijack log and we will see what we can do. :)
  • 0

#5
Dcutie

Dcutie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you, thank you, thank you, for replying to my post, I am in dire need!

Here is my new Hijackthis log.......

Logfile of HijackThis v1.99.1
Scan saved at 3:48:04 PM, on 11/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\DOCUME~1\Dawn\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Dawn\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-ca10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\mllmm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mllmm - C:\WINDOWS\System32\mllmm.dll
O20 - Winlogon Notify: vturo - C:\WINDOWS\System32\vturo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
  • 0

#6
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello again Dcutie :tazz:

Lets run this tool and see what it can do for us.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Also please include a new hijack log when this is completed.
  • 0

#7
Dcutie

Dcutie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, here is my session log . . . . .

9:50 PM: | Start of Session, Saturday, November 05, 2005 |
9:50 PM: Spy Sweeper started
9:50 PM: Sweep initiated using definitions version 567
9:50 PM: Starting Memory Sweep
9:51 PM: Found Adware: virtumonde
9:51 PM: Detected running threat: C:\WINDOWS\system32\mllmm.dll (ID = 77)
9:51 PM: Detected running threat: C:\WINDOWS\system32\vturo.dll (ID = 77)
9:56 PM: Memory Sweep Complete, Elapsed Time: 00:05:38
9:56 PM: Starting Registry Sweep
9:56 PM: Found Adware: winantispyware 2005
9:56 PM: HKCR\checkproduct2.checkproduct\ (5 subtraces) (ID = 527503)
9:56 PM: HKCR\checkproduct2.checkproduct.1\ (3 subtraces) (ID = 527509)
9:56 PM: HKCR\appid\checkproduct2.dll\ (1 subtraces) (ID = 527632)
9:56 PM: HKCR\appid\{8c65aef6-e413-4314-815b-82717a3f1603}\ (1 subtraces) (ID = 527648)
9:56 PM: HKCR\clsid\{c427b3e3-28dc-4001-9590-d99b6776119b}\ (15 subtraces) (ID = 527829)
9:56 PM: HKCR\interface\{4f79d1c5-24f9-4e59-8022-604d4b41d5ca}\ (8 subtraces) (ID = 527937)
9:56 PM: HKCR\typelib\{30ed49a5-ca6c-4918-b5f3-5e6818c91d8b}\ (9 subtraces) (ID = 528091)
9:56 PM: HKLM\software\classes\checkproduct2.checkproduct\ (5 subtraces) (ID = 528199)
9:56 PM: HKLM\software\classes\checkproduct2.checkproduct.1\ (3 subtraces) (ID = 528205)
9:56 PM: HKLM\software\classes\appid\checkproduct2.dll\ (1 subtraces) (ID = 528341)
9:56 PM: HKLM\software\classes\appid\{8c65aef6-e413-4314-815b-82717a3f1603}\ (1 subtraces) (ID = 528357)
9:56 PM: HKLM\software\classes\clsid\{c427b3e3-28dc-4001-9590-d99b6776119b}\ (15 subtraces) (ID = 528538)
9:56 PM: HKLM\software\classes\typelib\{30ed49a5-ca6c-4918-b5f3-5e6818c91d8b}\ (9 subtraces) (ID = 528800)
9:56 PM: HKLM\software\classes\appid\{8c65aef6-e413-4314-815b-82717a3f1603}\ (1 subtraces) (ID = 543259)
9:56 PM: HKCR\clsid\{6dd0bc06-4719-4ba3-bebc-fbae6a448152}\ (12 subtraces) (ID = 954591)
9:56 PM: HKLM\software\classes\clsid\{6dd0bc06-4719-4ba3-bebc-fbae6a448152}\ (12 subtraces) (ID = 954593)
9:56 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{6dd0bc06-4719-4ba3-bebc-fbae6a448152}\ (ID = 954595)
9:56 PM: Found Adware: 180search assistant/zango
9:56 PM: HKU\S-1-5-21-706574463-3658443340-981500031-1007\software\zango\ (16 subtraces) (ID = 147919)
9:56 PM: Registry Sweep Complete, Elapsed Time:00:00:21
9:56 PM: Starting Cookie Sweep
9:56 PM: Found Spy Cookie: atlas dmt cookie
9:56 PM: dawn@atdmt[1].txt (ID = 2253)
9:56 PM: Found Spy Cookie: linksynergy cookie
9:56 PM: dawn@linksynergy[2].txt (ID = 2926)
9:56 PM: Found Spy Cookie: reliablestats cookie
9:56 PM: dawn@stats1.reliablestats[1].txt (ID = 3254)
9:56 PM: Found Spy Cookie: winantiviruspro cookie
9:56 PM: dawn@www.winantiviruspro[2].txt (ID = 3690)
9:57 PM: Found Spy Cookie: sandboxer cookie
9:57 PM: owner@0[10].txt (ID = 3282)
9:57 PM: owner@0[1].txt (ID = 3282)
9:57 PM: owner@0[3].txt (ID = 3282)
9:57 PM: owner@0[4].txt (ID = 3282)
9:57 PM: owner@0[6].txt (ID = 3282)
9:57 PM: owner@0[8].txt (ID = 3282)
9:57 PM: Found Spy Cookie: 216.221.138 cookie
9:57 PM: owner@216.221.138[2].txt (ID = 1947)
9:57 PM: Found Spy Cookie: 247realmedia cookie
9:57 PM: owner@247realmedia[1].txt (ID = 1953)
9:57 PM: Found Spy Cookie: 2o7.net cookie
9:57 PM: owner@2o7[1].txt (ID = 1957)
9:57 PM: Found Spy Cookie: 3 cookie
9:57 PM: owner@3[2].txt (ID = 1959)
9:57 PM: Found Spy Cookie: 64.62.232 cookie
9:57 PM: owner@64.62.232[2].txt (ID = 1987)
9:57 PM: owner@64.62.232[3].txt (ID = 1987)
9:57 PM: owner@64.62.232[4].txt (ID = 1987)
9:57 PM: owner@64.62.232[5].txt (ID = 1987)
9:57 PM: owner@64.62.232[6].txt (ID = 1987)
9:57 PM: Found Spy Cookie: 888 cookie
9:57 PM: owner@888[1].txt (ID = 2019)
9:57 PM: Found Spy Cookie: abcsearch cookie
9:57 PM: owner@abcsearch[1].txt (ID = 2033)
9:57 PM: Found Spy Cookie: 4u.pl cookie
9:57 PM: owner@ad.stat.4u[1].txt (ID = 1978)
9:57 PM: Found Spy Cookie: yieldmanager cookie
9:57 PM: owner@ad.yieldmanager[1].txt (ID = 3751)
9:57 PM: Found Spy Cookie: adknowledge cookie
9:57 PM: owner@adknowledge[1].txt (ID = 2072)
9:57 PM: Found Spy Cookie: hbmediapro cookie
9:57 PM: owner@adopt.hbmediapro[2].txt (ID = 2768)
9:57 PM: Found Spy Cookie: adprofile cookie
9:57 PM: owner@adprofile[2].txt (ID = 2084)
9:57 PM: Found Spy Cookie: adrevolver cookie
9:57 PM: owner@adrevolver[1].txt (ID = 2088)
9:57 PM: owner@adrevolver[3].txt (ID = 2088)
9:57 PM: Found Spy Cookie: addynamix cookie
9:57 PM: owner@ads.addynamix[2].txt (ID = 2062)
9:57 PM: Found Spy Cookie: joetec.net cookie
9:57 PM: owner@ads.joetec[2].txt (ID = 2890)
9:57 PM: Found Spy Cookie: pointroll cookie
9:57 PM: owner@ads.pointroll[2].txt (ID = 3148)
9:57 PM: Found Spy Cookie: ads.tripod.lycos.com cookie
9:57 PM: owner@ads.tripod.lycos[1].txt (ID = 2133)
9:57 PM: Found Spy Cookie: adserv.aavalue.com cookie
9:57 PM: owner@adserv.aavalue[2].txt (ID = 2139)
9:57 PM: Found Spy Cookie: pollstar cookie
9:57 PM: owner@adserver.pollstar[1].txt (ID = 3152)
9:57 PM: Found Spy Cookie: advertising cookie
9:57 PM: owner@advertising[1].txt (ID = 2175)
9:57 PM: Found Spy Cookie: alt cookie
9:57 PM: owner@alt[2].txt (ID = 2217)
9:57 PM: Found Spy Cookie: falkag cookie
9:57 PM: owner@as-eu.falkag[2].txt (ID = 2650)
9:57 PM: Found Spy Cookie: askmen cookie
9:57 PM: owner@askmen[1].txt (ID = 2247)
9:57 PM: Found Spy Cookie: ask cookie
9:57 PM: owner@ask[1].txt (ID = 2245)
9:57 PM: owner@atdmt[2].txt (ID = 2253)
9:57 PM: Found Spy Cookie: belnk cookie
9:57 PM: owner@ath.belnk[2].txt (ID = 2293)
9:57 PM: Found Spy Cookie: a cookie
9:57 PM: owner@a[1].txt (ID = 2027)
9:57 PM: Found Spy Cookie: banners cookie
9:57 PM: owner@banners[2].txt (ID = 2282)
9:57 PM: Found Spy Cookie: banner cookie
9:57 PM: owner@banner[2].txt (ID = 2276)
9:57 PM: owner@belnk[2].txt (ID = 2292)
9:57 PM: Found Spy Cookie: bestmovies cookie
9:57 PM: owner@bestmovies[1].txt (ID = 2298)
9:57 PM: Found Spy Cookie: bizrate cookie
9:57 PM: owner@bizrate[1].txt (ID = 2308)
9:57 PM: Found Spy Cookie: bluestreak cookie
9:57 PM: owner@bluestreak[2].txt (ID = 2314)
9:57 PM: Found Spy Cookie: porngraph cookie
9:57 PM: owner@c.porngraph[1].txt (ID = 3169)
9:57 PM: Found Spy Cookie: casalemedia cookie
9:57 PM: owner@casalemedia[2].txt (ID = 2354)
9:57 PM: Found Spy Cookie: ccbill cookie
9:57 PM: owner@ccbill[1].txt (ID = 2369)
9:57 PM: Found Spy Cookie: centrport net cookie
9:57 PM: owner@centrport[1].txt (ID = 2374)
9:57 PM: Found Spy Cookie: sexsuche cookie
9:57 PM: owner@counter.sexsuche[2].txt (ID = 3360)
9:57 PM: Found Spy Cookie: counter cookie
9:57 PM: owner@counter[1].txt (ID = 2477)
9:57 PM: Found Spy Cookie: 360i cookie
9:57 PM: owner@ct.360i[2].txt (ID = 1962)
9:57 PM: Found Spy Cookie: customer cookie
9:57 PM: owner@customer[1].txt (ID = 2481)
9:57 PM: Found Spy Cookie: directroi cookie
9:57 PM: owner@directroi[1].txt (ID = 2525)
9:57 PM: owner@dist.belnk[1].txt (ID = 2293)
9:57 PM: Found Spy Cookie: ru4 cookie
9:57 PM: owner@edge.ru4[1].txt (ID = 3269)
9:57 PM: Found Spy Cookie: fastclick cookie
9:57 PM: owner@fastclick[2].txt (ID = 2651)
9:57 PM: Found Spy Cookie: fe.lea.lycos.com cookie
9:57 PM: owner@fe.lea.lycos[1].txt (ID = 2660)
9:57 PM: owner@fe.lea.lycos[2].txt (ID = 2660)
9:57 PM: Found Spy Cookie: fortunecity cookie
9:57 PM: owner@fortunecity[1].txt (ID = 2686)
9:57 PM: Found Spy Cookie: gangbangsquad cookie
9:57 PM: owner@gangbangsquad[1].txt (ID = 2720)
9:57 PM: Found Spy Cookie: go.com cookie
9:57 PM: owner@go[2].txt (ID = 2728)
9:57 PM: Found Spy Cookie: starware.com cookie
9:57 PM: owner@h.starware[1].txt (ID = 3442)
9:57 PM: Found Spy Cookie: humanclick cookie
9:57 PM: owner@hc2.humanclick[1].txt (ID = 2810)
9:57 PM: Found Spy Cookie: herfirstanalsex cookie
9:57 PM: owner@herfirstanalsex[1].txt (ID = 2769)
9:57 PM: Found Spy Cookie: herfirstlesbiansex cookie
9:57 PM: owner@herfirstlesbiansex[2].txt (ID = 2771)
9:57 PM: Found Spy Cookie: homestore cookie
9:57 PM: owner@homestore[1].txt (ID = 2793)
9:57 PM: Found Spy Cookie: howstuffworks cookie
9:57 PM: owner@howstuffworks[2].txt (ID = 2805)
9:57 PM: Found Spy Cookie: screensavers.com cookie
9:57 PM: owner@i.screensavers[2].txt (ID = 3298)
9:57 PM: Found Spy Cookie: ic-live cookie
9:57 PM: owner@ic-live[2].txt (ID = 2821)
9:57 PM: Found Spy Cookie: zango cookie
9:57 PM: owner@infinity.zango[1].txt (ID = 3761)
9:57 PM: owner@killbill.movies.go[1].txt (ID = 2729)
9:57 PM: Found Spy Cookie: kount cookie
9:57 PM: owner@kount[1].txt (ID = 2911)
9:57 PM: Found Spy Cookie: l2m.net cookie
9:57 PM: owner@l2m[1].txt (ID = 2913)
9:57 PM: Found Spy Cookie: maxserving cookie
9:57 PM: owner@maxserving[1].txt (ID = 2966)
9:57 PM: Found Spy Cookie: metareward.com cookie
9:57 PM: owner@metareward[2].txt (ID = 2990)
9:57 PM: owner@money.howstuffworks[1].txt (ID = 2806)
9:57 PM: Found Spy Cookie: nextag cookie
9:57 PM: owner@nextag[2].txt (ID = 5014)
9:57 PM: Found Spy Cookie: one-time-offer cookie
9:57 PM: owner@one-time-offer[2].txt (ID = 3095)
9:57 PM: Found Spy Cookie: outster cookie
9:57 PM: owner@outster[1].txt (ID = 3103)
9:57 PM: Found Spy Cookie: partnerweekly cookie
9:57 PM: owner@partnerweekly[1].txt (ID = 3109)
9:57 PM: Found Spy Cookie: passion cookie
9:57 PM: owner@passion[2].txt (ID = 3113)
9:57 PM: Found Spy Cookie: paypopup cookie
9:57 PM: owner@paypopup[1].txt (ID = 3119)
9:57 PM: Found Spy Cookie: ping cookie
9:57 PM: owner@ping[2].txt (ID = 3137)
9:57 PM: owner@popunder.paypopup[1].txt (ID = 3120)
9:57 PM: Found Spy Cookie: pricegrabber cookie
9:57 PM: owner@pricegrabber[2].txt (ID = 3185)
9:57 PM: Found Spy Cookie: wegcash cookie
9:57 PM: owner@programs.wegcash[2].txt (ID = 3682)
9:57 PM: Found Spy Cookie: pub cookie
9:57 PM: owner@pub[1].txt (ID = 3205)
9:57 PM: Found Spy Cookie: trb.com cookie
9:57 PM: owner@q13.trb[1].txt (ID = 3588)
9:57 PM: Found Spy Cookie: qsrch cookie
9:57 PM: owner@qsrch[1].txt (ID = 3215)
9:57 PM: Found Spy Cookie: questionmarket cookie
9:57 PM: owner@questionmarket[1].txt (ID = 3217)
9:57 PM: Found Spy Cookie: realmedia cookie
9:57 PM: owner@realmedia[2].txt (ID = 3235)
9:57 PM: Found Spy Cookie: reunion cookie
9:57 PM: owner@reunion[2].txt (ID = 3255)
9:57 PM: Found Spy Cookie: revenue.net cookie
9:57 PM: owner@revenue[1].txt (ID = 3257)
9:57 PM: Found Spy Cookie: rn11 cookie
9:57 PM: owner@rn11[2].txt (ID = 3261)
9:57 PM: Found Spy Cookie: adjuggler cookie
9:57 PM: owner@rotator.adjuggler[1].txt (ID = 2071)
9:57 PM: Found Spy Cookie: seeq cookie
9:57 PM: owner@seeq[2].txt (ID = 3331)
9:57 PM: Found Spy Cookie: servedby advertising cookie
9:57 PM: owner@servedby.advertising[2].txt (ID = 3335)
9:57 PM: Found Spy Cookie: servlet cookie
9:57 PM: owner@servlet[1].txt (ID = 3345)
9:57 PM: owner@servlet[3].txt (ID = 3345)
9:57 PM: owner@starware[2].txt (ID = 3441)
9:57 PM: Found Spy Cookie: dealtime cookie
9:57 PM: owner@stat.dealtime[1].txt (ID = 2506)
9:57 PM: Found Spy Cookie: statcounter cookie
9:57 PM: owner@statcounter[2].txt (ID = 3447)
9:57 PM: owner@stats1.reliablestats[2].txt (ID = 3254)
9:57 PM: Found Spy Cookie: webtrendslive cookie
9:57 PM: owner@statse.webtrendslive[1].txt (ID = 3667)
9:57 PM: Found Spy Cookie: targetnet cookie
9:57 PM: owner@targetnet[1].txt (ID = 3489)
9:57 PM: Found Spy Cookie: teensforcash cookie
9:57 PM: owner@teensforcash[2].txt (ID = 3509)
9:57 PM: Found Spy Cookie: tracking cookie
9:57 PM: owner@tracking[1].txt (ID = 3571)
9:57 PM: Found Spy Cookie: trafficmp cookie
9:57 PM: owner@trafficmp[1].txt (ID = 3581)
9:57 PM: Found Spy Cookie: tribalfusion cookie
9:57 PM: owner@tribalfusion[2].txt (ID = 3589)
9:57 PM: Found Spy Cookie: tripod cookie
9:57 PM: owner@tripod[2].txt (ID = 3591)
9:57 PM: Found Spy Cookie: webpower cookie
9:57 PM: owner@webpower[2].txt (ID = 3660)
9:57 PM: Found Spy Cookie: 123count cookie
9:57 PM: owner@www.123count[2].txt (ID = 1928)
9:57 PM: owner@www.ads.joetec[1].txt (ID = 2890)
9:57 PM: owner@www.askmen[1].txt (ID = 2248)
9:57 PM: Found Spy Cookie: brazilwelcomesyou cookie
9:57 PM: owner@www.brazilwelcomesyou[1].txt (ID = 2325)
9:57 PM: Found Spy Cookie: eroticy cookie
9:57 PM: owner@www.eroticy[1].txt (ID = 2624)
9:57 PM: owner@www.herfirstlesbiansex[1].txt (ID = 2772)
9:57 PM: owner@www.homestore[2].txt (ID = 2794)
9:57 PM: owner@www.ping[1].txt (ID = 3138)
9:57 PM: owner@www.pollstar[1].txt (ID = 3152)
9:57 PM: owner@www.screensavers[1].txt (ID = 3298)
9:57 PM: owner@www.seeq[1].txt (ID = 3332)
9:57 PM: owner@www48.seeq[1].txt (ID = 3332)
9:57 PM: Found Spy Cookie: adserver cookie
9:57 PM: owner@z1.adserver[1].txt (ID = 2142)
9:57 PM: Cookie Sweep Complete, Elapsed Time: 00:00:29
9:57 PM: Starting File Sweep
9:57 PM: Found Adware: bullguard popup ad
9:57 PM: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409)
9:57 PM: c:\program files\common files\winsoftware (2 subtraces) (ID = -2147476682)
10:17 PM: setup.exe (ID = 158822)
10:22 PM: df_kmd.sys (ID = 146298)
10:24 PM: winfixer2005setup.exe (ID = 158827)
10:36 PM: bulldownload.exe (ID = 52017)
10:36 PM: crxml.dll (ID = 119203)
10:38 PM: hoo65.tmp (ID = 91130)
10:49 PM: a0032663.dll (ID = 70604)
10:53 PM: Warning: Invalid file - not a PKZip file
10:53 PM: Warning: Invalid file - not a PKZip file
10:54 PM: Warning: Invalid file - not a PKZip file
10:54 PM: Warning: Unhandled Archive Type
10:55 PM: Warning: Invalid file - not a PKZip file
10:55 PM: Warning: Invalid file - not a PKZip file
10:55 PM: Warning: Invalid file - not a PKZip file
10:55 PM: Warning: Invalid file - not a PKZip file
10:55 PM: Warning: Invalid file - not a PKZip file
10:55 PM: Warning: Invalid file - not a PKZip file
10:55 PM: Warning: Invalid Stream
10:55 PM: Warning: Invalid file - not a PKZip file
10:56 PM: File Sweep Complete, Elapsed Time: 00:59:34
10:56 PM: Full Sweep has completed. Elapsed time 01:06:12
10:56 PM: Traces Found: 277
11:06 PM: Removal process initiated
11:07 PM: Quarantining All Traces: 180search assistant/zango
11:07 PM: Quarantining All Traces: virtumonde
11:07 PM: virtumonde is in use. It will be removed on reboot.
11:07 PM: C:\WINDOWS\system32\mllmm.dll is in use. It will be removed on reboot.
11:07 PM: C:\WINDOWS\system32\vturo.dll is in use. It will be removed on reboot.
11:07 PM: Quarantining All Traces: bullguard popup ad
11:07 PM: Quarantining All Traces: winantispyware 2005
11:07 PM: Quarantining All Traces: 123count cookie
11:07 PM: Quarantining All Traces: 216.221.138 cookie
11:07 PM: Quarantining All Traces: 247realmedia cookie
11:07 PM: Quarantining All Traces: 2o7.net cookie
11:07 PM: Quarantining All Traces: 3 cookie
11:07 PM: Quarantining All Traces: 360i cookie
11:07 PM: Quarantining All Traces: 4u.pl cookie
11:07 PM: Quarantining All Traces: 64.62.232 cookie
11:07 PM: Quarantining All Traces: 888 cookie
11:07 PM: Quarantining All Traces: a cookie
11:07 PM: Quarantining All Traces: abcsearch cookie
11:07 PM: Quarantining All Traces: addynamix cookie
11:07 PM: Quarantining All Traces: adjuggler cookie
11:07 PM: Quarantining All Traces: adknowledge cookie
11:07 PM: Quarantining All Traces: adprofile cookie
11:07 PM: Quarantining All Traces: adrevolver cookie
11:07 PM: Quarantining All Traces: ads.tripod.lycos.com cookie
11:07 PM: Quarantining All Traces: adserv.aavalue.com cookie
11:07 PM: Quarantining All Traces: adserver cookie
11:07 PM: Quarantining All Traces: advertising cookie
11:07 PM: Quarantining All Traces: alt cookie
11:07 PM: Quarantining All Traces: ask cookie
11:07 PM: Quarantining All Traces: askmen cookie
11:07 PM: Quarantining All Traces: atlas dmt cookie
11:07 PM: Quarantining All Traces: banner cookie
11:07 PM: Quarantining All Traces: banners cookie
11:07 PM: Quarantining All Traces: belnk cookie
11:07 PM: Quarantining All Traces: bestmovies cookie
11:07 PM: Quarantining All Traces: bizrate cookie
11:07 PM: Quarantining All Traces: bluestreak cookie
11:07 PM: Quarantining All Traces: brazilwelcomesyou cookie
11:07 PM: Quarantining All Traces: casalemedia cookie
11:07 PM: Quarantining All Traces: ccbill cookie
11:07 PM: Quarantining All Traces: centrport net cookie
11:07 PM: Quarantining All Traces: counter cookie
11:07 PM: Quarantining All Traces: customer cookie
11:07 PM: Quarantining All Traces: dealtime cookie
11:07 PM: Quarantining All Traces: directroi cookie
11:07 PM: Quarantining All Traces: eroticy cookie
11:07 PM: Quarantining All Traces: falkag cookie
11:07 PM: Quarantining All Traces: fastclick cookie
11:07 PM: Quarantining All Traces: fe.lea.lycos.com cookie
11:07 PM: Quarantining All Traces: fortunecity cookie
11:07 PM: Quarantining All Traces: gangbangsquad cookie
11:07 PM: Quarantining All Traces: go.com cookie
11:07 PM: Quarantining All Traces: hbmediapro cookie
11:07 PM: Quarantining All Traces: herfirstanalsex cookie
11:07 PM: Quarantining All Traces: herfirstlesbiansex cookie
11:07 PM: Quarantining All Traces: homestore cookie
11:07 PM: Quarantining All Traces: howstuffworks cookie
11:07 PM: Quarantining All Traces: humanclick cookie
11:07 PM: Quarantining All Traces: ic-live cookie
11:07 PM: Quarantining All Traces: joetec.net cookie
11:07 PM: Quarantining All Traces: kount cookie
11:07 PM: Quarantining All Traces: l2m.net cookie
11:07 PM: Quarantining All Traces: linksynergy cookie
11:07 PM: Quarantining All Traces: maxserving cookie
11:07 PM: Quarantining All Traces: metareward.com cookie
11:07 PM: Quarantining All Traces: nextag cookie
11:07 PM: Quarantining All Traces: one-time-offer cookie
11:07 PM: Quarantining All Traces: outster cookie
11:07 PM: Quarantining All Traces: partnerweekly cookie
11:07 PM: Quarantining All Traces: passion cookie
11:07 PM: Quarantining All Traces: paypopup cookie
11:07 PM: Quarantining All Traces: ping cookie
11:07 PM: Quarantining All Traces: pointroll cookie
11:07 PM: Quarantining All Traces: pollstar cookie
11:07 PM: Quarantining All Traces: porngraph cookie
11:07 PM: Quarantining All Traces: pricegrabber cookie
11:07 PM: Quarantining All Traces: pub cookie
11:07 PM: Quarantining All Traces: qsrch cookie
11:07 PM: Quarantining All Traces: questionmarket cookie
11:07 PM: Quarantining All Traces: realmedia cookie
11:07 PM: Quarantining All Traces: reliablestats cookie
11:07 PM: Quarantining All Traces: reunion cookie
11:07 PM: Quarantining All Traces: revenue.net cookie
11:07 PM: Quarantining All Traces: rn11 cookie
11:07 PM: Quarantining All Traces: ru4 cookie
11:07 PM: Quarantining All Traces: sandboxer cookie
11:07 PM: Quarantining All Traces: screensavers.com cookie
11:07 PM: Quarantining All Traces: seeq cookie
11:07 PM: Quarantining All Traces: servedby advertising cookie
11:07 PM: Quarantining All Traces: servlet cookie
11:07 PM: Quarantining All Traces: sexsuche cookie
11:07 PM: Quarantining All Traces: starware.com cookie
11:07 PM: Quarantining All Traces: statcounter cookie
11:07 PM: Quarantining All Traces: targetnet cookie
11:07 PM: Quarantining All Traces: teensforcash cookie
11:07 PM: Quarantining All Traces: tracking cookie
11:07 PM: Quarantining All Traces: trafficmp cookie
11:07 PM: Quarantining All Traces: trb.com cookie
11:07 PM: Quarantining All Traces: tribalfusion cookie
11:07 PM: Quarantining All Traces: tripod cookie
11:07 PM: Quarantining All Traces: webpower cookie
11:07 PM: Quarantining All Traces: webtrendslive cookie
11:07 PM: Quarantining All Traces: wegcash cookie
11:07 PM: Quarantining All Traces: winantiviruspro cookie
11:07 PM: Quarantining All Traces: yieldmanager cookie
11:07 PM: Quarantining All Traces: zango cookie
11:07 PM: Warning: Timed out waiting for explorer.exe
11:07 PM: Warning: Launched explorer.exe
11:07 PM: Warning: Quarantine process could not restart Explorer.
11:08 PM: Preparing to restart your computer. Please wait...
11:08 PM: Removal process completed. Elapsed time 00:01:49
********
9:44 PM: | Start of Session, Saturday, November 05, 2005 |
9:44 PM: Spy Sweeper started
9:44 PM: Sweep initiated using definitions version 567
9:44 PM: Starting Memory Sweep
9:44 PM: Found Adware: virtumonde
9:44 PM: Detected running threat: C:\WINDOWS\system32\mllmm.dll (ID = 77)
9:44 PM: Detected running threat: C:\WINDOWS\system32\vturo.dll (ID = 77)
9:48 PM: Sweep Canceled
9:48 PM: Memory Sweep Complete, Elapsed Time: 00:04:27
9:48 PM: Traces Found: 2
9:50 PM: | End of Session, Saturday, November 05, 2005 |
********
9:43 PM: | Start of Session, Saturday, November 05, 2005 |
9:43 PM: Spy Sweeper started
9:44 PM: Your spyware definitions have been updated.
9:44 PM: | End of Session, Saturday, November 05, 2005 |
  • 0

#8
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Good job Dcutie :tazz:

Can you now show me a new hijack log? And we will see what else we have to do. :)
  • 0

#9
Dcutie

Dcutie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, here is my new hijack this log. . . .

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\DOCUME~1\Dawn\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Documents and Settings\Dawn\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-ca10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

Thank you so much for the help. I haven't had any Winfixer pop ups or anything since I ran that program.

D-
  • 0

#10
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello again :tazz:

Still a couple things to remove.

Fire up hijack this, press scan only and place a check next to these.

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Close all browsers and click fix on hijack this.

Find your way to this file and delete if found.

C:\WINDOWS\ALCXMNTR.EXE <--This file

Reboot and show me a new log please. :)
  • 0

#11
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP